diff options
author | Ib Lundgren <ib.lundgren@gmail.com> | 2013-05-31 02:28:24 -0700 |
---|---|---|
committer | Ib Lundgren <ib.lundgren@gmail.com> | 2013-05-31 02:28:24 -0700 |
commit | 229b2f78b545b8fb8fb3d879c278d8cecc91c7a4 (patch) | |
tree | 2229415d42032ed69d78818454e89db009f9df75 | |
parent | ba39888bf4d0224bc0bb9281f037402afbc46e12 (diff) | |
parent | 00f5de52a8fb944c968213501ccdf1bbc9e751d0 (diff) | |
download | oauthlib-229b2f78b545b8fb8fb3d879c278d8cecc91c7a4.tar.gz |
Merge pull request #170 from lepture/debug-mode
Debug mode
-rw-r--r-- | AUTHORS | 1 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/parameters.py | 8 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/utils.py | 8 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/test_utils.py | 14 |
4 files changed, 27 insertions, 4 deletions
@@ -14,3 +14,4 @@ Tom Christie Chez Ondrej Slinták Mackenzie Thompson +Hsiaoming Yang diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index f4421ff..6b73ce2 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -19,7 +19,7 @@ from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type from .errors import raise_from_error, MissingTokenError, MissingTokenTypeError from .errors import MismatchingStateError, MissingCodeError from .errors import InsecureTransportError -from .utils import list_to_scope, scope_to_list +from .utils import list_to_scope, scope_to_list, is_secure_transport def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, @@ -61,7 +61,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ - if not uri.startswith('https://'): + if not is_secure_transport(uri): raise InsecureTransportError() params = [(('response_type', response_type)), @@ -157,7 +157,7 @@ def parse_authorization_code_response(uri, state=None): &state=xyz """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() query = urlparse.urlparse(uri).query @@ -213,7 +213,7 @@ def parse_implicit_response(uri, state=None, scope=None): Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() fragment = urlparse.urlparse(uri).fragment diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py index 0a8aab5..b052532 100644 --- a/oauthlib/oauth2/rfc6749/utils.py +++ b/oauthlib/oauth2/rfc6749/utils.py @@ -8,6 +8,7 @@ oauthlib.utils This module contains utility methods used by various parts of the OAuth 2 spec. """ +import os import datetime try: from urllib import quote @@ -80,3 +81,10 @@ def generate_age(issue_time): td = datetime.datetime.now() - issue_time age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 return unicode_type(age) + + +def is_secure_transport(uri): + """Check if the uri is over ssl.""" + if os.environ.get('DEBUG'): + return True + return uri.startswith('https://') diff --git a/tests/oauth2/rfc6749/test_utils.py b/tests/oauth2/rfc6749/test_utils.py index 9d25229..6e713a7 100644 --- a/tests/oauth2/rfc6749/test_utils.py +++ b/tests/oauth2/rfc6749/test_utils.py @@ -1,7 +1,9 @@ from __future__ import absolute_import, unicode_literals +import os from ...unittest import TestCase from oauthlib.oauth2.rfc6749.utils import escape, host_from_uri +from oauthlib.oauth2.rfc6749.utils import is_secure_transport class UtilsTests(TestCase): @@ -21,3 +23,15 @@ class UtilsTests(TestCase): self.assertEqual(host_from_uri('https://a.b.com:8080'), ('a.b.com', '8080')) self.assertEqual(host_from_uri('http://www.example.com'), ('www.example.com', '80')) self.assertEqual(host_from_uri('https://www.example.com'), ('www.example.com', '443')) + + def test_is_secure_transport(self): + """Test check secure uri.""" + if 'DEBUG' in os.environ: + del os.environ['DEBUG'] + + self.assertTrue(is_secure_transport('https://example.com')) + self.assertFalse(is_secure_transport('http://example.com')) + + os.environ['DEBUG'] = '1' + self.assertTrue(is_secure_transport('http://example.com')) + del os.environ['DEBUG'] |