diff options
Diffstat (limited to 'mediagoblin/tools/request.py')
-rw-r--r-- | mediagoblin/tools/request.py | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/mediagoblin/tools/request.py b/mediagoblin/tools/request.py index d4739039..7e1973d3 100644 --- a/mediagoblin/tools/request.py +++ b/mediagoblin/tools/request.py @@ -16,7 +16,12 @@ import json import logging -from mediagoblin.db.models import User + +import six +from werkzeug.http import parse_options_header + +from mediagoblin.db.models import User, AccessToken +from mediagoblin.oauth.tools.request import decode_authorization_header _log = logging.getLogger(__name__) @@ -31,6 +36,18 @@ def setup_user_in_request(request): Examine a request and tack on a request.user parameter if that's appropriate. """ + # If API request the user will be associated with the access token + authorization = decode_authorization_header(request.headers) + + if authorization.get(u"access_token"): + # Check authorization header. + token = authorization[u"oauth_token"] + token = AccessToken.query.filter_by(token=token).first() + if token is not None: + request.user = token.user + return + + if 'user_id' not in request.session: request.user = None return @@ -45,11 +62,12 @@ def setup_user_in_request(request): def decode_request(request): """ Decodes a request based on MIME-Type """ - data = request.get_data() - - if request.content_type == json_encoded: - data = json.loads(data) - elif request.content_type == form_encoded or request.content_type == "": + data = request.data + content_type, _ = parse_options_header(request.content_type) + + if content_type == json_encoded: + data = json.loads(six.text_type(data, "utf-8")) + elif content_type == form_encoded or content_type == "": data = request.form else: data = "" |