Added anonymous token support for piston.

quodlibetor · Jun 6, 2011 · 7128022 · 7128022
1 parent 8950537
commit 7128022
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 13 deletions.
diff --git a/piston/models.py b/piston/models.py
@@ -93,6 +93,9 @@ class Token(models.Model):
     def __unicode__(self):
         return u"%s Token %s for %s" % (self.get_token_type_display(), self.key, self.consumer)
 
+    def is_anonymous(self):
+        return False
+
     def to_string(self, only_key=False):
         token_dict = {
             'oauth_token': self.key,

diff --git a/piston/oauth.py b/piston/oauth.py
@@ -30,6 +30,8 @@
 import hmac
 import binascii
 
+from piston.utils import AnonymousToken
+
 
 VERSION = '1.0' # Hi Blaine!
 HTTP_METHOD = 'GET'
@@ -358,7 +360,7 @@ def _split_header(header):
 
     def _split_url_string(param_str):
         """Turn URL string into parameters."""
-        parameters = cgi.parse_qs(param_str, keep_blank_values=False)
+        parameters = cgi.parse_qs(param_str, keep_blank_values=True)
         for k, v in parameters.iteritems():
             parameters[k] = urllib.unquote(v[0])
         return parameters
@@ -434,6 +436,11 @@ def verify_request(self, oauth_request):
 
         # Get the access token.
         token = self._get_token(oauth_request, 'access')
+
+        if token.is_anonymous():
+            # Update consumer
+            token.consumer = consumer
+
         self._check_signature(oauth_request, consumer, token)
         parameters = oauth_request.get_nonoauth_parameters()
         return consumer, token, parameters
@@ -486,10 +493,14 @@ def _get_consumer(self, oauth_request):
 
     def _get_token(self, oauth_request, token_type='access'):
         """Try to find the token for the provided request token key."""
+
         token_field = oauth_request.get_parameter('oauth_token')
-        token = self.data_store.lookup_token(token_type, token_field)
-        if not token:
-            raise OAuthError('Invalid %s token: %s' % (token_type, token_field))
+
+        if not token_field:
+            token = AnonymousToken(token_type)
+        else:
+            token = self.data_store.lookup_token(token_type, token_field)
+
         return token
 
     def _get_verifier(self, oauth_request):
@@ -619,9 +630,10 @@ def build_signature_base_string(self, oauth_request, consumer, token):
         )
 
         key = '%s&' % escape(consumer.secret)
-        if token:
+        if not token.is_anonymous():
             key += escape(token.secret)
         raw = '&'.join(sig)
+
         return key, raw
 
     def build_signature(self, oauth_request, consumer, token):
@@ -649,7 +661,7 @@ def get_name(self):
     def build_signature_base_string(self, oauth_request, consumer, token):
         """Concatenates the consumer key and secret."""
         sig = '%s&' % escape(consumer.secret)
-        if token:
+        if not token.is_anonymous():
             sig = sig + escape(token.secret)
         return sig, sig
 

diff --git a/piston/store.py b/piston/store.py
@@ -3,6 +3,7 @@
 from models import Nonce, Token, Consumer
 from models import generate_random, VERIFIER_SIZE
 
+
 class DataStore(oauth.OAuthDataStore):
     """Layer between Python OAuth and Django database."""
     def __init__(self, oauth_request):
@@ -30,7 +31,7 @@ def lookup_token(self, token_type, token):
             return None
 
     def lookup_nonce(self, oauth_consumer, oauth_token, nonce):
-        if oauth_token is None:
+        if oauth_token.is_anonymous():
             return None
         nonce, created = Nonce.objects.get_or_create(consumer_key=oauth_consumer.key,
                                                      token_key=oauth_token.key,

diff --git a/piston/utils.py b/piston/utils.py
@@ -1,15 +1,18 @@
 import time
-from django.http import HttpResponseNotAllowed, HttpResponseForbidden, HttpResponse, HttpResponseBadRequest
+
+from datetime import datetime, timedelta
+from decorator import decorator
+
+from django import get_version as django_version
+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser
 from django.core.urlresolvers import reverse
 from django.core.cache import cache
-from django import get_version as django_version
 from django.core.mail import send_mail, mail_admins
-from django.conf import settings
-from django.utils.translation import ugettext as _
+from django.http import HttpResponseNotAllowed, HttpResponseForbidden, HttpResponse, HttpResponseBadRequest
 from django.template import loader, TemplateDoesNotExist
-from decorator import decorator
+from django.utils.translation import ugettext as _
 
-from datetime import datetime, timedelta
 
 __version__ = '0.2.3rc1'
 
@@ -82,6 +85,23 @@ class HttpStatusCode(Exception):
     def __init__(self, response):
         self.response = response
 
+class AnonymousToken(object):
+    def __init__(self, token_type):
+        from piston.models import Token
+        self.user = AnonymousUser()
+        if token_type == 'request':
+            self.type = Token.REQUEST
+        elif token_type == 'access':
+            self.type = Token.ACCESS
+
+        self.consumer = None
+        self.key = ''
+        self.secret = ''
+
+    def is_anonymous(self):
+        return True
+
+
 def validate(v_form, operation='POST'):
     @decorator
     def wrap(f, self, request, *a, **kwa):