diff options
Diffstat (limited to 'mediagoblin')
| -rw-r--r-- | mediagoblin/decorators.py | 20 | ||||
| -rw-r--r-- | mediagoblin/federation/oauth.py | 2 | ||||
| -rw-r--r-- | mediagoblin/federation/routing.py | 6 | ||||
| -rw-r--r-- | mediagoblin/federation/views.py | 8 |
4 files changed, 31 insertions, 5 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 1fdb78d7..ad36f376 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -18,6 +18,7 @@ from functools import wraps from urlparse import urljoin from werkzeug.exceptions import Forbidden, NotFound +from oauthlib.oauth1 import ResourceEndpoint from mediagoblin import mg_globals as mgg from mediagoblin import messages @@ -271,7 +272,7 @@ def auth_enabled(controller): return wrapper -def oauth_requeired(controller): +def oauth_required(controller): """ Used to wrap API endpoints where oauth is required """ @wraps(controller) def wrapper(request, *args, **kwargs): @@ -282,5 +283,18 @@ def oauth_requeired(controller): error = "Missing required parameter." return json_response({"error": error}, status=400) - - + + request_validator = GMGRequestValidator() + resource_endpoint = ResourceEndpoint(request_validator) + valid, request = resource_endpoint.validate_protected_resource_request( + uri=request.url, + http_method=request.method, + body=request.get_data(), + headers=dict(request.headers), + ) + #print "[VALID] %s" % valid + #print "[REQUEST] %s" % request + + return controller(request, *args, **kwargs) + + return wrapper diff --git a/mediagoblin/federation/oauth.py b/mediagoblin/federation/oauth.py index c94b0a9d..ff45882d 100644 --- a/mediagoblin/federation/oauth.py +++ b/mediagoblin/federation/oauth.py @@ -24,6 +24,8 @@ from mediagoblin.db.models import Client, RequestToken, AccessToken class GMGRequestValidator(RequestValidator): + enforce_ssl = False + def __init__(self, data=None): self.POST = data diff --git a/mediagoblin/federation/routing.py b/mediagoblin/federation/routing.py index f7e6f72c..5dc71456 100644 --- a/mediagoblin/federation/routing.py +++ b/mediagoblin/federation/routing.py @@ -41,3 +41,9 @@ add_route( "/oauth/access_token", "mediagoblin.federation.views:access_token" ) + +add_route( + "mediagoblin.federation", + "/api/test", + "mediagoblin.federation.views:test" + ) diff --git a/mediagoblin/federation/views.py b/mediagoblin/federation/views.py index 29b5647e..c538f4cb 100644 --- a/mediagoblin/federation/views.py +++ b/mediagoblin/federation/views.py @@ -19,7 +19,7 @@ import datetime from oauthlib.oauth1 import (AuthorizationEndpoint, RequestValidator, RequestTokenEndpoint, AccessTokenEndpoint) -from mediagoblin.decorators import require_active_login +from mediagoblin.decorators import require_active_login, oauth_required from mediagoblin.tools.translate import pass_to_ugettext from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.tools.request import decode_request @@ -337,4 +337,8 @@ def access_token(request): av = AccessTokenEndpoint(request_validator) tokens = av.create_access_token(request, {}) return form_response(tokens) - + +@csrf_exempt +@oauth_required +def test(request): + return json_response({"check":"OK"}) |