Merge pull request #8 from hannseman/master

Add access to APIKey object, repeated url parameters, django <1.5 fixes

Author: andreif

MANIFEST.in

@@ -3,3 +3,4 @@ include LICENSE
 include README.rst
 recursive-include formapi/templates *
 recursive-include formapi/static *
+recursive-exclude formapi/tests *

Makefile

@@ -2,7 +2,7 @@ test:
 	python setup.py test
 
 flake8:
-	flake8 --ignore=E501,E225,E128,W391,W404,W402 --exclude migrations --max-complexity 12 formapi
+	flake8 --ignore=E501,E128 --exclude migrations --max-complexity 12 formapi
 
 install:
 	python setup.py install

formapi/__init__.py

@@ -1,4 +1,4 @@
-VERSION = (0, 0, 7, 'dev')
+VERSION = (0, 1, 0, 'dev')
 
 # Dynamically calculate the version based on VERSION tuple
 if len(VERSION) > 2 and VERSION[2] is not None:

formapi/api.py

@@ -43,7 +43,7 @@ class DjangoJSONEncoder(JSONEncoder):
 
     def default(self, obj):
         date_obj = self.default_date(obj)
-        if date_obj:
+        if date_obj is not None:
             return date_obj
         elif isinstance(obj, decimal.Decimal):
             return str(obj)
@@ -75,6 +75,8 @@ def default_date(self, obj):
             if obj.microsecond:
                 r = r[:12]
             return r
+        elif isinstance(obj, datetime.timedelta):
+            return obj.seconds
 
 dumps = curry(dumps, cls=DjangoJSONEncoder)
 
@@ -100,14 +102,19 @@ def get_form_class(self):
         except KeyError:
             raise Http404
 
+    def get_form_kwargs(self):
+        kwargs = super(API, self).get_form_kwargs()
+        if self.api_key:
+            kwargs['api_key'] = self.api_key
+        return kwargs
+
     def get_access_params(self):
         key = self.request.REQUEST.get('key')
         sign = self.request.REQUEST.get('sign')
         return key, sign
 
     def sign_ok(self, sign):
-        pairs = ((field, self.request.REQUEST.get(field))
-                 for field in sorted(self.get_form_class()().fields.keys()))
+        pairs = self.normalized_parameters()
         filtered_pairs = itertools.ifilter(lambda x: x[1] is not None, pairs)
         query_string = '&'.join(('='.join(pair) for pair in filtered_pairs))
         query_string = urllib2.quote(query_string.encode('utf-8'))
@@ -117,6 +124,20 @@ def sign_ok(self, sign):
             sha1).hexdigest()
         return constant_time_compare(sign, digest)
 
+    def normalized_parameters(self):
+        """
+        Normalize django request to key value pairs sorted by key first and then value
+        """
+        for field in sorted(self.get_form(self.get_form_class()).fields.keys()):
+            value = self.request.REQUEST.getlist(field) or None
+            if not value:
+                continue
+            if len(value) == 1:
+                yield field, value[0]
+            else:
+                for item in sorted(value):
+                    yield field, item
+
     def render_to_json_response(self, context, **response_kwargs):
         data = dumps(context)
         response_kwargs['content_type'] = 'application/json'
@@ -191,6 +212,6 @@ def dispatch(self, request, *args, **kwargs):
             return super(API, self).dispatch(request, *args, **kwargs)
 
         # Access denied
-        self.log.info('Access Denied %s', self.request.REQUEST)
+        self.log.warning('Access Denied %s', self.request.REQUEST)
 
         return HttpResponse(status=401)

formapi/calls.py

@@ -3,6 +3,10 @@
 
 class APICall(forms.Form):
 
+    def __init__(self, api_key=None, *args, **kwargs):
+        super(APICall, self).__init__(*args, **kwargs)
+        self.api_key = api_key
+
     def add_error(self, error_msg):
         errors = self.non_field_errors()
         errors.append(error_msg)

formapi/tests/__init__.py

@@ -23,6 +23,7 @@ def setUp(self):
         self.user.set_password("rosebud")
         self.user.save()
         self.authenticate_url = '/api/v1.0.0/user/authenticate/'
+        self.language_url = '/api/v1.0.0/comp/lang/'
 
     def send_request(self, url, data, key=None, secret=None, req_method="POST"):
         if not key:
@@ -42,8 +43,8 @@ def test_api_key(self):
 
     def test_valid_auth(self):
         response = self.send_request(self.authenticate_url, {'username': self.user.username, 'password': 'rosebud'})
-        response_data = json.loads(response.content)
         self.assertEqual(response.status_code, 200)
+        response_data = json.loads(response.content)
         self.assertEqual(response_data['errors'], {})
         self.assertTrue(response_data['success'])
         self.assertIsNotNone(response_data['data'])
@@ -66,7 +67,7 @@ def test_invalid_sign(self):
         self.assertEqual(response.status_code, 401)
 
     def test_invalid_password(self):
-        data = {'username': self.user.username, 'password': '1337haxx'}
+        data = {'username': self.user.username, 'password': '1337hax/x'}
         response = self.send_request(self.authenticate_url, data)
         self.assertEqual(response.status_code, 400)
         response_data = json.loads(response.content)
@@ -89,6 +90,11 @@ def test_get_call(self):
         response = self.send_request(self.authenticate_url, data, req_method='GET')
         self.assertEqual(response.status_code, 200)
 
+    def test_multiple_values(self):
+        data = {'languages': ['python', 'java']}
+        response = self.send_request(self.language_url, data, req_method='GET')
+        self.assertEqual(response.status_code, 200)
+
 
 class HMACTest(TransactionTestCase):
 

formapi/tests/calls.py

@@ -70,8 +70,22 @@ def action(self, test):
         except ZeroDivisionError:
             self.add_error("DIVISION BY ZERO, OH SHIIIIII")
 
-API.register(AuthenticateUserCall, 'user', 'authenticate', version='v1.0.0')
-API.register(DivisionCall, 'math', 'divide', version='v1.0.0')
 
+class ProgrammingLanguages(calls.APICall):
+    RUBY = 'ruby'
+    PYTHON = 'python'
+    JAVA = 'java'
+    LANGUAGES = (
+        (RUBY, 'Freshman'),
+        (PYTHON, 'Sophomore'),
+        (JAVA, 'Junior')
+    )
+    languages = forms.MultipleChoiceField(choices=LANGUAGES)
+
+    def action(self, test):
+        return u'Good for you'
 
 
+API.register(AuthenticateUserCall, 'user', 'authenticate', version='v1.0.0')
+API.register(DivisionCall, 'math', 'divide', version='v1.0.0')
+API.register(ProgrammingLanguages, 'comp', 'lang', version='v1.0.0')

formapi/tests/urls.py

@@ -3,7 +3,4 @@
 except ImportError:
     from django.conf.urls.defaults import patterns, url, include
 
-
-urlpatterns = patterns('',
-    url(r'^api/', include('formapi.urls')),
-)
+urlpatterns = patterns('', url(r'^api/', include('formapi.urls')))

formapi/utils.py

@@ -1,21 +1,34 @@
 import hmac
 import urllib2
 from hashlib import sha1
-from django.utils.encoding import force_unicode
+from django.utils.encoding import smart_str, force_unicode
 
 
 def get_sign(secret, querystring=None, **params):
     """
     Return sign for querystring.
 
     Logic:
-    - Sort querystring by parameter keys
+    - Sort querystring by parameter keys and by value if two or more parameter keys share the same name
     - URL encode sorted querystring
     - Generate a hex digested hmac/sha1 hash using given secret
     """
     if querystring:
         params = dict(param.split('=') for param in querystring.split('&'))
-    sorted_params = ((key, params[key]) for key in sorted(params.keys()))
+    sorted_params = []
+    for key, value in sorted(params.items(), key=lambda x: x[0]):
+        if isinstance(value, basestring):
+            sorted_params.append((key, value))
+        else:
+            try:
+                value = list(value)
+            except TypeError, e:
+                assert 'is not iterable' in str(e)
+                value = smart_str(value)
+                sorted_params.append((key, value))
+            else:
+                sorted_params.extend((key, item) for item in sorted(value))
     param_list = ('='.join((field, force_unicode(value))) for field, value in sorted_params)
-    validation_string = force_unicode('&'.join(param_list))
-    return hmac.new(str(secret), urllib2.quote(validation_string.encode('utf-8')), sha1).hexdigest()
+    validation_string = smart_str('&'.join(param_list))
+    validation_string = urllib2.quote(validation_string)
+    return hmac.new(str(secret), validation_string, sha1).hexdigest()

formapi/views.py

@@ -17,4 +17,3 @@ def call(request, version, namespace, call_name):
         'docstring': form_class.__doc__
     }
     return render(request, 'formapi/api/call.html', context)
-