Request:
PUT /api/v1/place/14/ BODY: name=NEW3&latitude=55.74659&longitude=37.626484
Response:
{"detail": "Invalid signature. Expected signature base string: PUT&http%3A%2F%2Fyavezu.com%3A8005%2Fapi%2Fv1%2Fplace%2F14%2F&oauth_consumer_key%3Daa68ec89fc944c60880f59e18dc6e982%26oauth_nonce%3D-4587244018477714645%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1398769361%26oauth_token%3D03cd9df066244aa2884a5508ff0d9fff%26oauth_version%3D1.0"}
As you can see PUT-parameters are not included in base string.
I digged a code a little and found two reasons for it.
1. PUT-parameters are not supported in oauth_provider
see line:
if request.method == "POST" and request.META.get('CONTENT_TYPE') == "application/x-www-form-urlencoded":
oauth_provider.utils
def get_oauth_request(request):
""" Converts a Django request object into an `oauth2.Request` object. """
# Django converts Authorization header in HTTP_AUTHORIZATION
# Warning: it doesn't happen in tests but it's useful, do not remove!
auth_header = {}
if 'Authorization' in request.META:
auth_header = {'Authorization': request.META['Authorization']}
elif 'HTTP_AUTHORIZATION' in request.META:
auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']}
# include POST parameters if content type is
# 'application/x-www-form-urlencoded' and request
# see: http://tools.ietf.org/html/rfc5849#section-3.4.1.3.1
parameters = {}
if request.method == "POST" and request.META.get('CONTENT_TYPE') == "application/x-www-form-urlencoded":
parameters = dict((k, v.encode('utf-8')) for (k, v) in request.POST.iteritems())
absolute_uri = request.build_absolute_uri(request.path)
if "HTTP_X_FORWARDED_PROTO" in request.META:
scheme = request.META["HTTP_X_FORWARDED_PROTO"]
absolute_uri = urlunparse((scheme, ) + urlparse(absolute_uri)[1:])
return oauth.Request.from_request(request.method,
absolute_uri,
headers=auth_header,
parameters=parameters,
query_string=request.META.get('QUERY_STRING', '')
)
2. PUT-parameters are not supported in class django.core.handlers.wsgi.WSGIRequest and django.http.request.HttpRequest:
def _load_post_and_files(self):
"""Populate self._post and self._files if the content-type is a form type"""
if self.method != 'POST':
self._post, self._files = QueryDict('', encoding=self._encoding), MultiValueDict()
return
...
I wounder how it is possible for Django REST Framework to provide RESTful API over Django without support for PUT-parameters? What am I doing wrong?
POST-requests work just fine.
http://stackoverflow.com/questions/23363210/put-parameters-in-django-rest-framework-oauth-1-0a
As for 2 you are precisely right. My draft fix looks like this:
oauth_provider.utils
if request.META.get('CONTENT_TYPE', None) == "application/x-www-form-urlencoded":
if request.method == 'POST':
parameters = request.POST
else:
parameters = getattr(request, 'DATA', {})
parameters = dict((k, v.encode('utf-8')) for (k, v) in parameters.iteritems())
It works fine for Django + Django REST Framework + django-oauth-plus
But it won't work for original Django HttpRequest: https://docs.djangoproject.com/en/1.6/ref/request-response/#django.http.HttpRequest
Because it has not DATA attribute, only REQUEST attribute which is deprecated in Django 1.7: https://docs.djangoproject.com/en/1.7/ref/request-response/#django.http.HttpRequest.REQUEST
It is good idea to make a contribution to django-oauth-plus. Could share you experience about add support for PUT-requests for Django REST Framework?
1. In Django 1.6 I see this code:
django.core.handlers.wsgi
class WSGIRequest(http.HttpRequest):
...
GET = property(_get_get, _set_get)
POST = property(_get_post, _set_post)
COOKIES = property(_get_cookies, _set_cookies)
FILES = property(_get_files)
REQUEST = property(_get_request)
! No support for PUT-parameters
django.http.request
def _load_post_and_files(self):
"""Populate self._post and self._files if the content-type is a form type"""
if self.method != 'POST':
self._post, self._files = QueryDict('', encoding=self._encoding), MultiValueDict()
return
! No support for PUT-parameters
I also found this: https://groups.google.com/forum/#!msg/django-developers/dxI4qVzrBY4/m_9IiNk_p7UJ
Is it the reason you rolled out your own class Request(object)?
2. What you could be a patch for django-oauth-plus to support integration with both: pure Django and Django + Django REST Framework?