基于Python的magento消费者

时间:2016-04-25 18:10:49

标签: php python magento oauth

在我的问题的扩展中 - https://stackoverflow.com/q/36847384/658209

我在考虑使用requests_oauthlib中的OAuth1Session来检索访问令牌和访问令牌密钥值。我想做类似于以下示例中所做的事情:

<?php
/**
* Example of OAuth authorization n using Admin account via Magento REST API.
*/
$callbackUrl = "http://yourhost/oauth_admin.php";
$temporaryCredentialsRequestUrl = "http://magentohost/oauth/initiate?oauth_callback=" .
urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://magentohost/admin/oauth_authorize';
$accessTokenRequestUrl = 'http://magentohost/oauth/token';
$apiUrl = 'http://magentohost/api/rest';
$consumerKey = 'yourconsumerkey';
$consumerSecret = 'yourconsumersecret';
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION :
OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret,
OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {68
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
echo "oauth_token:".$accessToken['oauth_token']."<br/>";
echo "oauth_token_secret:".$accessToken['oauth_token_secret'];
exit;
} else {
echo "authorisation failed";
}
} catch (OAuthException $e) {
print_r($e);
}

我提出了以下代码:

class Magento_Oauth_Admin(restful.Resource):
    def get(self):
        return render_template('magentosetup.html')

    def post(self):
        consumer_key=request.form.get('consumer_key')
        consumer_secret=request.form.get('consumer_secret')
        magentourl=request.form.get('magentourl')

        session['magentourl']=magentourl
        callbackurl = api.url_for(Magento_Access_Token)
        temporary_credentials_request_url = '{magentourl}/oauth/initiate?{callbackurl}'.format(magentourl, urllib.urlencode(
            dict(oauth_callback=callbackurl)))
        admin_authorization_url = '{magentourl}/admin/oauth_authorize'.format(magentourl)
        oauth_session = OAuth1Session(consumer_key, client_secret=consumer_secret, callback_uri=callbackurl)
        # First step, fetch the request token.
        fetch_response = oauth_session.fetch_request_token(temporary_credentials_request_url)
        session['resource_owner_key'] = fetch_response.get('oauth_token')
        session['resource_owner_secret'] = fetch_response.get('oauth_token_secret')

        # Second step. Follow this link and authorize
        authorization_url = oauth_session.authorization_url(admin_authorization_url)
        return redirect(authorization_url)

class Magento_Access_Token(restful.Resource):
    """ The user has been redirected back from the provider to the registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token."""
    def get(self):
        access_token_request_url = '{magentourl}/oauth/token'.format(session['magentourl'])
        verifier = request.args.get('oauth_verifier')

        oauth = OAuth1Session(consumer_key,
                                  client_secret=consumer_secret,
                                  resource_owner_key=session['resource_owner_key'],
                                  resource_owner_secret=session['resource_owner_secret'],
                                  verifier=verifier)
        oauth_tokens = oauth.fetch_access_token(access_token_request_url)
        resource_owner_key = oauth_tokens.get('oauth_token')
        resource_owner_secret = oauth_tokens.get('oauth_token_secret')
        return render_template('magentosetupcomplete.html')


api.add_resource(Magento_Oauth_Admin,"/v2/generateaccesstoken/",endpoint="generateaccesstoken")
api.add_resource(Magento_Access_Token,"/v2/callback/",endpoint="callback")

我不知道如何处理回调和重定向,而不是要求用户转到authorization_url然后粘贴重定向网址

编辑:在阅读了Robbie的评论之后,我更新了我的代码并将其拆分为2个端点。所以现在我的应用程序流程如下:

  1. 用户访问magentosetup.html并输入消费者令牌,秘密及其magento实例网址。他们提交此表格
  2. 我们从上面的表单获取凭据到Magento_Oauth_Admin帖子,然后我们触发oAuth舞蹈以生成访问令牌和秘密。
  3. 生成访问令牌后,我会将其存储在某处(此处不写代码)
  4. 现在我的问题是在最后一步(在用户授权后,提供商将用户重定向到消费者API之后),我可以使用return render_template('magentosetupcomplete.html')向用户确认用户重定向到magentosetupcomplete.html已生成并保存访问令牌。我问这个是因为/ callback端点是从magento调用的。我不确定在这种情况下控制的流程是什么。

0 个答案:

没有答案