diff options
author | swistakm <swistakm@gmail.com> | 2014-05-22 10:48:09 +0200 |
---|---|---|
committer | swistakm <swistakm@gmail.com> | 2014-05-22 10:48:09 +0200 |
commit | 91b07ebd0369828da129f1626b6614b2579cba6c (patch) | |
tree | f68507987b97e91d868fc4d5db2b7462d46af5eb /oauthlib/oauth1 | |
parent | 45d7967ff0630de1c88e2de12fd59fde40eb0dec (diff) | |
download | oauthlib-91b07ebd0369828da129f1626b6614b2579cba6c.tar.gz |
docs: add missing method mentions in oauth1.rfc5849.request_validator.RequestValidator docstring
Diffstat (limited to 'oauthlib/oauth1')
-rw-r--r-- | oauthlib/oauth1/rfc5849/request_validator.py | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/oauthlib/oauth1/rfc5849/request_validator.py b/oauthlib/oauth1/rfc5849/request_validator.py index 37ac777..fa7c319 100644 --- a/oauthlib/oauth1/rfc5849/request_validator.py +++ b/oauthlib/oauth1/rfc5849/request_validator.py @@ -44,9 +44,9 @@ class RequestValidator(object): * @verifier_length -> (min, max) * @realms -> [list, of, realms] - Methods used to validate input parameters. These checks usually hit either - persistent or temporary storage such as databases or the filesystem. See - each methods documentation for detailed usage. + Methods used to validate/invalidate input parameters. These checks usually + hit either persistent or temporary storage such as databases or the + filesystem. See each methods documentation for detailed usage. The following methods must be implemented: - validate_client_key @@ -57,6 +57,7 @@ class RequestValidator(object): - validate_requested_realms - validate_realms - validate_verifier + - invalidate_request_token Methods used to retrieve sensitive information from storage. The following methods must be implemented: @@ -65,6 +66,9 @@ class RequestValidator(object): - get_request_token_secret - get_access_token_secret - get_rsa_key + - get_realms + - get_default_realms + - get_redirect_uri Methods used to save credentials. The following methods must be implemented: @@ -73,6 +77,15 @@ class RequestValidator(object): - save_verifier - save_access_token + Methods used to verify input parameters. This methods are used during + authorizing request token by user (AuthorizationEndpoint), to check if + parameters are valid. During token authorization request is not signed, + thus 'validation' methods can not be used. The following methods must be + implemented: + + - verify_realms + - verify_request_token + To prevent timing attacks it is necessary to not exit early even if the client key or resource owner key is invalid. Instead dummy values should be used during the remaining verification process. It is very important |