Mercurial > hg > OKFNAnnotator

changeset 2:4c6c8835fc5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new version for new Annotator Auth API using PyJWT.
author casties
date Fri, 23 Mar 2012 17:50:06 +0100
parents 7f0324b249d3
children 6356e78ccf5c
files AuthTokenGenerator.py version.txt
diffstat 2 files changed, 22 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/AuthTokenGenerator.py	Fri Mar 23 16:50:23 2012 +0100
+++ b/AuthTokenGenerator.py	Fri Mar 23 17:50:06 2012 +0100
@@ -2,9 +2,9 @@
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 from OFS.PropertyManager import PropertyManager
 
+import logging
 import datetime
-import hashlib
-import json
+import jwt
 
 
 ZERO = datetime.timedelta(0)
@@ -24,18 +24,18 @@
     """Generator of auth tokens for OKFN Annotator"""
     
     meta_type = 'AuthTokenGenerator'
-    _properties=({'id':'consumer_key', 'type': 'string', 'mode': 'w'},
+    _properties = ({'id':'consumer_key', 'type': 'string', 'mode': 'w'},
                  {'id':'consumer_secret', 'type': 'string', 'mode': 'w'},
                 )
     
     manage_options = PropertyManager.manage_options + SimpleItem.manage_options
 
     # Only change this if you're sure you know what you're doing
-    consumerTtl = 86400
+    tokenTtl = 86400
 
     def __init__(self, id, consumerKey=None, consumerSecret=None):
         """init document viewer"""
-        self.id=id
+        self.id = id
         self.consumer_key = consumerKey
         self.consumer_secret = consumerSecret
 
@@ -43,7 +43,7 @@
         """returns authentication token for user"""
         if self._token_allowed():
             token = self._generate_token(user)
-            self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json")
+            # set CORS headers
             origin = self.REQUEST.getHeader("Origin", None)
             if origin is not None:
                 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin)
@@ -51,7 +51,12 @@
                 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*")
 
             self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
-            json.dump(token, self.REQUEST.RESPONSE)
+            logging.debug("token=%s"%token)
+            self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain")
+            return token
+            # send as JSON
+            #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json")
+            #json.dump(token, self.REQUEST.RESPONSE)
         else:
             self.REQUEST.RESPONSE.setStatus('Forbidden')
             return "SORRY, NOT ALLOWED!" 
@@ -62,16 +67,15 @@
 
     def _generate_token(self, user_id):
         #return JSON-token
-        issue_time = datetime.datetime.now(UTC).isoformat()
-        token = hashlib.sha256(self.consumer_secret + user_id + issue_time).hexdigest()
-    
-        return dict(
-            consumerKey=self.consumer_key,
-            authToken=token,
-            authTokenIssueTime=issue_time,
-            authTokenTTL=self.consumerTtl,
-            userId=user_id
-        )
+        issue_time = datetime.datetime.now(UTC).replace(microsecond=0)
+        
+        return jwt.encode({
+           'consumerKey': self.consumer_key,
+           'userId': user_id,
+           'issuedAt': issue_time.isoformat(),
+           'ttl': self.tokenTtl
+           }, self.consumer_secret)
+        
 
 def manage_addAuthTokenGeneratorForm(self):
     """form for adding AuthTokenGenerator"""
--- a/version.txt	Fri Mar 23 16:50:23 2012 +0100
+++ b/version.txt	Fri Mar 23 17:50:06 2012 +0100
@@ -1,1 +1,1 @@
-0.2a
\ No newline at end of file
+0.3
\ No newline at end of file