|
MythTV
0.26-pre
|
|
MythTV
0.26-pre
|
00001 """ 00002 The MIT License 00003 00004 Copyright (c) 2007 Leah Culver 00005 00006 Permission is hereby granted, free of charge, to any person obtaining a copy 00007 of this software and associated documentation files (the "Software"), to deal 00008 in the Software without restriction, including without limitation the rights 00009 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 00010 copies of the Software, and to permit persons to whom the Software is 00011 furnished to do so, subject to the following conditions: 00012 00013 The above copyright notice and this permission notice shall be included in 00014 all copies or substantial portions of the Software. 00015 00016 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 00017 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 00018 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 00019 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 00020 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 00021 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 00022 THE SOFTWARE. 00023 """ 00024 00025 import cgi 00026 import urllib 00027 import time 00028 import random 00029 import urlparse 00030 import hmac 00031 import binascii 00032 00033 00034 VERSION = '1.0' # Hi Blaine! 00035 HTTP_METHOD = 'GET' 00036 SIGNATURE_METHOD = 'PLAINTEXT' 00037 00038 00039 class OAuthError(RuntimeError): 00040 """Generic exception class.""" 00041 def __init__(self, message='OAuth error occured.'): 00042 self.message = message 00043 00044 def build_authenticate_header(realm=''): 00045 """Optional WWW-Authenticate header (401 error)""" 00046 return {'WWW-Authenticate': 'OAuth realm="%s"' % realm} 00047 00048 def escape(s): 00049 """Escape a URL including any /.""" 00050 return urllib.quote(s, safe='~') 00051 00052 def _utf8_str(s): 00053 """Convert unicode to utf-8.""" 00054 if isinstance(s, unicode): 00055 return s.encode("utf-8") 00056 else: 00057 return str(s) 00058 00059 def generate_timestamp(): 00060 """Get seconds since epoch (UTC).""" 00061 return int(time.time()) 00062 00063 def generate_nonce(length=8): 00064 """Generate pseudorandom number.""" 00065 return ''.join([str(random.randint(0, 9)) for i in range(length)]) 00066 00067 def generate_verifier(length=8): 00068 """Generate pseudorandom number.""" 00069 return ''.join([str(random.randint(0, 9)) for i in range(length)]) 00070 00071 00072 class OAuthConsumer(object): 00073 """Consumer of OAuth authentication. 00074 00075 OAuthConsumer is a data type that represents the identity of the Consumer 00076 via its shared secret with the Service Provider. 00077 00078 """ 00079 key = None 00080 secret = None 00081 00082 def __init__(self, key, secret): 00083 self.key = key 00084 self.secret = secret 00085 00086 00087 class OAuthToken(object): 00088 """OAuthToken is a data type that represents an End User via either an access 00089 or request token. 00090 00091 key -- the token 00092 secret -- the token secret 00093 00094 """ 00095 key = None 00096 secret = None 00097 callback = None 00098 callback_confirmed = None 00099 verifier = None 00100 00101 def __init__(self, key, secret): 00102 self.key = key 00103 self.secret = secret 00104 00105 def set_callback(self, callback): 00106 self.callback = callback 00107 self.callback_confirmed = 'true' 00108 00109 def set_verifier(self, verifier=None): 00110 if verifier is not None: 00111 self.verifier = verifier 00112 else: 00113 self.verifier = generate_verifier() 00114 00115 def get_callback_url(self): 00116 if self.callback and self.verifier: 00117 # Append the oauth_verifier. 00118 parts = urlparse.urlparse(self.callback) 00119 scheme, netloc, path, params, query, fragment = parts[:6] 00120 if query: 00121 query = '%s&oauth_verifier=%s' % (query, self.verifier) 00122 else: 00123 query = 'oauth_verifier=%s' % self.verifier 00124 return urlparse.urlunparse((scheme, netloc, path, params, 00125 query, fragment)) 00126 return self.callback 00127 00128 def to_string(self): 00129 data = { 00130 'oauth_token': self.key, 00131 'oauth_token_secret': self.secret, 00132 } 00133 if self.callback_confirmed is not None: 00134 data['oauth_callback_confirmed'] = self.callback_confirmed 00135 return urllib.urlencode(data) 00136 00137 def from_string(s): 00138 """ Returns a token from something like: 00139 oauth_token_secret=xxx&oauth_token=xxx 00140 """ 00141 params = cgi.parse_qs(s, keep_blank_values=False) 00142 key = params['oauth_token'][0] 00143 secret = params['oauth_token_secret'][0] 00144 token = OAuthToken(key, secret) 00145 try: 00146 token.callback_confirmed = params['oauth_callback_confirmed'][0] 00147 except KeyError: 00148 pass # 1.0, no callback confirmed. 00149 return token 00150 from_string = staticmethod(from_string) 00151 00152 def __str__(self): 00153 return self.to_string() 00154 00155 00156 class OAuthRequest(object): 00157 """OAuthRequest represents the request and can be serialized. 00158 00159 OAuth parameters: 00160 - oauth_consumer_key 00161 - oauth_token 00162 - oauth_signature_method 00163 - oauth_signature 00164 - oauth_timestamp 00165 - oauth_nonce 00166 - oauth_version 00167 - oauth_verifier 00168 ... any additional parameters, as defined by the Service Provider. 00169 """ 00170 parameters = None # OAuth parameters. 00171 http_method = HTTP_METHOD 00172 http_url = None 00173 version = VERSION 00174 00175 def __init__(self, http_method=HTTP_METHOD, http_url=None, parameters=None): 00176 self.http_method = http_method 00177 self.http_url = http_url 00178 self.parameters = parameters or {} 00179 00180 def set_parameter(self, parameter, value): 00181 self.parameters[parameter] = value 00182 00183 def get_parameter(self, parameter): 00184 try: 00185 return self.parameters[parameter] 00186 except: 00187 raise OAuthError('Parameter not found: %s' % parameter) 00188 00189 def _get_timestamp_nonce(self): 00190 return self.get_parameter('oauth_timestamp'), self.get_parameter( 00191 'oauth_nonce') 00192 00193 def get_nonoauth_parameters(self): 00194 """Get any non-OAuth parameters.""" 00195 parameters = {} 00196 for k, v in self.parameters.iteritems(): 00197 # Ignore oauth parameters. 00198 if k.find('oauth_') < 0: 00199 parameters[k] = v 00200 return parameters 00201 00202 def to_header(self, realm=''): 00203 """Serialize as a header for an HTTPAuth request.""" 00204 auth_header = 'OAuth realm="%s"' % realm 00205 # Add the oauth parameters. 00206 if self.parameters: 00207 for k, v in self.parameters.iteritems(): 00208 if k[:6] == 'oauth_': 00209 auth_header += ', %s="%s"' % (k, escape(str(v))) 00210 return {'Authorization': auth_header} 00211 00212 def to_postdata(self): 00213 """Serialize as post data for a POST request.""" 00214 return '&'.join(['%s=%s' % (escape(str(k)), escape(str(v))) \ 00215 for k, v in self.parameters.iteritems()]) 00216 00217 def to_url(self): 00218 """Serialize as a URL for a GET request.""" 00219 return '%s?%s' % (self.get_normalized_http_url(), self.to_postdata()) 00220 00221 def get_normalized_parameters(self): 00222 """Return a string that contains the parameters that must be signed.""" 00223 params = self.parameters 00224 try: 00225 # Exclude the signature if it exists. 00226 del params['oauth_signature'] 00227 except: 00228 pass 00229 # Escape key values before sorting. 00230 key_values = [(_utf8_str(k), _utf8_str(v)) \ 00231 for k,v in params.items()] 00232 # Sort lexicographically, first after key, then after value. 00233 key_values.sort() 00234 # Combine key value pairs into a string. 00235 return '&'.join(['%s=%s' % (k, v) for k, v in key_values]) 00236 00237 def get_normalized_http_method(self): 00238 """Uppercases the http method.""" 00239 return self.http_method.upper() 00240 00241 def get_normalized_http_url(self): 00242 """Parses the URL and rebuilds it to be scheme://host/path.""" 00243 parts = urlparse.urlparse(self.http_url) 00244 scheme, netloc, path = parts[:3] 00245 # Exclude default port numbers. 00246 if scheme == 'http' and netloc[-3:] == ':80': 00247 netloc = netloc[:-3] 00248 elif scheme == 'https' and netloc[-4:] == ':443': 00249 netloc = netloc[:-4] 00250 return '%s://%s%s' % (scheme, netloc, path) 00251 00252 def sign_request(self, signature_method, consumer, token): 00253 """Set the signature parameter to the result of build_signature.""" 00254 # Set the signature method. 00255 self.set_parameter('oauth_signature_method', 00256 signature_method.get_name()) 00257 # Set the signature. 00258 self.set_parameter('oauth_signature', 00259 self.build_signature(signature_method, consumer, token)) 00260 00261 def build_signature(self, signature_method, consumer, token): 00262 """Calls the build signature method within the signature method.""" 00263 return signature_method.build_signature(self, consumer, token) 00264 00265 def from_request(http_method, http_url, headers=None, parameters=None, 00266 query_string=None): 00267 """Combines multiple parameter sources.""" 00268 if parameters is None: 00269 parameters = {} 00270 00271 # Headers 00272 if headers and 'Authorization' in headers: 00273 auth_header = headers['Authorization'] 00274 # Check that the authorization header is OAuth. 00275 if auth_header[:6] == 'OAuth ': 00276 auth_header = auth_header[6:] 00277 try: 00278 # Get the parameters from the header. 00279 header_params = OAuthRequest._split_header(auth_header) 00280 parameters.update(header_params) 00281 except: 00282 raise OAuthError('Unable to parse OAuth parameters from ' 00283 'Authorization header.') 00284 00285 # GET or POST query string. 00286 if query_string: 00287 query_params = OAuthRequest._split_url_string(query_string) 00288 parameters.update(query_params) 00289 00290 # URL parameters. 00291 param_str = urlparse.urlparse(http_url)[4] # query 00292 url_params = OAuthRequest._split_url_string(param_str) 00293 parameters.update(url_params) 00294 00295 if parameters: 00296 return OAuthRequest(http_method, http_url, parameters) 00297 00298 return None 00299 from_request = staticmethod(from_request) 00300 00301 def from_consumer_and_token(oauth_consumer, token=None, 00302 callback=None, verifier=None, http_method=HTTP_METHOD, 00303 http_url=None, parameters=None): 00304 if not parameters: 00305 parameters = {} 00306 00307 defaults = { 00308 'oauth_consumer_key': oauth_consumer.key, 00309 'oauth_timestamp': generate_timestamp(), 00310 'oauth_nonce': generate_nonce(), 00311 'oauth_version': OAuthRequest.version, 00312 } 00313 00314 defaults.update(parameters) 00315 parameters = defaults 00316 00317 if token: 00318 parameters['oauth_token'] = token.key 00319 if token.callback: 00320 parameters['oauth_callback'] = token.callback 00321 # 1.0a support for verifier. 00322 if verifier: 00323 parameters['oauth_verifier'] = verifier 00324 elif callback: 00325 # 1.0a support for callback in the request token request. 00326 parameters['oauth_callback'] = callback 00327 return OAuthRequest(http_method, http_url, parameters) 00328 from_consumer_and_token = staticmethod(from_consumer_and_token) 00329 00330 def from_token_and_callback(token, callback=None, http_method=HTTP_METHOD, 00331 http_url=None, parameters=None): 00332 if not parameters: 00333 parameters = {} 00334 00335 parameters['oauth_token'] = token.key 00336 00337 if callback: 00338 parameters['oauth_callback'] = callback 00339 00340 return OAuthRequest(http_method, http_url, parameters) 00341 from_token_and_callback = staticmethod(from_token_and_callback) 00342 00343 def _split_header(header): 00344 """Turn Authorization: header into parameters.""" 00345 params = {} 00346 parts = header.split(',') 00347 for param in parts: 00348 # Ignore realm parameter. 00349 if param.find('realm') > -1: 00350 continue 00351 # Remove whitespace. 00352 param = param.strip() 00353 # Split key-value. 00354 param_parts = param.split('=', 1) 00355 # Remove quotes and unescape the value. 00356 params[param_parts[0]] = urllib.unquote(param_parts[1].strip('\"')) 00357 return params 00358 _split_header = staticmethod(_split_header) 00359 00360 def _split_url_string(param_str): 00361 """Turn URL string into parameters.""" 00362 parameters = cgi.parse_qs(param_str, keep_blank_values=False) 00363 for k, v in parameters.iteritems(): 00364 parameters[k] = urllib.unquote(v[0]) 00365 return parameters 00366 _split_url_string = staticmethod(_split_url_string) 00367 00368 class OAuthServer(object): 00369 """A worker to check the validity of a request against a data store.""" 00370 timestamp_threshold = 300 # In seconds, five minutes. 00371 version = VERSION 00372 signature_methods = None 00373 data_store = None 00374 00375 def __init__(self, data_store=None, signature_methods=None): 00376 self.data_store = data_store 00377 self.signature_methods = signature_methods or {} 00378 00379 def set_data_store(self, data_store): 00380 self.data_store = data_store 00381 00382 def get_data_store(self): 00383 return self.data_store 00384 00385 def add_signature_method(self, signature_method): 00386 self.signature_methods[signature_method.get_name()] = signature_method 00387 return self.signature_methods 00388 00389 def fetch_request_token(self, oauth_request): 00390 """Processes a request_token request and returns the 00391 request token on success. 00392 """ 00393 try: 00394 # Get the request token for authorization. 00395 token = self._get_token(oauth_request, 'request') 00396 except OAuthError: 00397 # No token required for the initial token request. 00398 version = self._get_version(oauth_request) 00399 consumer = self._get_consumer(oauth_request) 00400 try: 00401 callback = self.get_callback(oauth_request) 00402 except OAuthError: 00403 callback = None # 1.0, no callback specified. 00404 self._check_signature(oauth_request, consumer, None) 00405 # Fetch a new token. 00406 token = self.data_store.fetch_request_token(consumer, callback) 00407 return token 00408 00409 def fetch_access_token(self, oauth_request): 00410 """Processes an access_token request and returns the 00411 access token on success. 00412 """ 00413 version = self._get_version(oauth_request) 00414 consumer = self._get_consumer(oauth_request) 00415 try: 00416 verifier = self._get_verifier(oauth_request) 00417 except OAuthError: 00418 verifier = None 00419 # Get the request token. 00420 token = self._get_token(oauth_request, 'request') 00421 self._check_signature(oauth_request, consumer, token) 00422 new_token = self.data_store.fetch_access_token(consumer, token, verifier) 00423 return new_token 00424 00425 def verify_request(self, oauth_request): 00426 """Verifies an api call and checks all the parameters.""" 00427 # -> consumer and token 00428 version = self._get_version(oauth_request) 00429 consumer = self._get_consumer(oauth_request) 00430 # Get the access token. 00431 token = self._get_token(oauth_request, 'access') 00432 self._check_signature(oauth_request, consumer, token) 00433 parameters = oauth_request.get_nonoauth_parameters() 00434 return consumer, token, parameters 00435 00436 def authorize_token(self, token, user): 00437 """Authorize a request token.""" 00438 return self.data_store.authorize_request_token(token, user) 00439 00440 def get_callback(self, oauth_request): 00441 """Get the callback URL.""" 00442 return oauth_request.get_parameter('oauth_callback') 00443 00444 def build_authenticate_header(self, realm=''): 00445 """Optional support for the authenticate header.""" 00446 return {'WWW-Authenticate': 'OAuth realm="%s"' % realm} 00447 00448 def _get_version(self, oauth_request): 00449 """Verify the correct version request for this server.""" 00450 try: 00451 version = oauth_request.get_parameter('oauth_version') 00452 except: 00453 version = VERSION 00454 if version and version != self.version: 00455 raise OAuthError('OAuth version %s not supported.' % str(version)) 00456 return version 00457 00458 def _get_signature_method(self, oauth_request): 00459 """Figure out the signature with some defaults.""" 00460 try: 00461 signature_method = oauth_request.get_parameter( 00462 'oauth_signature_method') 00463 except: 00464 signature_method = SIGNATURE_METHOD 00465 try: 00466 # Get the signature method object. 00467 signature_method = self.signature_methods[signature_method] 00468 except: 00469 signature_method_names = ', '.join(self.signature_methods.keys()) 00470 raise OAuthError('Signature method %s not supported try one of the ' 00471 'following: %s' % (signature_method, signature_method_names)) 00472 00473 return signature_method 00474 00475 def _get_consumer(self, oauth_request): 00476 consumer_key = oauth_request.get_parameter('oauth_consumer_key') 00477 consumer = self.data_store.lookup_consumer(consumer_key) 00478 if not consumer: 00479 raise OAuthError('Invalid consumer.') 00480 return consumer 00481 00482 def _get_token(self, oauth_request, token_type='access'): 00483 """Try to find the token for the provided request token key.""" 00484 token_field = oauth_request.get_parameter('oauth_token') 00485 token = self.data_store.lookup_token(token_type, token_field) 00486 if not token: 00487 raise OAuthError('Invalid %s token: %s' % (token_type, token_field)) 00488 return token 00489 00490 def _get_verifier(self, oauth_request): 00491 return oauth_request.get_parameter('oauth_verifier') 00492 00493 def _check_signature(self, oauth_request, consumer, token): 00494 timestamp, nonce = oauth_request._get_timestamp_nonce() 00495 self._check_timestamp(timestamp) 00496 self._check_nonce(consumer, token, nonce) 00497 signature_method = self._get_signature_method(oauth_request) 00498 try: 00499 signature = oauth_request.get_parameter('oauth_signature') 00500 except: 00501 raise OAuthError('Missing signature.') 00502 # Validate the signature. 00503 valid_sig = signature_method.check_signature(oauth_request, consumer, 00504 token, signature) 00505 if not valid_sig: 00506 key, base = signature_method.build_signature_base_string( 00507 oauth_request, consumer, token) 00508 raise OAuthError('Invalid signature. Expected signature base ' 00509 'string: %s' % base) 00510 built = signature_method.build_signature(oauth_request, consumer, token) 00511 00512 def _check_timestamp(self, timestamp): 00513 """Verify that timestamp is recentish.""" 00514 timestamp = int(timestamp) 00515 now = int(time.time()) 00516 lapsed = abs(now - timestamp) 00517 if lapsed > self.timestamp_threshold: 00518 raise OAuthError('Expired timestamp: given %d and now %s has a ' 00519 'greater difference than threshold %d' % 00520 (timestamp, now, self.timestamp_threshold)) 00521 00522 def _check_nonce(self, consumer, token, nonce): 00523 """Verify that the nonce is uniqueish.""" 00524 nonce = self.data_store.lookup_nonce(consumer, token, nonce) 00525 if nonce: 00526 raise OAuthError('Nonce already used: %s' % str(nonce)) 00527 00528 00529 class OAuthClient(object): 00530 """OAuthClient is a worker to attempt to execute a request.""" 00531 consumer = None 00532 token = None 00533 00534 def __init__(self, oauth_consumer, oauth_token): 00535 self.consumer = oauth_consumer 00536 self.token = oauth_token 00537 00538 def get_consumer(self): 00539 return self.consumer 00540 00541 def get_token(self): 00542 return self.token 00543 00544 def fetch_request_token(self, oauth_request): 00545 """-> OAuthToken.""" 00546 raise NotImplementedError 00547 00548 def fetch_access_token(self, oauth_request): 00549 """-> OAuthToken.""" 00550 raise NotImplementedError 00551 00552 def access_resource(self, oauth_request): 00553 """-> Some protected resource.""" 00554 raise NotImplementedError 00555 00556 00557 class OAuthDataStore(object): 00558 """A database abstraction used to lookup consumers and tokens.""" 00559 00560 def lookup_consumer(self, key): 00561 """-> OAuthConsumer.""" 00562 raise NotImplementedError 00563 00564 def lookup_token(self, oauth_consumer, token_type, token_token): 00565 """-> OAuthToken.""" 00566 raise NotImplementedError 00567 00568 def lookup_nonce(self, oauth_consumer, oauth_token, nonce): 00569 """-> OAuthToken.""" 00570 raise NotImplementedError 00571 00572 def fetch_request_token(self, oauth_consumer, oauth_callback): 00573 """-> OAuthToken.""" 00574 raise NotImplementedError 00575 00576 def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier): 00577 """-> OAuthToken.""" 00578 raise NotImplementedError 00579 00580 def authorize_request_token(self, oauth_token, user): 00581 """-> OAuthToken.""" 00582 raise NotImplementedError 00583 00584 00585 class OAuthSignatureMethod(object): 00586 """A strategy class that implements a signature method.""" 00587 def get_name(self): 00588 """-> str.""" 00589 raise NotImplementedError 00590 00591 def build_signature_base_string(self, oauth_request, oauth_consumer, oauth_token): 00592 """-> str key, str raw.""" 00593 raise NotImplementedError 00594 00595 def build_signature(self, oauth_request, oauth_consumer, oauth_token): 00596 """-> str.""" 00597 raise NotImplementedError 00598 00599 def check_signature(self, oauth_request, consumer, token, signature): 00600 built = self.build_signature(oauth_request, consumer, token) 00601 return built == signature 00602 00603 00604 class OAuthSignatureMethod_HMAC_SHA1(OAuthSignatureMethod): 00605 00606 def get_name(self): 00607 return 'HMAC-SHA1' 00608 00609 def build_signature_base_string(self, oauth_request, consumer, token): 00610 sig = ( 00611 escape(oauth_request.get_normalized_http_method()), 00612 escape(oauth_request.get_normalized_http_url()), 00613 escape(oauth_request.get_normalized_parameters()), 00614 ) 00615 00616 key = '%s&' % escape(consumer.secret) 00617 if token: 00618 key += escape(token.secret) 00619 raw = '&'.join(sig) 00620 return key, raw 00621 00622 def build_signature(self, oauth_request, consumer, token): 00623 """Builds the base signature string.""" 00624 key, raw = self.build_signature_base_string(oauth_request, consumer, 00625 token) 00626 # HMAC object. 00627 try: 00628 import hashlib # 2.5 00629 hashed = hmac.new(key, raw, hashlib.sha1) 00630 except: 00631 import sha # Deprecated 00632 hashed = hmac.new(key, raw, sha) 00633 00634 # Calculate the digest base 64. 00635 return binascii.b2a_base64(hashed.digest())[:-1] 00636 00637 00638 class OAuthSignatureMethod_PLAINTEXT(OAuthSignatureMethod): 00639 00640 def get_name(self): 00641 return 'PLAINTEXT' 00642 00643 def build_signature_base_string(self, oauth_request, consumer, token): 00644 """Concatenates the consumer key and secret.""" 00645 sig = '%s&' % escape(consumer.secret) 00646 if token: 00647 sig = sig + escape(token.secret) 00648 return sig, sig 00649 00650 def build_signature(self, oauth_request, consumer, token): 00651 key, raw = self.build_signature_base_string(oauth_request, consumer, 00652 token) 00653 return key
1.7.6.1
