From 55679cadef0c784317bc571b3a2d593ad6a3687a Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Fri, 31 May 2013 11:18:31 +0800 Subject: debug support for prepare_grant_uri --- oauthlib/oauth2/rfc6749/parameters.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index f4421ff..ccf8157 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -10,6 +10,7 @@ This module contains methods related to `Section 4`_ of the OAuth 2 RFC. .. _`Section 4`: http://tools.ietf.org/html/rfc6749#section-4 """ +import os import json try: import urlparse @@ -61,7 +62,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ - if not uri.startswith('https://'): + if not uri.startswith('https://') and not os.environ.get('DEBUG'): raise InsecureTransportError() params = [(('response_type', response_type)), -- cgit v1.2.1 From 692d3d348f5ab85cc202062e0065e3143e4e62f2 Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Fri, 31 May 2013 11:18:57 +0800 Subject: add myself in authors --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index bb2f38a..0bec900 100644 --- a/AUTHORS +++ b/AUTHORS @@ -14,3 +14,4 @@ Tom Christie Chez Ondrej Slinták Mackenzie Thompson +Hsiaoming Yang -- cgit v1.2.1 From 529fe69f995c8e5ba98e89dce624f2c1def9737a Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Fri, 31 May 2013 17:11:00 +0800 Subject: docstring fix --- oauthlib/oauth2/rfc6749/request_validator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py index 25edcc8..ff449f0 100644 --- a/oauthlib/oauth2/rfc6749/request_validator.py +++ b/oauthlib/oauth2/rfc6749/request_validator.py @@ -337,7 +337,7 @@ class RequestValidator(object): raise NotImplementedError('Subclasses must implement this method.') def validate_response_type(self, client_id, response_type, client, request, *args, **kwargs): - """Ensure client is authorized to use the grant_type requested. + """Ensure client is authorized to use the response_type requested. :param client_id: Unicode client identifier :param response_type: Unicode response type, i.e. code, token. -- cgit v1.2.1 From 803736c30ed4a426d83daa21216c24163db5e7c6 Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Fri, 31 May 2013 17:15:56 +0800 Subject: use is_secure_transport to check uri --- oauthlib/oauth2/rfc6749/parameters.py | 9 ++++----- oauthlib/oauth2/rfc6749/utils.py | 8 ++++++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index ccf8157..6b73ce2 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -10,7 +10,6 @@ This module contains methods related to `Section 4`_ of the OAuth 2 RFC. .. _`Section 4`: http://tools.ietf.org/html/rfc6749#section-4 """ -import os import json try: import urlparse @@ -20,7 +19,7 @@ from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type from .errors import raise_from_error, MissingTokenError, MissingTokenTypeError from .errors import MismatchingStateError, MissingCodeError from .errors import InsecureTransportError -from .utils import list_to_scope, scope_to_list +from .utils import list_to_scope, scope_to_list, is_secure_transport def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, @@ -62,7 +61,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ - if not uri.startswith('https://') and not os.environ.get('DEBUG'): + if not is_secure_transport(uri): raise InsecureTransportError() params = [(('response_type', response_type)), @@ -158,7 +157,7 @@ def parse_authorization_code_response(uri, state=None): &state=xyz """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() query = urlparse.urlparse(uri).query @@ -214,7 +213,7 @@ def parse_implicit_response(uri, state=None, scope=None): Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() fragment = urlparse.urlparse(uri).fragment diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py index 0a8aab5..b052532 100644 --- a/oauthlib/oauth2/rfc6749/utils.py +++ b/oauthlib/oauth2/rfc6749/utils.py @@ -8,6 +8,7 @@ oauthlib.utils This module contains utility methods used by various parts of the OAuth 2 spec. """ +import os import datetime try: from urllib import quote @@ -80,3 +81,10 @@ def generate_age(issue_time): td = datetime.datetime.now() - issue_time age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 return unicode_type(age) + + +def is_secure_transport(uri): + """Check if the uri is over ssl.""" + if os.environ.get('DEBUG'): + return True + return uri.startswith('https://') -- cgit v1.2.1 From 00f5de52a8fb944c968213501ccdf1bbc9e751d0 Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Fri, 31 May 2013 17:22:54 +0800 Subject: add test case for is_secure_transport --- tests/oauth2/rfc6749/test_utils.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/oauth2/rfc6749/test_utils.py b/tests/oauth2/rfc6749/test_utils.py index 9d25229..6e713a7 100644 --- a/tests/oauth2/rfc6749/test_utils.py +++ b/tests/oauth2/rfc6749/test_utils.py @@ -1,7 +1,9 @@ from __future__ import absolute_import, unicode_literals +import os from ...unittest import TestCase from oauthlib.oauth2.rfc6749.utils import escape, host_from_uri +from oauthlib.oauth2.rfc6749.utils import is_secure_transport class UtilsTests(TestCase): @@ -21,3 +23,15 @@ class UtilsTests(TestCase): self.assertEqual(host_from_uri('https://a.b.com:8080'), ('a.b.com', '8080')) self.assertEqual(host_from_uri('http://www.example.com'), ('www.example.com', '80')) self.assertEqual(host_from_uri('https://www.example.com'), ('www.example.com', '443')) + + def test_is_secure_transport(self): + """Test check secure uri.""" + if 'DEBUG' in os.environ: + del os.environ['DEBUG'] + + self.assertTrue(is_secure_transport('https://example.com')) + self.assertFalse(is_secure_transport('http://example.com')) + + os.environ['DEBUG'] = '1' + self.assertTrue(is_secure_transport('http://example.com')) + del os.environ['DEBUG'] -- cgit v1.2.1