Re: [Snowy] OAuth hurdles

From: Benoit Garret <benoit garret_gnome gadz org>
To: snowy-list gnome org
Subject: Re: [Snowy] OAuth hurdles
Date: Sat, 11 Jul 2009 20:33:39 +0200

On Sat, Jul 11, 2009 at 1:36 PM, Sandy
Armstrong<sanfordarmstrong gmail com> wrote:

> We are also new to OAuth, and happy for any help we can get.  If you'd
> like to generate patches for each of your changes, we can review/apply
> them when we return to Snowy work on the 20th.

The first, third, fourth and fifth patches are fixes to the problems
described in my previous mail. They are very small and should be self
explanatory.

The second one (fix-http-header-parsing) fixes another problem I
encountered. If I understood this section of the spec well :
http://oauth.net/core/1.0a#auth_header_authorization, the realm
parameter is optional. The library I'm using does omit it and the
signature Snowy generated was thus incorrect.

Cheers,
Benoit

diff --git a/lib/piston/forms.py b/lib/piston/forms.py
index 8f1f1d7..d7fd305 100644
--- a/lib/piston/forms.py
+++ b/lib/piston/forms.py
@@ -24,7 +24,7 @@ class ModelForm(forms.ModelForm):
 
 class OAuthAuthenticationForm(forms.Form):
     oauth_token = forms.CharField(widget=forms.HiddenInput)
-    oauth_callback = forms.URLField(widget=forms.HiddenInput)
+    oauth_callback = forms.CharField(widget=forms.HiddenInput)
     authorize_access = forms.BooleanField(required=True)
     csrf_signature = forms.CharField(widget=forms.HiddenInput)

diff --git a/lib/piston/oauth.py b/lib/piston/oauth.py
index 6090800..9183ccb 100644
--- a/lib/piston/oauth.py
+++ b/lib/piston/oauth.py
@@ -247,10 +247,11 @@ class OAuthRequest(object):
     @staticmethod
     def _split_header(header):
         params = {}
+        header = header.replace('OAuth ','',1)
         parts = header.split(',')
         for param in parts:
             # ignore realm parameter
-            if param.find('OAuth realm') > -1:
+            if param.find('realm') > -1:
                 continue
             # remove whitespace
             param = param.strip()

diff --git a/api/handlers.py b/api/handlers.py
index b4ac23e..423268f 100644
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -170,9 +170,9 @@ class NoteHandler(BaseHandler):
     model = Note
 
     @catch_and_return(ObjectDoesNotExist, rc.NOT_HERE)
-    def read(self, request, username, note_id, slug):
+    def read(self, request, username, note_id):
         author = User.objects.get(username=username)
-        note = Note.objects.get(pk=note_id, slug=slug)
+        note = Note.objects.get(pk=note_id)
         if request.user != author and note.permissions == 0:
             return rc.FORBIDDEN
         return {'note': [describe_note(note)]}

diff --git a/INSTALL b/INSTALL
index 2a93fe7..01ca9b7 100644
--- a/INSTALL
+++ b/INSTALL
@@ -18,6 +18,9 @@ Running Snowy From Your Git Checkout
 4. Start local snowy (in your snowy git checkout):
 	python manage.py runserver
 
+   If you want the server to listen on all interfaces instead of localhost only:
+	python manage.py runserver 0.0.0.0:8000
+
 5. Admin your snowy:
 	http://localhost:8000/admin

diff --git a/templates/api/mails/consumer_accepted.txt b/templates/api/mails/consumer_accepted.txt
index e69de29..10ddd6d 100644
--- a/templates/api/mails/consumer_accepted.txt
+++ b/templates/api/mails/consumer_accepted.txt
@@ -0,0 +1 @@
+Hello!

References:
- [Snowy] OAuth hurdles
  - From: Benoit Garret
- Re: [Snowy] OAuth hurdles
  - From: Sandy Armstrong

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]