这是我收到错误的部分"身份验证失败"。 我正在开发一个Web应用程序,我需要一些帮助。我正在为土耳其书籍开发像Project Gutenberg这样的网络应用程序,我想添加"添加到我的Dropbox"功能就像Project Gutenberg一样。我使用Django作为Web框架,这是我到目前为止所做的。 (请记住,我是Django的初学者和初级软件开发人员,所以关于Django最佳实践或安全问题的任何建议也会有所帮助。)
这是来自book_detail.html
<div>
<form action="/booksite/dropbox_integration/{{book.id}}/" method="post">{% csrf_token %}
<input type="submit" value="Add to Dropbox" />
</form>
</div>
这是我的dropbox_integration视图:
def dropbox_integration(request, book_id):
if request.method == 'POST':
APP_KEY = 'xxxxxx' # I have the real values of key and secret in the code
APP_SECRET = 'xxxxx'
ACCESS_TYPE = 'app_folder'
#This is my redirect url after login and upload file
callback = "http://localhost:8000/booksite/file_upload"
sess = session.DropboxSession(APP_KEY, APP_SECRET, ACCESS_TYPE)
request_token = sess.obtain_request_token()
url = sess.build_authorize_url(request_token, oauth_callback=callback)
#i use session for parameter passing but now this line is useless and irrelevant
request.session['book_id']=book_id
return HttpResponseRedirect(url)
return HttpResponseRedirect("http://localhost:8000/booksite/")
这是我的file_upload视图:
def file_upload(request):
APP_KEY = 'xxx' # i got real key and secret
APP_SECRET = 'xxxx'
ACCESS_TYPE = 'app_folder'
sess = session.DropboxSession(APP_KEY, APP_SECRET, ACCESS_TYPE)
b_id=request.session['book_id']
#this line is useless now
book = get_object_or_404(Book, pk=1) #book_id
#i want to upload this file to my dropbox as foo1.pdf
f = open('C:/Users/baris/workspace/OpenLibrary/booksite/temp_files/documents/docs/201462912729dt_kitap1.pdf', 'rb')
client1 = client.DropboxClient(sess)
r1 = client1.put_file('foo1.pdf', f)
url="http://localhost:8000/booksite"
return HttpResponseRedirect(url)
点击&#34;添加到Dropbox&#34;按钮。它将我重定向到Dropbox并输入凭据。 Dropbox问我,我想通过按钮允许和拒绝我的网站(我的应用程序)。我点击拒绝。页面正在加载,加载,加载......我收到错误:
Exception Type: ErrorResponse
Exception Value: [401] u'Authentication failed'
Django Version: 1.6.5
Request URL: http://localhost:8000/booksite/file_upload?oauth_token=some_real_token&uid=some_number
提前谢谢。
2014年7月7日更新
这是我收到错误的部分&#34;未找到请求令牌&#34;。
这是dropbox_integration视图:
def dropbox_integration(request, book_id):
APP_KEY = 'xxx' #i got real values
APP_SECRET = 'xxx'
ACCESS_TYPE = 'app_folder'
if request.method == 'POST':
base_path=os.path.dirname(os.path.abspath(__file__))
config_path=os.path.join(os.path.join(base_path, 'temp_files'), "config.txt")
logger.debug("Base path="+base_path)
logger.debug("Config path="+config_path)
content=[]
if os.path.exists(config_path):
logger.debug("Config.txt var")
with open(config_path) as the_file:
content = the_file.readlines()
else:
logger.debug("Config.txt yok")
with open(config_path, 'w') as the_file:
the_file.write(APP_KEY)
the_file.write('|')
the_file.write(APP_SECRET)
config_key=content[0].split('|')[0]
config_secret=content[0].split('|')[1]
callback = "http://127.0.0.1:8000/booksite/file_upload"
sess = session.DropboxSession(config_key, config_secret, ACCESS_TYPE)
request_token = sess.obtain_request_token()
request.session['request_token']=json.dumps(request_token.__dict__)
logger.debug("req_ses="+request.session['request_token'])
url = sess.build_authorize_url(request_token, oauth_callback=callback)
request.session['book_id']=book_id
return HttpResponseRedirect(url)
return HttpResponseRedirect("http://127.0.0.1:8000/booksite/")
这是file_upload视图:
@csrf_protect
def file_upload(request):
base_path = os.path.dirname(os.path.abspath(__file__))
config_path = os.path.join(os.path.join(base_path, 'temp_files'), "config.txt")
logger.debug("Base path=" + base_path)
logger.debug("Config path=" + config_path)
content = []
if os.path.exists(config_path):
with open(config_path) as the_file:
content = the_file.readlines()
else:
logger.debug("Config.txt dosyasi bulunamadi.")
config_key = content[0].split('|')[0]
config_secret = content[0].split('|')[0]
ACCESS_TYPE = 'app_folder'
sess = session.DropboxSession(config_key, config_secret, ACCESS_TYPE)
b_id = request.session['book_id']
logger.debug("File upload fonksiyonu book id=" + str(b_id))
book = get_object_or_404(Book, pk=1) # book_id olarak 1 verdim.
request_token = JSONDecoder(object_hook=from_json).decode(request.session['request_token'])
logger.debug("REQUEST_TOKEN="+str(request_token))
access_token = sess.obtain_access_token(request_token)
logger.debug(access_token)
client1 = client.DropboxClient(sess)
try:
base_path1 = os.path.dirname(os.path.abspath(__file__))
with open(os.path.join(base_path1, "udacity.txt"), "rb") as fh: # os.path.join(self.path, self.filename)
path = os.path.join(path, filename)
print path
print fh
res = client1.put_file("udacity.txt", fh)
except Exception, e:
logger.debug("ERROR: " + str(e))
url = "http://127.0.0.1:8000/booksite/books/12/detail/"
return HttpResponseRedirect(url)
这是我的帮手from_json函数:
def from_json(json_object):
secret=""
key=""
if 'secret' in json_object:
secret=json_object['secret']
if 'key' in json_object:
key=json_object['key']
logger.debug(secret+" ---- "+key)
return session.OAuthToken(json_object['secret'], json_object['key'])
我在file_upload视图中的sess.obtain_access_token(request_token)行收到错误。 我无法获得access_token并收到错误&#34;请求令牌未找到&#34;。是什么原因? 这是我的Django日志:
[06/Jul/2014 15:38:15] DEBUG [booksite.views:133] File upload function book id=12
[06/Jul/2014 15:38:15] DEBUG [booksite.views:164] xxxxx---- xxxx
[06/Jul/2014 15:38:15] DEBUG [booksite.views:137] REQUEST_TOKEN=<dropbox.session.OAuthToken object at 0x028BCB90>
答案 0 :(得分:0)
错误原因可能是因为Django找不到您在表单中使用的{% csrf_token %}的跨站请求伪造保护。当然,出于安全原因,你必须添加它......
要为Cross Site Request Forgery添加安全性,您必须在视图中添加以下装饰器:
from django.views.decorators.csrf import csrf_exempt, csrf_protect
@csrf_protect
#@csrf_exempt says to make an exemption on csrf, but of course is not secure.
#@csrf_exempt
def file_upload(request):
...
有关详情,请参阅Django Documentation