entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 45 Releases Activity
wcs/wcs/api.py

101 lines
4.1 KiB
Python
Raw Permalink Blame History

# w.c.s. - web application for online forms
# Copyright (C) 2005-2013 Entr'ouvert
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
import base64
import hmac
import hashlib
import datetime
import urllib2
from quixote import get_request, get_publisher, get_response
from quixote.directory import Directory
from qommon.errors import AccessForbiddenError
def get_user_from_api_query_string():
query_string = get_request().get_query()
if not query_string:
return None
signature = get_request().form.get('signature')
if not isinstance(signature, basestring):
return None
# verify signature
orig = get_request().form.get('orig')
if not isinstance(orig, basestring):
raise AccessForbiddenError('missing/multiple orig field')
key = get_publisher().get_site_option(orig, 'api-secrets')
if not key:
raise AccessForbiddenError('invalid orig')
algo = get_request().form.get('algo')
if not isinstance(algo, basestring):
raise AccessForbiddenError('missing/multiple algo field')
try:
algo = getattr(hashlib, algo)
except AttributeError:
raise AccessForbiddenError('invalid algo')
if signature != base64.standard_b64encode(hmac.new(key,
query_string[:query_string.find('&signature=')],
algo).digest()):
raise AccessForbiddenError('invalid signature')
timestamp = get_request().form.get('timestamp')
if not isinstance(timestamp, basestring):
raise AccessForbiddenError('missing/multiple timestamp field')
delta = (datetime.datetime.utcnow().replace(tzinfo=None) -
datetime.datetime.strptime(timestamp,
'%Y-%m-%dT%H:%M:%SZ'))
MAX_DELTA = 30
if abs(delta) > datetime.timedelta(seconds=MAX_DELTA):
raise AccessForbiddenError('timestamp delta is more '
'than %s seconds: %s seconds' % (MAX_DELTA, delta))
# Signature is good. Now looking for the user, by email/NameID.
# If email or NameID exist but are empty, return None
user = None
if not ('email' in get_request().form or 'NameID' in get_request().form):
raise AccessForbiddenError('missing email or NameID fields')
elif get_request().form.get('email'):
email = get_request().form.get('email')
if not isinstance(email, basestring):
raise AccessForbiddenError('multiple email field')
users = list(get_publisher().user_class.get_users_with_email(email))
if users:
user = users[0]
else:
raise AccessForbiddenError('unknown email')
elif get_request().form.get('NameID'):
ni = get_request().form.get('NameID')
if not isinstance(ni, basestring):
raise AccessForbiddenError('multiple NameID field')
users = list(get_publisher().user_class.get_users_with_name_identifier(ni))
if users:
user = users[0]
else:
raise AccessForbiddenError('unknown NameID')
return user
class ApiDirectory(Directory):
_q_exports = [('reverse-geocoding', 'reverse_geocoding')]
def reverse_geocoding(self):
nominatim_url = get_publisher().get_site_option('nominatim_url')
if not nominatim_url:
nominatim_url = 'http://nominatim.openstreetmap.org'
get_response().set_content_type('application/json')
return urllib2.urlopen('%s/reverse?format=json&zoom=18&addressdetails=1&lat=%s&lon=%s' % (
nominatim_url,
get_request().form['lat'], get_request().form['lon'])).read()
View Git Blame Copy Permalink