From f26224d43359041f45adb28bdc3a9ac48570a0a3 Mon Sep 17 00:00:00 2001
From: Joar Wandborg <git@wandborg.com>
Date: Wed, 19 Sep 2012 21:57:59 +0200
Subject: [PATCH] Fixed a horrible security issue in the OAuth plugin.

Also added some real triggering logic to the OAuthAuth Auth object.
---
 mediagoblin/plugins/oauth/__init__.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mediagoblin/plugins/oauth/__init__.py b/mediagoblin/plugins/oauth/__init__.py
index 95919728..33dcaf16 100644
--- a/mediagoblin/plugins/oauth/__init__.py
+++ b/mediagoblin/plugins/oauth/__init__.py
@@ -48,7 +48,10 @@ def setup_plugin():
 
 class OAuthAuth(Auth):
     def trigger(self, request):
-        return True
+        if 'access_token' in request.GET:
+            return True
+
+        return False
 
     def __call__(self, request, *args, **kw):
         access_token = request.GET.get('access_token')
@@ -60,9 +63,9 @@ class OAuthAuth(Auth):
                 return False
 
             request.user = token.user
+            return True
 
-        return True
-
+        return False
 
 hooks = {
     'setup': setup_plugin,
-- 
2.25.1