#!/usr/bin/env python #-*- coding: utf-8 -*- # Copyright (c) 2012 The WebRTC project authors. All Rights Reserved. # # Use of this source code is governed by a BSD-style license # that can be found in the LICENSE file in the root of the source # tree. An additional intellectual property rights grant can be found # in the file PATENTS. All contributing project authors may # be found in the AUTHORS file in the root of the source tree. """Provides a OAuth request handler base class.""" from google.appengine.api import oauth import logging import webapp2 class UserNotAuthenticatedException(Exception): """Gets thrown if a user is not permitted to store data.""" pass class OAuthPostRequestHandler(webapp2.RequestHandler): """Works like a normal request handler but adds OAuth authentication. This handler will expect a proper OAuth request over POST. This abstract class deals with the authentication but leaves user-defined data handling to its subclasses. Subclasses should not implement the post() method but the _parse_and_store_data() method. Otherwise they may act like regular request handlers. Subclasses should NOT override the get() method. The handler will accept an OAuth request if it is correctly formed and the consumer is acting on behalf of an administrator for the dashboard. """ def __init__(self, request=None, response=None): webapp2.RequestHandler.__init__(self, request, response) def post(self): try: self._authenticate_user() except UserNotAuthenticatedException as exception: logging.warn('Failed to authenticate: %s.' % exception) self.response.set_status(403) return # Do the actual work. self._parse_and_store_data() def _parse_and_store_data(self): """Reads data from POST request and responds accordingly.""" raise NotImplementedError('You must override this method!') @staticmethod def _authenticate_user(): try: if oauth.is_current_user_admin(): # The user on whose behalf we are acting is indeed an administrator # of this application, so we're good to go. logging.info('Authenticated on behalf of user %s.' % oauth.get_current_user()) return else: raise UserNotAuthenticatedException('We are acting on behalf of ' 'user %s, but that user is not ' 'an administrator.' % oauth.get_current_user()) except oauth.OAuthRequestError as exception: raise UserNotAuthenticatedException('Invalid OAuth request: %s' % exception.__class__.__name__)