return True
+ def validate_verifier(self, token, verifier):
+ """ Verifies the verifier token is correct. """
+ request_token = RequestToken.query.filter_by(token=token).first()
+ if request_token is None:
+ return False
+
+ if request_token.verifier != verifier:
+ return False
+
+ return True
+
def validate_access_token(self, client_key, token, request):
""" Verifies token exists for client with id of client_key """
- client = Client.query.filter_by(id=client_key).first()
- token = AccessToken.query.filter_by(token=token)
- token = token.first()
+ # Get the client for the request
+ client_query = Client.query.filter(Client.id != oauth.DUMMY_CLIENT_ID)
+ client = client_query.filter_by(id=client_key).first()
+
+ # If the client is invalid then it's invalid
+ if client is None:
+ return False
- if token is None:
+ # Look up the AccessToken
+ access_token_query = AccessToken.query.filter(
+ AccessToken.token != oauth.DUMMY_ACCESS_TOKEN
+ )
+ access_token = access_token_query.filter_by(token=token).first()
+
+ # If there isn't one - we can't validate.
+ if access_token is None:
return False
- request_token = RequestToken.query.filter_by(token=token.request_token)
- request_token = request_token.first()
+ # Check that the client matches the on
+ request_token_query = RequestToken.query.filter(
+ RequestToken.token != oauth.DUMMY_REQUEST_TOKEN,
+ RequestToken.token == access_token.request_token
+ )
+ request_token = request_token_query.first()
if client.id != request_token.client:
return False
projects / mediagoblin.git / commitdiff