From: Joar Wandborg <git@wandborg.com>
Date: Wed, 19 Sep 2012 19:57:59 +0000 (+0200)
Subject: Fixed a horrible security issue in the OAuth plugin.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=f26224d43359041f45adb28bdc3a9ac48570a0a3;p=mediagoblin.git

Fixed a horrible security issue in the OAuth plugin.

Also added some real triggering logic to the OAuthAuth Auth object.
---

diff --git a/mediagoblin/plugins/oauth/__init__.py b/mediagoblin/plugins/oauth/__init__.py
index 95919728..33dcaf16 100644
--- a/mediagoblin/plugins/oauth/__init__.py
+++ b/mediagoblin/plugins/oauth/__init__.py
@@ -48,7 +48,10 @@ def setup_plugin():
 
 class OAuthAuth(Auth):
     def trigger(self, request):
-        return True
+        if 'access_token' in request.GET:
+            return True
+
+        return False
 
     def __call__(self, request, *args, **kw):
         access_token = request.GET.get('access_token')
@@ -60,9 +63,9 @@ class OAuthAuth(Auth):
                 return False
 
             request.user = token.user
+            return True
 
-        return True
-
+        return False
 
 hooks = {
     'setup': setup_plugin,