当前位置: 首页>>代码示例>>Python>>正文

Python Request.signature_method方法代码示例

本文整理汇总了Python中oauthlib.common.Request.signature_method方法的典型用法代码示例。如果您正苦于以下问题:Python Request.signature_method方法的具体用法?Python Request.signature_method怎么用?Python Request.signature_method使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在oauthlib.common.Request的用法示例。


在下文中一共展示了Request.signature_method方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _create_request

# 需要导入模块: from oauthlib.common import Request [as 别名]
# 或者: from oauthlib.common.Request import signature_method [as 别名]
    def _create_request(self, uri, http_method, body, headers):
        # Only include body data from x-www-form-urlencoded requests
        headers = headers or {}
        if "Content-Type" in headers and CONTENT_TYPE_FORM_URLENCODED in headers["Content-Type"]:
            request = Request(uri, http_method, body, headers)
        else:
            request = Request(uri, http_method, "", headers)

        signature_type, params, oauth_params = self._get_signature_type_and_params(request)

        # The server SHOULD return a 400 (Bad Request) status code when
        # receiving a request with duplicated protocol parameters.
        if len(dict(oauth_params)) != len(oauth_params):
            raise errors.InvalidRequestError(description="Duplicate OAuth2 entries.")

        oauth_params = dict(oauth_params)
        request.signature = oauth_params.get("oauth_signature")
        request.client_key = oauth_params.get("oauth_consumer_key")
        request.resource_owner_key = oauth_params.get("oauth_token")
        request.nonce = oauth_params.get("oauth_nonce")
        request.timestamp = oauth_params.get("oauth_timestamp")
        request.redirect_uri = oauth_params.get("oauth_callback")
        request.verifier = oauth_params.get("oauth_verifier")
        request.signature_method = oauth_params.get("oauth_signature_method")
        request.realm = dict(params).get("realm")
        request.oauth_params = oauth_params

        # Parameters to Client depend on signature method which may vary
        # for each request. Note that HMAC-SHA1 and PLAINTEXT share parameters
        request.params = [(k, v) for k, v in params if k != "oauth_signature"]

        if "realm" in request.headers.get("Authorization", ""):
            request.params = [(k, v) for k, v in request.params if k != "realm"]

        return request
开发者ID:hitigon,项目名称:oauthlib,代码行数:37,代码来源:base.py

示例2: verify_request

# 需要导入模块: from oauthlib.common import Request [as 别名]
# 或者: from oauthlib.common.Request import signature_method [as 别名]
    def verify_request(self, uri, http_method='GET', body=None,
            headers=None, require_resource_owner=True, require_verifier=False,
            require_realm=False, required_realm=None, require_callback=False):
        """Verifies a request ensuring that the following is true:

        Per `section 3.2`_ of the spec.

        - all mandated OAuth parameters are supplied
        - parameters are only supplied in one source which may be the URI
          query, the Authorization header or the body
        - all parameters are checked and validated, see comments and the
          methods and properties of this class for further details.
        - the supplied signature is verified against a recalculated one

        A ValueError will be raised if any parameter is missing,
        supplied twice or invalid. A HTTP 400 Response should be returned
        upon catching an exception.

        A HTTP 401 Response should be returned if verify_request returns False.

        `Timing attacks`_ are prevented through the use of dummy credentials to
        create near constant time verification even if an invalid credential
        is used. Early exit on invalid credentials would enable attackers
        to perform `enumeration attacks`_. Near constant time string comparison
        is used to prevent secret key guessing. Note that timing attacks can
        only be prevented through near constant time execution, not by adding
        a random delay which would only require more samples to be gathered.

        .. _`section 3.2`: http://tools.ietf.org/html/rfc5849#section-3.2
        .. _`Timing attacks`: http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
        .. _`enumeration attacks`: http://www.sans.edu/research/security-laboratory/article/attacks-browsing
        """
        # Only include body data from x-www-form-urlencoded requests
        headers = headers or {}
        if ("Content-Type" in headers and
                headers["Content-Type"] == CONTENT_TYPE_FORM_URLENCODED):
            request = Request(uri, http_method, body, headers)
        else:
            request = Request(uri, http_method, '', headers)

        if self.enforce_ssl and not request.uri.lower().startswith("https://"):
            raise ValueError("Insecure transport, only HTTPS is allowed.")

        signature_type, params, oauth_params = self.get_signature_type_and_params(request)

        # The server SHOULD return a 400 (Bad Request) status code when
        # receiving a request with duplicated protocol parameters.
        if len(dict(oauth_params)) != len(oauth_params):
            raise ValueError("Duplicate OAuth entries.")

        oauth_params = dict(oauth_params)
        request.signature = oauth_params.get('oauth_signature')
        request.client_key = oauth_params.get('oauth_consumer_key')
        request.resource_owner_key = oauth_params.get('oauth_token')
        request.nonce = oauth_params.get('oauth_nonce')
        request.timestamp = oauth_params.get('oauth_timestamp')
        request.callback_uri = oauth_params.get('oauth_callback')
        request.verifier = oauth_params.get('oauth_verifier')
        request.signature_method = oauth_params.get('oauth_signature_method')
        request.realm = dict(params).get('realm')

        # The server SHOULD return a 400 (Bad Request) status code when
        # receiving a request with missing parameters.
        if not all((request.signature, request.client_key,
                    request.nonce, request.timestamp,
                    request.signature_method)):
            raise ValueError("Missing OAuth parameters.")

        # OAuth does not mandate a particular signature method, as each
        # implementation can have its own unique requirements.  Servers are
        # free to implement and document their own custom methods.
        # Recommending any particular method is beyond the scope of this
        # specification.  Implementers should review the Security
        # Considerations section (`Section 4`_) before deciding on which
        # method to support.
        # .. _`Section 4`: http://tools.ietf.org/html/rfc5849#section-4
        if not request.signature_method in self.allowed_signature_methods:
            raise ValueError("Invalid signature method.")

        # Servers receiving an authenticated request MUST validate it by:
        #   If the "oauth_version" parameter is present, ensuring its value is
        #   "1.0".
        if ('oauth_version' in request.oauth_params and
            request.oauth_params['oauth_version'] != '1.0'):
            raise ValueError("Invalid OAuth version.")

        # The timestamp value MUST be a positive integer. Unless otherwise
        # specified by the server's documentation, the timestamp is expressed
        # in the number of seconds since January 1, 1970 00:00:00 GMT.
        if len(request.timestamp) != 10:
            raise ValueError("Invalid timestamp size")
        try:
            ts = int(request.timestamp)

        except ValueError:
            raise ValueError("Timestamp must be an integer")

        else:
            # To avoid the need to retain an infinite number of nonce values for
            # future checks, servers MAY choose to restrict the time period after
#.........这里部分代码省略.........
开发者ID:Acidburn0zzz,项目名称:firefox-flicks,代码行数:103,代码来源:__init__.py


注:本文中的oauthlib.common.Request.signature_method方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。