From: Christopher Allan Webber Date: Sun, 20 Dec 2015 15:05:00 +0000 (-0600) Subject: Merge branch 'stable' X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=76a8e720e5076fedfadf5582af85e3426cef04d1;p=mediagoblin.git Merge branch 'stable' --- 76a8e720e5076fedfadf5582af85e3426cef04d1 diff --cc mediagoblin/oauth/oauth.py index f6a1bf4b,4a7f25c2..cdd8c842 --- a/mediagoblin/oauth/oauth.py +++ b/mediagoblin/oauth/oauth.py @@@ -102,32 -100,28 +102,43 @@@ class GMGRequestValidator(RequestValida return True + def validate_verifier(self, token, verifier): + """ Verifies the verifier token is correct. """ + request_token = RequestToken.query.filter_by(token=token).first() + if request_token is None: + return False + + if request_token.verifier != verifier: + return False + + return True + def validate_access_token(self, client_key, token, request): """ Verifies token exists for client with id of client_key """ - client = Client.query.filter_by(id=client_key).first() - token = AccessToken.query.filter_by(token=token) - token = token.first() + # Get the client for the request + client_query = Client.query.filter(Client.id != oauth.DUMMY_CLIENT_ID) + client = client_query.filter_by(id=client_key).first() + + # If the client is invalid then it's invalid + if client is None: + return False - if token is None: + # Look up the AccessToken + access_token_query = AccessToken.query.filter( + AccessToken.token != oauth.DUMMY_ACCESS_TOKEN + ) + access_token = access_token_query.filter_by(token=token).first() + + # If there isn't one - we can't validate. + if access_token is None: return False - request_token = RequestToken.query.filter_by(token=token.request_token) - request_token = request_token.first() + # Check that the client matches the on + request_token_query = RequestToken.query.filter( + RequestToken.token != oauth.DUMMY_REQUEST_TOKEN, + RequestToken.token == access_token.request_token + ) + request_token = request_token_query.first() if client.id != request_token.client: return False