Merge pull request #170 from lepture/debug-mode

Debug mode

4 files changed, 27 insertions, 4 deletions

diff --git a/AUTHORS b/AUTHORS
index bb2f38a..0bec900 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -14,3 +14,4 @@ Tom Christie
 Chez
 Ondrej Slinták
 Mackenzie Thompson
+Hsiaoming Yang
diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
index f4421ff..6b73ce2 100644
--- a/oauthlib/oauth2/rfc6749/parameters.py
+++ b/oauthlib/oauth2/rfc6749/parameters.py
@@ -19,7 +19,7 @@ from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type
 from .errors import raise_from_error, MissingTokenError, MissingTokenTypeError
 from .errors import MismatchingStateError, MissingCodeError
 from .errors import InsecureTransportError
-from .utils import list_to_scope, scope_to_list
+from .utils import list_to_scope, scope_to_list, is_secure_transport
 
 
 def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None,
@@ -61,7 +61,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None,
     .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
     .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12
     """
-    if not uri.startswith('https://'):
+    if not is_secure_transport(uri):
         raise InsecureTransportError()
 
     params = [(('response_type', response_type)),
@@ -157,7 +157,7 @@ def parse_authorization_code_response(uri, state=None):
                 &state=xyz
 
     """
-    if not uri.lower().startswith('https://'):
+    if not is_secure_transport(uri.lower()):
         raise InsecureTransportError()
 
     query = urlparse.urlparse(uri).query
@@ -213,7 +213,7 @@ def parse_implicit_response(uri, state=None, scope=None):
         Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
                 &state=xyz&token_type=example&expires_in=3600
     """
-    if not uri.lower().startswith('https://'):
+    if not is_secure_transport(uri.lower()):
         raise InsecureTransportError()
 
     fragment = urlparse.urlparse(uri).fragment
diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py
index 0a8aab5..b052532 100644
--- a/oauthlib/oauth2/rfc6749/utils.py
+++ b/oauthlib/oauth2/rfc6749/utils.py
@@ -8,6 +8,7 @@ oauthlib.utils
 This module contains utility methods used by various parts of the OAuth 2 spec.
 """
 
+import os
 import datetime
 try:
     from urllib import quote
@@ -80,3 +81,10 @@ def generate_age(issue_time):
     td = datetime.datetime.now() - issue_time
     age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6
     return unicode_type(age)
+
+
+def is_secure_transport(uri):
+    """Check if the uri is over ssl."""
+    if os.environ.get('DEBUG'):
+        return True
+    return uri.startswith('https://')
diff --git a/tests/oauth2/rfc6749/test_utils.py b/tests/oauth2/rfc6749/test_utils.py
index 9d25229..6e713a7 100644
--- a/tests/oauth2/rfc6749/test_utils.py
+++ b/tests/oauth2/rfc6749/test_utils.py
@@ -1,7 +1,9 @@
 from __future__ import absolute_import, unicode_literals
 
+import os
 from ...unittest import TestCase
 from oauthlib.oauth2.rfc6749.utils import escape, host_from_uri
+from oauthlib.oauth2.rfc6749.utils import is_secure_transport
 
 
 class UtilsTests(TestCase):
@@ -21,3 +23,15 @@ class UtilsTests(TestCase):
         self.assertEqual(host_from_uri('https://a.b.com:8080'), ('a.b.com', '8080'))
         self.assertEqual(host_from_uri('http://www.example.com'), ('www.example.com', '80'))
         self.assertEqual(host_from_uri('https://www.example.com'), ('www.example.com', '443'))
+
+    def test_is_secure_transport(self):
+        """Test check secure uri."""
+        if 'DEBUG' in os.environ:
+            del os.environ['DEBUG']
+
+        self.assertTrue(is_secure_transport('https://example.com'))
+        self.assertFalse(is_secure_transport('http://example.com'))
+
+        os.environ['DEBUG'] = '1'
+        self.assertTrue(is_secure_transport('http://example.com'))
+        del os.environ['DEBUG']