通过Django Piston请求令牌引发TypeError异常

时间:2010-12-02 23:47:09

标签: python django oauth django-piston

尝试通过Django Piston中的OAuth进行身份验证时,会抛出以下异常:

Environment:

Request Method: GET
Request URL: http://localhost:8000/api/oauth/request_token/?oauth_nonce=32921052&oauth_timestamp=1291331173&oauth_consumer_key=ghof7av2vu8hal2hek&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=
Python Version: 


Traceback:
File "/Users/derek/.virtualenvs/optimal-rest/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  100.                     response = callback(request, *callback_args, **callback_kwargs)
File "/Users/derek/.virtualenvs/optimal-rest/lib/python2.7/site-packages/piston/authentication.py" in oauth_request_token
  130.         token = oauth_server.fetch_request_token(oauth_request)
File "/Users/derek/.virtualenvs/optimal-rest/lib/python2.7/site-packages/piston/oauth.py" in fetch_request_token
  302.             self._check_signature(oauth_request, consumer, None)
File "/Users/derek/.virtualenvs/optimal-rest/lib/python2.7/site-packages/piston/oauth.py" in _check_signature
  393.         valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature)
File "/Users/derek/.virtualenvs/optimal-rest/lib/python2.7/site-packages/piston/oauth.py" in check_signature
  482.         built = self.build_signature(oauth_request, consumer, token)
File "/Users/derek/.virtualenvs/optimal-rest/lib/python2.7/site-packages/piston/oauth.py" in build_signature
  513.             hashed = hmac.new(key, raw, sha)
File "/usr/local/Cellar/python/2.7/lib/python2.7/hmac.py" in new
  133.     return HMAC(key, msg, digestmod)
File "/usr/local/Cellar/python/2.7/lib/python2.7/hmac.py" in __init__
  72.         self.outer.update(key.translate(trans_5C))

Exception Type: TypeError at /api/oauth/request_token/?oauth_nonce=32921052&oauth_timestamp=1291331173&oauth_consumer_key=ghof7av2vu8hal2hek&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=
Exception Value: character mapping must return integer, None or unicode

无法判断它是否是Piston中的错误,或者我是否无法使用oauth2 lib。

消费者代码:

import os
import cgi
import oauth2 as oauth

# settings for the local test consumer
CONSUMER_SERVER = os.environ.get("CONSUMER_SERVER") or 'localhost'
CONSUMER_PORT = os.environ.get("CONSUMER_PORT") or '8000'
print CONSUMER_SERVER , CONSUMER_PORT 

# fake urls for the test server (matches ones in server.py)
REQUEST_TOKEN_URL = 'http://%s:%s/api/oauth/request_token/' % (CONSUMER_SERVER, CONSUMER_PORT)
ACCESS_TOKEN_URL = 'http://%s:%s/api/oauth/access_token/' % (CONSUMER_SERVER, CONSUMER_PORT)
AUTHORIZE_URL = 'http://%s:%s/api/oauth/authorize/' % (CONSUMER_SERVER, CONSUMER_PORT)

# key and secret granted by the service provider for this consumer application - same as the MockOAuthDataStore
CONSUMER_KEY = 'ghof7av2vu8hal2hek'
CONSUMER_SECRET = 'ohhey'

consumer = oauth.Consumer(CONSUMER_KEY, CONSUMER_SECRET)
client = oauth.Client(consumer)

# Step 1: Get a request token. This is a temporary token that is used for 
# having the user authorize an access token and to sign the request to obtain 
# said access token.

resp, content = client.request(REQUEST_TOKEN_URL, "GET")
if resp['status'] != '200':
    raise Exception("Invalid response %s." % resp['status'])

引用消费者代码的https://github.com/clemesha/django-piston-oauth-example

2 个答案:

答案 0 :(得分:3)

这是一个活塞问题,它来自消费者的密钥/秘密的编码问题。 解决方案是强制将从数据库返回的密钥/秘密的编码转换为ASCII。

在活塞的store.py文件中,修改lookup_consumer,使其如下所示:

def lookup_consumer(self, key):
    try:
        self.consumer = Consumer.objects.get(key=key)
        self.consumer.key = self.consumer.key.encode('ascii')
        self.consumer.secret = self.consumer.secret.encode('ascii')
        return self.consumer
    except Consumer.DoesNotExist:
        return None

Here是我的django-piston解决这个问题的分支。

答案 1 :(得分:1)

如果传入unicode键值,Piston的“oauth.py”模块的“build_signature()”方法中也会出现此问题。我在使用上面提到的clemesha / django-piston-oauth-example客户端代码时发现了这个问题因为在提示输入“密码”后它仍然失败。

基本问题记录为问题#169: https://bitbucket.org/jespern/django-piston/issue/169/oauth-request-token-error-with-hmac

上述重新编码解决方案也适用于这种情况:

def build_signature(self, oauth_request, consumer, token):
    """Builds the base signature string."""
    key, raw = self.build_signature_base_string(oauth_request, consumer,
        token)

    #BUG: character mapping must return integer, None or unicode
    #FIX:
    key = key.encode('ascii')

    # HMAC object.
    try:
        import hashlib # 2.5
        hashed = hmac.new(key, raw, hashlib.sha1)
    except:
        import sha # Deprecated
        hashed = hmac.new(key, raw, sha)

    # Calculate the digest base 64.
    return binascii.b2a_base64(hashed.digest())[:-1]
相关问题
最新问题