# HG changeset patch # User casties # Date 1332521406 -3600 # Node ID 4c6c8835fc5cbfd11eabd644e83a6f56f9b71231 # Parent 7f0324b249d3533ee3df37cc93a47125ae13f6c1 new version for new Annotator Auth API using PyJWT. diff -r 7f0324b249d3 -r 4c6c8835fc5c AuthTokenGenerator.py --- a/AuthTokenGenerator.py Fri Mar 23 16:50:23 2012 +0100 +++ b/AuthTokenGenerator.py Fri Mar 23 17:50:06 2012 +0100 @@ -2,9 +2,9 @@ from Products.PageTemplates.PageTemplateFile import PageTemplateFile from OFS.PropertyManager import PropertyManager +import logging import datetime -import hashlib -import json +import jwt ZERO = datetime.timedelta(0) @@ -24,18 +24,18 @@ """Generator of auth tokens for OKFN Annotator""" meta_type = 'AuthTokenGenerator' - _properties=({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, + _properties = ({'id':'consumer_key', 'type': 'string', 'mode': 'w'}, {'id':'consumer_secret', 'type': 'string', 'mode': 'w'}, ) manage_options = PropertyManager.manage_options + SimpleItem.manage_options # Only change this if you're sure you know what you're doing - consumerTtl = 86400 + tokenTtl = 86400 def __init__(self, id, consumerKey=None, consumerSecret=None): """init document viewer""" - self.id=id + self.id = id self.consumer_key = consumerKey self.consumer_secret = consumerSecret @@ -43,7 +43,7 @@ """returns authentication token for user""" if self._token_allowed(): token = self._generate_token(user) - self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") + # set CORS headers origin = self.REQUEST.getHeader("Origin", None) if origin is not None: self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) @@ -51,7 +51,12 @@ self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") - json.dump(token, self.REQUEST.RESPONSE) + logging.debug("token=%s"%token) + self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") + return token + # send as JSON + #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") + #json.dump(token, self.REQUEST.RESPONSE) else: self.REQUEST.RESPONSE.setStatus('Forbidden') return "SORRY, NOT ALLOWED!" @@ -62,16 +67,15 @@ def _generate_token(self, user_id): #return JSON-token - issue_time = datetime.datetime.now(UTC).isoformat() - token = hashlib.sha256(self.consumer_secret + user_id + issue_time).hexdigest() - - return dict( - consumerKey=self.consumer_key, - authToken=token, - authTokenIssueTime=issue_time, - authTokenTTL=self.consumerTtl, - userId=user_id - ) + issue_time = datetime.datetime.now(UTC).replace(microsecond=0) + + return jwt.encode({ + 'consumerKey': self.consumer_key, + 'userId': user_id, + 'issuedAt': issue_time.isoformat(), + 'ttl': self.tokenTtl + }, self.consumer_secret) + def manage_addAuthTokenGeneratorForm(self): """form for adding AuthTokenGenerator""" diff -r 7f0324b249d3 -r 4c6c8835fc5c version.txt --- a/version.txt Fri Mar 23 16:50:23 2012 +0100 +++ b/version.txt Fri Mar 23 17:50:06 2012 +0100 @@ -1,1 +1,1 @@ -0.2a \ No newline at end of file +0.3 \ No newline at end of file