API now uses OAuth

2025-12-14 14:52:15 +00:00 · 2010-04-26 22:24:59 +01:00
parent 7f9d6f0abc
commit cb3efa04e2
5 changed files with 37 additions and 2 deletions
--- a/api/urls.py
+++ b/api/urls.py
@@ -1,10 +1,11 @@
 from django.conf.urls.defaults import *
 from piston.resource import Resource
-from piston.authentication import HttpBasicAuthentication
+from piston.authentication import HttpBasicAuthentication, OAuthAuthentication

 from api.handlers import *

-auth = HttpBasicAuthentication(realm="Auth API")
+auth = OAuthAuthentication()
+#auth = HttpBasicAuthentication(realm="Auth API")
 ad = { 'authentication': auth }
 #ad = {}

@@ -22,3 +23,10 @@ urlpatterns = patterns('',
 #    url(r'^serviceaccount/$', serviceaccount_resource),
 #    url(r'^serviceaccount/(?P<id>\d+)/$', serviceaccount_resource),
 )
+
+urlpatterns += patterns('piston.authentication',
+    url(r'^oauth/request_token/$','oauth_request_token'),
+    url(r'^oauth/authorize/$','oauth_user_auth'),
+    url(r'^oauth/access_token/$','oauth_access_token'),
+)
+
--- a/api/views.py
+++ b/api/views.py
@@ -0,0 +1,4 @@
+from django.http import HttpResponse
+
+def oauth_callback(request, other):
+    return HttpResponse('Fake callback view.')
--- a/settings.py
+++ b/settings.py
@@ -75,6 +75,7 @@ INSTALLED_APPS = (
    'django.contrib.sites',
    'django.contrib.humanize',
    'django_evolution',
+    'piston',
    'registration',
    'eve_proxy',
    'eve_api',
@@ -85,6 +86,10 @@ INSTALLED_APPS = (
    'api',
 )

+# API OAuth
+#OAUTH_AUTH_VIEW = 'api.views.oauth.authorize_oauth'
+OAUTH_CALLBACK_VIEW = 'api.views.oauth_callback'
+
 # Disable the service API, used for data imports
 DISABLE_SERVICES = False

--- a/templates/oauth/challenge.html
+++ b/templates/oauth/challenge.html
--- a/templates/piston/authorize_token.html
+++ b/templates/piston/authorize_token.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+
+{% block title %}OAuth Access Authorization{% endblock %}
+
+{% block content %}
+
+<h1>Access Authorization</h1>
+
+    <p>You have come here because you are in the process of allowing a external application to access your private Auth data. If you are not, then please close this window. Otherwise, please confirm below if you wish to give access to your private Auth data. This can be revoked at any time from the main Auth panel.</p> 
+
+    <form action="{% url piston.authentication.oauth_user_auth %}" method="POST">
+      <table>
+      {{ form.as_table }}
+      </table>
+      <button type="submit">Confirm</button>
+    </form>
+
+{% endblock %}