Ubuntu Apps Directory

Merge lp:~mvo/ubuntu-webcatalog/machine-inventory into lp:ubuntu-webcatalog

machine-inventory
Merge into trunk

Proposed by Michael Vogt on 2011-06-28

Status:	Merged
Approved by:	Michael Foord on 2011-06-29
Approved revision:	32
Merged at revision:	29
Proposed branch:	lp:~mvo/ubuntu-webcatalog/machine-inventory
Merge into:	lp:ubuntu-webcatalog
Diff against target:	772 lines (+677/-1) 11 files modified requirements.txt (+5/-0) src/webcatalog/api/__init__.py (+15/-0) src/webcatalog/api/handlers.py (+34/-0) src/webcatalog/api/urls.py (+37/-0) src/webcatalog/auth.py (+158/-0) src/webcatalog/models/__init__.py (+36/-0) src/webcatalog/models/applications.py (+10/-0) src/webcatalog/models/oauthtoken.py (+212/-0) src/webcatalog/tests/test_handlers.py (+37/-0) src/webcatalog/urls.py (+4/-1) src/webcatalog/utilities.py (+129/-0)
To merge this branch:	bzr merge lp:~mvo/ubuntu-webcatalog/machine-inventory
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Michael Foord (community)		2011-06-28	Approve on 2011-06-29
Review via email: mp+66094@code.launchpad.net

Commit message

Adds a stub API and integration into ubuntu-sso for the webcatalog (refactoring the layout of models).

Description of the change

Adds a stub API and integration into ubuntu-sso for the webcatalog

lp:~mvo/ubuntu-webcatalog/machine-inventory updated on 2011-06-29

30. By Michael Vogt on 2011-06-29: merged from trunk and resolve conflicts

Revision history for this message

Michael Vogt (mvo) wrote on 2011-06-29:

This adds the boilerplatte needed in order to add a API to the webcatalog. We want to expand this later to add API to store/retrieve the installed package list of the user. This shall allow better recommendations in the future and other useful features.

Please note that there is some duplicated code here that I cargo-culted from rnrserver. Like the utilities class. I'm not sure what the best way is to get rid of this duplication.

Revision history for this message

Michael Foord (mfoord) wrote on 2011-06-29:

I dislike the use of the following in the template:

from __future__ import absolute_import
__metaclass__ = type

If __metaclass__ = type ever *does* anything then the code it affects should be changed, and if it doesn't do anything then it shouldn't be used. absolute_import should only be used if it is needed (in my opinion). For example: class WebServices (line 724 of diff) would be better as a new style class explicitly rather than relying on __metaclass__ = type.

To be honest I also dislike the boilerplate approach to starting the api - it means you have a lot of unused imports (for example) in handlers.py. I would use pyflakes and only import what you need - adding new things as you actually need them. (I have a pathological hatred of adding code - even temporarily - for imaginary future use cases.) Same with test_handlers.py.

Not my app though, so feel free to ignore that.

In WebService, failing to create a ServiceRoot is not a fatal error. What is the rationale for this? Is it so that an api creation failure does not bring down the whole app?

lp:~mvo/ubuntu-webcatalog/machine-inventory updated on 2011-06-29

31. By Michael Vogt on 2011-06-29: fix pyflakes warnings in the new code

Revision history for this message

Michael Nelson (michael.nelson) wrote on 2011-06-29:

On Wed, Jun 29, 2011 at 1:29 PM, Michael Foord
<email address hidden>wrote:

> I dislike the use of the following in the template:
>
> from __future__ import absolute_import
> __metaclass__ = type
>
> If __metaclass__ = type ever *does* anything then the code it affects
> should be changed, and if it doesn't do anything then it shouldn't be used.
> absolute_import should only be used if it is needed (in my opinion). For
> example: class WebServices (line 724 of diff) would be better as a new style
> class explicitly rather than relying on __metaclass__ = type.
>
>
Heh... as per the review you did for me Michael (hah! 3 michael's having a
conversation), these are just part of the new_file_template.py... I don't
think any of us care, we just need to update the template and all the
current files in one go (ie. a separate branch). I don't think it makes
sense to be changing one file here and another there depending on who's
reviewing.

> To be honest I also dislike the boilerplate approach to starting the api -
> it means you have a lot of unused imports (for example) in handlers.py. I
> would use pyflakes and only import what you need - adding new things as you
> actually need them. (I have a pathological hatred of adding code - even
> temporarily - for imaginary future use cases.) Same with test_handlers.py.
>
>
+1 for removing unused imports, but as far as landing this branch - that was
my suggestion to Michael, as he (necessarily) re-organised the models
module, which means that the sooner he lands that, the less headache he'll
have resolving conflicts later (as we can all work with the reorganised
code).

> Not my app though, so feel free to ignore that.
>
> In WebService, failing to create a ServiceRoot is not a fatal error. What
> is the rationale for this? Is it so that an api creation failure does not
> bring down the whole app?
>
> --
>
> https://code.launchpad.net/~mvo/ubuntu-webcatalog/machine-inventory/+merge/66094<https://code.launchpad.net/%7Emvo/ubuntu-webcatalog/machine-inventory/+merge/66094>
> You are subscribed to branch lp:ubuntu-webcatalog.
>

Michael Nelson

Canonical Ltd.

+49 176 491 53481 (mob)

IRC nick: noodles (noodles775 on Freenode)

Ubuntu - Linux for human beings | www.ubuntu.com | www.canonical.com

On Wed, Jun 29, 2011 at 1:29 PM, Michael Foord
<michael.foord@canonical.com>wrote:

> I dislike the use of the following in the template:
>
>    from __future__ import absolute_import
>    __metaclass__ = type
>
> If __metaclass__ = type ever *does* anything then the code it affects
> should be changed, and if it doesn't do anything then it shouldn't be used.
> absolute_import should only be used if it is needed (in my opinion). For
> example: class WebServices (line 724 of diff) would be better as a new style
> class explicitly rather than relying on __metaclass__ = type.
>
>
Heh... as per the review you did for me Michael (hah! 3 michael's having a
conversation), these are just part of the new_file_template.py... I don't
think any of us care, we just need to update the template and all the
current files in one go (ie. a separate branch). I don't think it makes
sense to be changing one file here and another there depending on who's
reviewing.

> To be honest I also dislike the boilerplate approach to starting the api -
> it means you  have a lot of unused imports (for example) in handlers.py. I
> would use pyflakes and only import what you need - adding new things as you
> actually need them. (I have a pathological hatred of adding code - even
> temporarily - for imaginary future use cases.) Same with test_handlers.py.
>
>
+1 for removing unused imports, but as far as landing this branch - that was
my suggestion to Michael, as he (necessarily) re-organised the models
module, which means that the sooner he lands that, the less headache he'll
have resolving conflicts later (as we can all work with the reorganised
code).

Michael Nelson

Canonical Ltd.

+49 176 491 53481 (mob)

michael.nelson@canonical.com

IRC nick: noodles (noodles775 on Freenode)

Ubuntu - Linux for human beings | www.ubuntu.com | www.canonical.com

lp:~mvo/ubuntu-webcatalog/machine-inventory updated on 2011-06-29

32. By Michael Vogt on 2011-06-29: src/webcatalog/utilities.py: make pyflakes clean

Revision history for this message

Michael Vogt (mvo) wrote on 2011-06-29:

Thanks a bunch Michael for this review! I fixed the unused imports now and will talk about the metaclass issue and the serviceroot one with the rnrserver maintainers.

Revision history for this message

Michael Foord (mfoord) wrote on 2011-06-29:

Approved :-)

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Anthony Lenton

Daniel Strickland

Kiwinote

Michael Nelson

Michael Vogt

awanti

 === modified file 'requirements.txt'
 --- requirements.txt	2011-06-18 23:17:11 +0000
 +++ requirements.txt	2011-06-29 11:42:41 +0000
@@ -2,6 +2,8 @@
  coverage
  django
  django-configglue==0.4
++django-openid-auth==0.2
++django-piston
  -e bzr+http://bazaar.launchpad.net/~canonical-isd-hackers/django-pgtools/trunk
  django-preflight
  mock
@@ -10,3 +12,6 @@
  python-openid
  setuptools
  south
++oauth
++httplib2
++lazr.restfulclient
 === added directory 'src/webcatalog/api'
 === added file 'src/webcatalog/api/__init__.py'
 --- src/webcatalog/api/__init__.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/api/__init__.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,15 @@
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'src/webcatalog/api/handlers.py'
 --- src/webcatalog/api/handlers.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/api/handlers.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,34 @@
++# -*- coding: utf-8 -*-
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""Piston handlers for the  Ubuntu Web Catalog API."""
++
++from __future__ import absolute_import
++
++__metaclass__ = type
++__all__ = [
++    'ServerStatusHandler',
++]
++
++from piston.handler import BaseHandler
++
++class ServerStatusHandler(BaseHandler):
++    allowed_methods = ('GET',)
++
++    def read(self, request):
++        return "ok"
++
 === added file 'src/webcatalog/api/urls.py'
 --- src/webcatalog/api/urls.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/api/urls.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,37 @@
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++from django.conf.urls.defaults import url, patterns
++
++from piston.resource import Resource
++from webcatalog.api.handlers import (
++    ServerStatusHandler,
++)
++from webcatalog.auth import SSOOAuthAuthentication
++
++auth = SSOOAuthAuthentication(realm="Ubuntu Web Catalog")
++
++server_status_resource = Resource(handler=ServerStatusHandler)
++
++urlpatterns = patterns('',
++    # get status of the service (usually just "ok", might be "read-only")
++    # to ensure we inform the user when he wants to write a review or
++    # send a moderation request
++    #  GET /1.0/server-status/
++    url(r'^1.0/server-status/$', server_status_resource,
++        name='server-status'),
++
++)
 === added file 'src/webcatalog/auth.py'
 --- src/webcatalog/auth.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/auth.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,158 @@
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""SSO/OAuth authenticator for Piston."""
++
++
++from __future__ import absolute_import
++
++__metaclass__ = type
++__all__ = [
++    'SSOOAuthAuthentication',
++    ]
++
++from datetime import datetime, timedelta
++from django.conf import settings
++from django.contrib.auth.models import User
++from django.http import HttpResponse
++from oauth import oauth
++from piston.authentication import OAuthAuthentication, oauth_datastore
++from piston.oauth import OAuthError
++
++from webcatalog.models import Consumer, Token
++from webcatalog.utilities import (
++    WebServices,
++    full_claimed_id,
++)
++
++TOKEN_CACHE_EXPIRY = timedelta(hours=
++    getattr(settings, 'TOKEN_CACHE_EXPIRY_HOURS', 4))
++
++class SSOOAuthAuthentication(OAuthAuthentication):
++    """ This class is a Piston Authentication class.
++
++    See http://bitbucket.org/jespern/django-piston/wiki/Documentation for
++    more info.
++    """
++    def __init__(self, realm='API'):
++        self.realm = realm
++
++    def challenge(self):
++        """ We define our own challenge so that we can provide our own realm
++        and return a simple error message instead of rendering a template.
++        """
++        resp = HttpResponse("Authorization Required")
++        resp['WWW-Authenticate'] = 'OAuth realm="%s"' % self.realm
++        resp.status_code = 401
++        return resp
++
++    def is_authenticated(self, request):
++        """ We override is_authenticated so we can prefetch creds from SSO
++        before the oauth mechanism asks us for them
++        """
++        headers = {
++            'Authorization' : request.META.get('HTTP_AUTHORIZATION', '')
++        }
++        orequest = oauth.OAuthRequest.from_request(
++            request.method, request.build_absolute_uri(), headers=headers,
++            query_string=request.META['QUERY_STRING'])
++        if (orequest is None or
++            not 'oauth_token' in orequest.parameters or
++            not 'oauth_consumer_key' in orequest.parameters):
++            return False
++
++        self.prefetch_oauth_consumer(orequest)
++        if self.is_valid_request(request):
++            try:
++                consumer, token, parameters = self.validate_token(request)
++            except OAuthError, err:
++                return False
++            if consumer and token:
++                request.user = token.user
++                request.throttle_extra = token.consumer.id
++                return True
++        return False
++
++    def prefetch_oauth_consumer(self, request):
++        """Check if we have a consumer for the current creds, and validate
++           the token with SSO if we don't.
++        """
++        web_services = WebServices()
++        oauthtoken = request.get_parameter('oauth_token')
++        consumer_key = request.get_parameter('oauth_consumer_key')
++        tokens = Token.objects.filter(token=oauthtoken,
++            consumer__key=consumer_key)
++        if len(tokens) == 0 or (tokens[0].updated_at <
++            datetime.now() - TOKEN_CACHE_EXPIRY):
++            pieces = web_services.get_data_for_account(token=oauthtoken,
++                openid_identifier=consumer_key, signature=request.get_parameter('oauth_signature'))
++            if not pieces:
++                return
++            Consumer.objects.filter(key=consumer_key).exclude(
++                secret=pieces['consumer_secret']).delete()
++            claimed_id = full_claimed_id(consumer_key)
++            try:
++                user = User.objects.get(
++                    useropenid__claimed_id=claimed_id)
++            except User.DoesNotExist:
++                if (not pieces.get('preferred_email') or
++                    not pieces.get('username')):
++                    return
++                user = User.objects.create_user(pieces['username'],
++                    pieces['preferred_email'], password=None)
++                user.useropenid_set.create(claimed_id=claimed_id)
++
++            displayname = pieces['displayname']
++            if displayname != user.get_full_name():
++                user.first_name, sep, user.last_name = displayname.rpartition(
++                    ' ')
++                user.save()
++
++            consumer, created = Consumer.objects.get_or_create(user=user,
++                key=consumer_key, secret=pieces['consumer_secret'])
++            token, created = Token.objects.get_or_create(consumer=consumer,
++                token=pieces['token'], token_secret=pieces['token_secret'],
++                name=pieces['name'])
++            if not created:
++                # Update updated_at
++                token.save()
++
++    @staticmethod
++    def validate_token(request, check_timestamp=True, check_nonce=True):
++        oauth_server, oauth_request = initialize_server_request(request)
++        if oauth_server is None:
++            raise OAuthError('initialize_server_request returned None')
++        return oauth_server.verify_request(oauth_request)
++
++def initialize_server_request(request):
++    """
++    Shortcut for initialization.
++    """
++    headers = {
++        'Authorization' : request.META.get('HTTP_AUTHORIZATION', '')
++    }
++    oauth_request = oauth.OAuthRequest.from_request(
++        request.method, request.build_absolute_uri(), headers=headers,
++        query_string=request.META['QUERY_STRING'])
++
++    if oauth_request:
++        oauth_server = oauth.OAuthServer(oauth_datastore(oauth_request))
++        oauth_server.add_signature_method(oauth.OAuthSignatureMethod_PLAINTEXT())
++        oauth_server.add_signature_method(oauth.OAuthSignatureMethod_HMAC_SHA1())
++    else:
++        oauth_server = None
++
++    return oauth_server, oauth_request
 === added directory 'src/webcatalog/models'
 === added file 'src/webcatalog/models/__init__.py'
 --- src/webcatalog/models/__init__.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/models/__init__.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,36 @@
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++from __future__ import absolute_import
++
++__all__ = [
++    # oauth
++    'Token',
++    'Consumer',
++    'Nonce',
++    'DataStore',
++    # applications
++    'DistroSeries',
++    'Application',
++    'Department',
++]
++
++from .oauthtoken import Token, Consumer, Nonce, DataStore
++from .applications import (
++    DistroSeries,
++    Application,
++    Department,
++)
 === renamed file 'src/webcatalog/models.py' => 'src/webcatalog/models/applications.py'
 --- src/webcatalog/models.py	2011-06-28 15:03:12 +0000
 +++ src/webcatalog/models/applications.py	2011-06-29 11:42:41 +0000
@@ -45,6 +45,9 @@
      def __unicode__(self):
          return "Ubuntu %s (%s)" % (self.code_name.capitalize(), self.version)
++    class Meta:
++        app_label = 'webcatalog'
++
  class Application(models.Model):
      # We'll most likely need one of these per lang/series (as each lang
@@ -130,6 +133,10 @@
              args=[self.distroseries.code_name, self.package_name])})
          return crumbs
++    class Meta:
++        app_label = 'webcatalog'
++
++
  class Department(models.Model):
      parent = models.ForeignKey('self', blank=True, null=True)
      name = models.CharField(max_length=64)
@@ -149,3 +156,6 @@
          crumbs.append({'name': self.name, 'url': reverse('wc-department',
              args=[self.id])})
          return crumbs
++
++    class Meta:
++        app_label = 'webcatalog'
 === added file 'src/webcatalog/models/oauthtoken.py'
 --- src/webcatalog/models/oauthtoken.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/models/oauthtoken.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,212 @@
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""Models related to OAuth authentication"""
++
++from __future__ import absolute_import
++
++__metaclass__ = type
++__all__ = [
++    'Token',
++    'Consumer',
++    'Nonce',
++    'DataStore',
++    ]
++
++import os.path
++import random
++import struct
++import string
++from functools import partial
++from logging import getLogger
++
++from oauth.oauth import OAuthToken, OAuthDataStore, OAuthConsumer
++
++from django.contrib.auth.models import User
++from django.db import models
++
++
++TOKEN_LENGTH = 50
++TOKEN_SECRET_LENGTH = 50
++CONSUMER_SECRET_LENGTH = 30
++
++
++def _set_seed():
++    if (not hasattr(_set_seed, 'seed') and
++        os.path.exists("/dev/random")):
++
++        data = open("/dev/random").read(struct.calcsize('Q'))
++        random.seed(struct.unpack('Q', data))
++        _set_seed.seed = True
++
++
++def generate_random_string(length):
++    _set_seed()
++    return ''.join(random.choice(string.ascii_letters)
++                   for x in range(length))
++
++
++class Token(models.Model):
++    consumer = models.ForeignKey('Consumer')
++
++    token = models.CharField(
++        max_length=TOKEN_LENGTH,
++        default=partial(generate_random_string, TOKEN_LENGTH),
++        primary_key=True)
++
++    token_secret = models.CharField(
++        max_length=TOKEN_SECRET_LENGTH,
++        default=partial(generate_random_string, TOKEN_SECRET_LENGTH))
++
++    name = models.CharField(max_length=255, blank=True)
++
++    created_at = models.DateTimeField(auto_now_add=True)
++    updated_at = models.DateTimeField(auto_now=True)
++
++    def oauth_token(self):
++        """Return OAuthToken with information contained in this model"""
++        return OAuthToken(self.token, self.token_secret)
++
++    def __unicode__(self):
++        return self.token
++
++    class Meta:
++        app_label = 'reviewsapp'
++
++
++class Consumer(models.Model):
++    user = models.OneToOneField(User, related_name='oauth_consumer')
++
++    key = models.CharField(max_length=64)
++
++    secret = models.CharField(max_length=255, blank=True, null=False,
++        default=partial(generate_random_string, CONSUMER_SECRET_LENGTH))
++
++    created_at = models.DateTimeField(auto_now_add=True)
++    updated_at = models.DateTimeField(auto_now=True)
++
++    @classmethod
++    def lookup_consumer(self, consumer_key):
++        # lukasz: To my best knowledge the query below can return more than one
++        # entry only if the OpenID provider was switched for already deployed
++        # code (between staging/production SSO). That would mean, that the same
++        # user on SSO will get second Django user, and second Consumer object,
++        # but with exactly the same consumer_key.
++        consumers = Consumer.objects.filter(key=consumer_key)
++        # If more than one Consumer object is found we choose the one created
++        # as the last one keeping up with the assumption of switching the
++        # OpenID providers.
++        consumers = consumers.order_by('-created_at')
++        consumers_count = consumers.count()
++
++        if consumers_count == 0:
++            return None
++        elif consumers_count > 1:
++            getLogger(__name__).info(
++                "consumer_key=%s has %d entries in the database",
++                consumer_key, consumers_count
++            )
++        consumer = consumers[0]
++        return consumer
++
++    def __unicode__(self):
++        return self.key
++
++    def oauth_consumer(self):
++        """Return OAuthConsumer based on information contained in this model"""
++        return OAuthConsumer(self.key, self.secret)
++
++    class Meta:
++        app_label = 'reviewsapp'
++
++
++class Nonce(models.Model):
++    token = models.ForeignKey(Token)
++    consumer = models.ForeignKey(Consumer)
++    nonce = models.CharField(max_length=255, unique=True, editable=False)
++    created_at = models.DateTimeField(auto_now_add=True)
++
++    @classmethod
++    def create(cls, consumer_key, token_value, nonce):
++        """
++        Create new nonce object linked to given consumer and token
++        """
++        consumer = Consumer.lookup_consumer(consumer_key)
++        token = consumer.token_set.get(token=token_value)
++        return consumer.nonce_set.create(token=token, nonce=nonce)
++
++    class Meta:
++        app_label = 'reviewsapp'
++
++class DataStore(OAuthDataStore):
++
++    def lookup_token(self, token_type, token_field):
++        """
++        :param token_type: type of token to lookup
++        :param token_field: token to look up
++
++        :note: token_type should always be 'access' as only such tokens are
++               stored in database
++
++        :returns: OAuthToken object
++        """
++        assert token_type == 'access'
++
++        try:
++            token = Token.objects.get(token=token_field)
++            # Piston expects OAuth tokens to have 'consumer' and 'user' atts.
++            # (see piston.authentication.OAuthAuthentication.is_authenticated)
++            oauthtoken = OAuthToken(token.token, token.token_secret)
++            oauthtoken.consumer = token.consumer
++            oauthtoken.user = token.consumer.user
++            return oauthtoken
++        except Token.DoesNotExist:
++            return None
++
++    def lookup_consumer(self, consumer_key):
++        """
++        :param consumer_key: consumer key to lookup
++
++        :returns: OAuthConsumer object
++        """
++        consumer = Consumer.lookup_consumer(consumer_key)
++        if consumer is not None:
++            return consumer.oauth_consumer()
++
++
++    def lookup_nonce(self, consumer, token, nonce):
++        """
++        :param consumer: OAuthConsumer object
++        :param token: OAuthToken object
++        :param nonce: nonce to check
++
++        """
++        count = Nonce.objects.filter(
++            consumer__key=consumer.key,
++            token__token=token.key,
++            nonce=nonce).count()
++        if count > 0:
++            return True
++        else:
++            Nonce.create(consumer.key, token.key, nonce)
++            return False
++
++    def __init__(self, oauth_request=None):
++        """To serve as a Piston datastore we'll need provide this signature.
++
++        We later won't use the oauth_request, so we can ignore it here.
++        """
++        return super(DataStore, self).__init__()
 === added file 'src/webcatalog/tests/test_handlers.py'
 --- src/webcatalog/tests/test_handlers.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/tests/test_handlers.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,37 @@
++#   -*- coding: utf-8 -*-
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""Ubuntu Web Catalog handlers tests."""
++
++from __future__ import absolute_import
++
++__metaclass__ = type
++__all__ = [
++    'ServerStatusHandlerTestCase',
++    ]
++
++
++from django.test import TestCase
++
++from reviewsapp.api.handlers import (
++    ServerStatusHandler,
++)
++
++class ServerStatusHandlerTestCase(TestCase):
++    def test_read(self):
++        ss_handler = ServerStatusHandler()
++        self.assertEqual('ok', ss_handler.read(None))
 === modified file 'src/webcatalog/urls.py'
 --- src/webcatalog/urls.py	2011-06-29 08:06:05 +0000
 +++ src/webcatalog/urls.py	2011-06-29 11:42:41 +0000
@@ -21,7 +21,7 @@
      absolute_import,
      with_statement,
+     )
--from django.conf.urls.defaults import patterns, url
++from django.conf.urls.defaults import patterns, include, url
  __metaclass__ = type
  __all__ = [
@@ -38,4 +38,7 @@
      url(r'^applications/(?P<package_name>[-.+\w]+)/$', 'application_detail',
          name="wc-package-detail"),
      url(r'^search/$', 'search', name="wc-search"),
++
++    (r'^api/', include('webcatalog.api.urls')),
++
+ )
 === added file 'src/webcatalog/utilities.py'
 --- src/webcatalog/utilities.py	1970-01-01 00:00:00 +0000
 +++ src/webcatalog/utilities.py	2011-06-29 11:42:41 +0000
@@ -0,0 +1,129 @@
++#   This file is part of the Ubuntu Web Catalog
++#   Copyright (C) 2011 Canonical Ltd.
++#
++#   This program is free software: you can redistribute it and/or modify
++#   it under the terms of the GNU Affero General Public License as
++#   published by the Free Software Foundation, either version 3 of the
++#   License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be useful,
++#   but WITHOUT ANY WARRANTY; without even the implied warranty of
++#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#   GNU Affero General Public License for more details.
++#
++#   You should have received a copy of the GNU Affero General Public License
++#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""SSO/OAuth authenticator for Piston."""
++
++
++from __future__ import absolute_import
++
++__metaclass__ = type
++__all__ = [
++    'WebServices',
++    'WebServiceError',
++    ]
++
++import logging
++import urllib
++from httplib2 import ServerNotFoundError
++
++from django.conf import settings
++
++from lazr.restfulclient.authorize import BasicHttpAuthorizer
++from lazr.restfulclient.authorize.oauth import OAuthAuthorizer
++from lazr.restfulclient.errors import HTTPError
++from lazr.restfulclient.resource import ServiceRoot
++from oauth.oauth import OAuthToken
++
++class WebServiceError(Exception):
++    """Raised when we cannot connect to a web service."""
++
++
++class WebServices:
++    _identity_provider = None
++
++    def __init__(self):
++        """Pre-create the identity provider webservice if it will be used."""
++        if settings.PRELOAD_API_SERVICE_ROOTS:
++            self._set_identity_provider()
++
++    @property
++    def logger(self):
++        return logging.getLogger('rnr.utilities')
++
++    def _create_service(self, authorizer, service_root_url):
++        try:
++            service_root = ServiceRoot(authorizer, service_root_url)
++            self.logger.info(
++                "Webservice root creation successful: %s" % service_root_url)
++            return service_root
++        except (HTTPError, ServerNotFoundError), e:
++            self.logger.exception(
++                "Failed to create service root: %s" % service_root_url)
++            return None
++
++    def _create_basic_auth_service(self, service_root_url, username, password):
++        authorizer = BasicHttpAuthorizer(username, password)
++        return self._create_service(authorizer, service_root_url)
++
++    def _set_identity_provider(self):
++        WebServices._identity_provider = self._create_basic_auth_service(
++            settings.SSO_API_SERVICE_ROOT, settings.SSO_API_AUTH_USERNAME,
++            settings.SSO_API_AUTH_PASSWORD)
++
++    @property
++    def identity_provider(self):
++        if self._identity_provider is None:
++            self._set_identity_provider()
++
++            if self._identity_provider is None:
++                raise WebServiceError("The payment service is not available.")
++
++        return self._identity_provider
++
++    def _fake_validate_token(self, token, openid_identifier, signature):
++        """ This is a version of validate_token that gets the
++            token_secret, consumer_secret from the plaintext signature.
++
++            It will break once we use a real signature for oauth, but
++            its very useful for testing as it does not require the special
++            priviledges required for the call to
++            identity_provider.authentications.validate_token()
++
++            The token can still be validated (and will be) with a
++            api.accounts.me() call
++        """
++        (consumer_secret, token_secret) = urllib.unquote(signature).split("&")
++        result = {}
++        result["token"] = token
++        result["token_secret"] = token_secret
++        result["consumer_key"] = openid_identifier
++        result["consumer_secret"] = consumer_secret
++        result["name"] = "fake-token"
++        return result
++
++    def get_data_for_account(self, token, openid_identifier, signature=None):
++        if settings.SSO_AUTH_MODE_NO_UBUNTU_SSO_PLAINTEXT_ONLY:
++            # token extraction based on PLAINTEXT token, the function
++            # "validate_token" is really a "get_secrets_for_token()" call
++            result = self._fake_validate_token(
++                token, openid_identifier, signature)
++        else:
++            result = self.identity_provider.authentications.validate_token(
++                token=token, consumer_key=openid_identifier)
++
++        if result:
++            oauth_token = OAuthToken(result['token'], result['token_secret'])
++            authorizer = OAuthAuthorizer(result['consumer_key'],
++                result['consumer_secret'], oauth_token)
++            api = self._create_service(authorizer,
++                settings.SSO_API_SERVICE_ROOT)
++            result.update(api.accounts.me())
++        return result
++
++
++def full_claimed_id(consumer_key):
++    return '%s/+id/%s' % (settings.OPENID_SSO_SERVER_URL.strip('/'),
++        consumer_key)