diff options
| author | Hsiaoming Yang <me@lepture.com> | 2013-05-31 17:15:56 +0800 |
|---|---|---|
| committer | Hsiaoming Yang <me@lepture.com> | 2013-05-31 17:15:56 +0800 |
| commit | 803736c30ed4a426d83daa21216c24163db5e7c6 (patch) | |
| tree | a9a0ae53528b033ba67fae1e6eeb966744059f48 | |
| parent | 692d3d348f5ab85cc202062e0065e3143e4e62f2 (diff) | |
| download | oauthlib-803736c30ed4a426d83daa21216c24163db5e7c6.tar.gz | |
use is_secure_transport to check uri
| -rw-r--r-- | oauthlib/oauth2/rfc6749/parameters.py | 9 | ||||
| -rw-r--r-- | oauthlib/oauth2/rfc6749/utils.py | 8 |
2 files changed, 12 insertions, 5 deletions
diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index ccf8157..6b73ce2 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -10,7 +10,6 @@ This module contains methods related to `Section 4`_ of the OAuth 2 RFC. .. _`Section 4`: http://tools.ietf.org/html/rfc6749#section-4 """ -import os import json try: import urlparse @@ -20,7 +19,7 @@ from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type from .errors import raise_from_error, MissingTokenError, MissingTokenTypeError from .errors import MismatchingStateError, MissingCodeError from .errors import InsecureTransportError -from .utils import list_to_scope, scope_to_list +from .utils import list_to_scope, scope_to_list, is_secure_transport def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, @@ -62,7 +61,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ - if not uri.startswith('https://') and not os.environ.get('DEBUG'): + if not is_secure_transport(uri): raise InsecureTransportError() params = [(('response_type', response_type)), @@ -158,7 +157,7 @@ def parse_authorization_code_response(uri, state=None): &state=xyz """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() query = urlparse.urlparse(uri).query @@ -214,7 +213,7 @@ def parse_implicit_response(uri, state=None, scope=None): Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() fragment = urlparse.urlparse(uri).fragment diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py index 0a8aab5..b052532 100644 --- a/oauthlib/oauth2/rfc6749/utils.py +++ b/oauthlib/oauth2/rfc6749/utils.py @@ -8,6 +8,7 @@ oauthlib.utils This module contains utility methods used by various parts of the OAuth 2 spec. """ +import os import datetime try: from urllib import quote @@ -80,3 +81,10 @@ def generate_age(issue_time): td = datetime.datetime.now() - issue_time age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 return unicode_type(age) + + +def is_secure_transport(uri): + """Check if the uri is over ssl.""" + if os.environ.get('DEBUG'): + return True + return uri.startswith('https://') |