diff options
Diffstat (limited to 'mediagoblin/decorators.py')
-rw-r--r-- | mediagoblin/decorators.py | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index ca7be53c..685d0d98 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -18,13 +18,16 @@ from functools import wraps from urlparse import urljoin from werkzeug.exceptions import Forbidden, NotFound +from oauthlib.oauth1 import ResourceEndpoint from mediagoblin import mg_globals as mgg from mediagoblin import messages from mediagoblin.db.models import MediaEntry, User -from mediagoblin.tools.response import redirect, render_404 +from mediagoblin.tools.response import json_response, redirect, render_404 from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.oauth.tools.request import decode_authorization_header +from mediagoblin.oauth.oauth import GMGRequestValidator def require_active_login(controller): """ @@ -268,3 +271,32 @@ def auth_enabled(controller): return controller(request, *args, **kwargs) return wrapper + +def oauth_required(controller): + """ Used to wrap API endpoints where oauth is required """ + @wraps(controller) + def wrapper(request, *args, **kwargs): + data = request.headers + authorization = decode_authorization_header(data) + + if authorization == dict(): + error = "Missing required parameter." + return json_response({"error": error}, status=400) + + + request_validator = GMGRequestValidator() + resource_endpoint = ResourceEndpoint(request_validator) + valid, request = resource_endpoint.validate_protected_resource_request( + uri=request.url, + http_method=request.method, + body=request.get_data(), + headers=dict(request.headers), + ) + + if not valid: + error = "Invalid oauth prarameter." + return json_response({"error": error}, status=400) + + return controller(request, *args, **kwargs) + + return wrapper |