From: Jessica Tallon <jessica@megworld.co.uk>
Date: Tue, 5 Aug 2014 20:41:31 +0000 (+0100)
Subject: Use oauthlib's safe characters when generating client_key and client_secret
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=32ff6f4dc06c91d452afa717eb3198cf746c2bf1;p=mediagoblin.git

Use oauthlib's safe characters when generating client_key and client_secret
---

diff --git a/mediagoblin/oauth/views.py b/mediagoblin/oauth/views.py
index 5ade7a8d..641e300a 100644
--- a/mediagoblin/oauth/views.py
+++ b/mediagoblin/oauth/views.py
@@ -17,6 +17,7 @@
 import datetime
 import string
 
+from oauthlib.oauth1.rfc5849.utils import UNICODE_ASCII_CHARACTER_SET
 from oauthlib.oauth1 import (RequestTokenEndpoint, AuthorizationEndpoint,
                              AccessTokenEndpoint)
 
@@ -37,8 +38,6 @@ from mediagoblin.db.models import NonceTimestamp, Client, RequestToken
 
 # possible client types
 CLIENT_TYPES = ["web", "native"] # currently what pump supports
-OAUTH_ALPHABET = (string.ascii_letters.decode('ascii') +
-    string.digits.decode('ascii'))
 
 @csrf_exempt
 def client_register(request):
@@ -107,8 +106,8 @@ def client_register(request):
             return json_response({"error": error}, status=400)
 
         # generate the client_id and client_secret
-        client_id = random_string(22, OAUTH_ALPHABET)
-        client_secret = random_string(43, OAUTH_ALPHABET)
+        client_id = random_string(22, UNICODE_ASCII_CHARACTER_SET)
+        client_secret = random_string(43, UNICODE_ASCII_CHARACTER_SET)
         expirey = 0 # for now, lets not have it expire
         expirey_db = None if expirey == 0 else expirey
         application_type = data["application_type"]