diff options
| author | Aditi <aditi.iitr@gmail.com> | 2013-08-22 22:34:06 +0530 |
|---|---|---|
| committer | Aditi <aditi.iitr@gmail.com> | 2013-08-22 22:34:06 +0530 |
| commit | 70cc6eb8f383dcc97aeac22216a9da0d65a09085 (patch) | |
| tree | 7f9d646002f2e6db763b1b3e89d9762efb12a544 /mediagoblin/decorators.py | |
| parent | e018b2120ac4131afab6611c84f8cfbe0926e640 (diff) | |
| parent | e7b8059f17c98ee88d933af52b0c4d858e882e8e (diff) | |
| download | mediagoblin-70cc6eb8f383dcc97aeac22216a9da0d65a09085.tar.lz mediagoblin-70cc6eb8f383dcc97aeac22216a9da0d65a09085.tar.xz mediagoblin-70cc6eb8f383dcc97aeac22216a9da0d65a09085.zip | |
Resolve merge conflict and merge.
Diffstat (limited to 'mediagoblin/decorators.py')
| -rw-r--r-- | mediagoblin/decorators.py | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index ca7be53c..685d0d98 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -18,13 +18,16 @@ from functools import wraps from urlparse import urljoin from werkzeug.exceptions import Forbidden, NotFound +from oauthlib.oauth1 import ResourceEndpoint from mediagoblin import mg_globals as mgg from mediagoblin import messages from mediagoblin.db.models import MediaEntry, User -from mediagoblin.tools.response import redirect, render_404 +from mediagoblin.tools.response import json_response, redirect, render_404 from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.oauth.tools.request import decode_authorization_header +from mediagoblin.oauth.oauth import GMGRequestValidator def require_active_login(controller): """ @@ -268,3 +271,32 @@ def auth_enabled(controller): return controller(request, *args, **kwargs) return wrapper + +def oauth_required(controller): + """ Used to wrap API endpoints where oauth is required """ + @wraps(controller) + def wrapper(request, *args, **kwargs): + data = request.headers + authorization = decode_authorization_header(data) + + if authorization == dict(): + error = "Missing required parameter." + return json_response({"error": error}, status=400) + + + request_validator = GMGRequestValidator() + resource_endpoint = ResourceEndpoint(request_validator) + valid, request = resource_endpoint.validate_protected_resource_request( + uri=request.url, + http_method=request.method, + body=request.get_data(), + headers=dict(request.headers), + ) + + if not valid: + error = "Invalid oauth prarameter." + return json_response({"error": error}, status=400) + + return controller(request, *args, **kwargs) + + return wrapper |