david / django-oauth / changeset / 38b34bb24b52

Up to file-list oauth_provider/consts.py:

@@ -21,3 +21,5 @@ CONSUMER_STATES = (
 PARAMETERS_NAMES = ('consumer_key', 'token', 'signature',
                     'signature_method', 'timestamp', 'nonce')
 OAUTH_PARAMETERS_NAMES = ['oauth_'+s for s in PARAMETERS_NAMES]
 OUT_OF_BAND = 'oob'

Up to file-list oauth_provider/stores.py:

@@ -3,7 +3,7 @@ from urlparse import urlparse
 from oauth.oauth import OAuthDataStore, OAuthError, escape
 from models import Nonce, Token, Consumer, Resource, generate_random
-from consts import VERIFIER_SIZE, MAX_URL_LENGTH
+from consts import VERIFIER_SIZE, MAX_URL_LENGTH, OUT_OF_BAND
 class DataStore(OAuthDataStore):
@@ -51,7 +51,7 @@ class DataStore(OAuthDataStore):
         callback = None
         callback_confirmed = False
         if oauth_callback:
-            if oauth_callback != "oob":
+            if oauth_callback != OUT_OF_BAND:
                 if check_valid_callback(oauth_callback):
                     callback = oauth_callback
                     callback_confirmed = True

Up to file-list oauth_provider/tests.py:

@@ -670,8 +670,26 @@ redirects her back to the Consumer's cal
     'http://printer.example.com/request_token_ready?error=Access%20not%20granted%20by%20user.'
     >>> c.logout()
 With OAuth 1.0a, the callback is required, hence the ``OAUTH_CALLBACK_VIEW``
 setting is useless.
 With OAuth 1.0a, the callback argument can be set to "oob" (out-of-band),
 you can specify your own default callback view with the
 ``OAUTH_CALLBACK_VIEW`` setting::
     >>> from oauth_provider.consts import OUT_OF_BAND
     >>> token.callback = OUT_OF_BAND
     >>> token.save()
     >>> parameters = {
     ...     'oauth_token': token.key,
     ... }
     >>> c.login(username='jane', password='toto')
     True
     >>> response = c.get("/oauth/authorize/", parameters)
     >>> parameters['authorize_access'] = 0
     >>> response = c.post("/oauth/authorize/", parameters)
     >>> response.status_code
     >>> response.content
     'Fake callback view.'
     >>> c.logout()
 Obtaining an Access Token

Up to file-list oauth_provider/views.py:

@@ -8,6 +8,8 @@ from django.core.urlresolvers import get
 from utils import initialize_server_request, send_oauth_error
 from decorators import oauth_required
 from stores import check_valid_callback
 from consts import OUT_OF_BAND
 OAUTH_AUTHORIZE_VIEW = 'OAUTH_AUTHORIZE_VIEW'
 OAUTH_CALLBACK_VIEW = 'OAUTH_CALLBACK_VIEW'
@@ -50,9 +52,21 @@ def user_authorization(request):
     try:
         # get the request callback, though there might not be one
         callback = oauth_server.get_callback(oauth_request)
         # OAuth 1.0a: this parameter should not be present on this version
         if token.callback_confirmed:
             return HttpResponseBadRequest("Cannot specify oauth_callback at authorization step for 1.0a protocol")
         if not check_valid_callback(callback):
             return HttpResponseBadRequest("Invalid callback URL")
     except OAuthError:
         callback = None
     # OAuth 1.0a: use the token's callback if confirmed
     if token.callback_confirmed:
         callback = token.callback
         if callback == OUT_OF_BAND:
             callback = None
     # entry point for the user
     if request.method == 'GET':
         # try to get custom authorize view
@@ -82,10 +96,6 @@ def user_authorization(request):
                     args = 'error=%s' % _('Access not granted by user.')
             except OAuthError, err:
                 response = send_oauth_error(err)
             # OAuth 1.0a: use the token's callback if confirmed
             if token.callback_confirmed:
                 callback = token.callback
             if callback:
                 if "?" in callback:

commit 33:	38b34bb24b52
parent 32:	338320d4634a
branch:	default

david / django-oauth (http://oauth.net/)