david / django-oauth / changeset / 4f12d70ae49d

Up to file-list AUTHORS:

@@ -2,3 +2,5 @@ David Larlet <http://david.larlet.fr>
 Dan Wilson
 Jay Graves
 Ariel Nunez
 Jesper Noerh
 Toby White

Up to file-list oauth_provider/consts.py:

@@ -4,6 +4,7 @@ KEY_SIZE = 16
 SECRET_SIZE = 16
 VERIFIER_SIZE = 10
 CONSUMER_KEY_SIZE = 256
 MAX_URL_LENGTH = 2083
 PENDING = 1
 ACCEPTED = 2

Up to file-list oauth_provider/stores.py:

 from urlparse import urlparse
 from oauth.oauth import OAuthDataStore, OAuthError, escape
 from models import Nonce, Token, Consumer, Resource, generate_random
-from consts import VERIFIER_SIZE
+from consts import VERIFIER_SIZE, MAX_URL_LENGTH
 class DataStore(OAuthDataStore):
@@ -42,21 +44,28 @@ class DataStore(OAuthDataStore):
             return nonce.key
     def fetch_request_token(self, oauth_consumer, oauth_callback):
         if oauth_consumer.key == self.consumer.key:
             try:
                 resource = Resource.objects.get(name=self.scope)
             except:
                 raise OAuthError('Resource %s does not exist.' % escape(self.scope))
             self.request_token = Token.objects.create_token(consumer=self.consumer,
                                                             token_type=Token.REQUEST,
                                                             timestamp=self.timestamp,
                                                             resource=resource)
             # OAuth 1.0a: if there is a callback, set it
             if oauth_callback:
                 self.request_token.set_callback(oauth_callback)
             return self.request_token
-        raise OAuthError('Consumer key does not match.')
+        if oauth_consumer.key != self.consumer.key:
             raise OAuthError('Consumer key does not match.')
         # OAuth 1.0a: if there is a callback, check its validity
         if oauth_callback and \
             not (oauth_callback == "oob" or check_valid_callback(oauth_callback)):
             raise OAuthError('Invalid callback URL.')
         try:
             resource = Resource.objects.get(name=self.scope)
         except:
             raise OAuthError('Resource %s does not exist.' % escape(self.scope))
         self.request_token = Token.objects.create_token(consumer=self.consumer,
                                                         token_type=Token.REQUEST,
                                                         timestamp=self.timestamp,
                                                         resource=resource)
         # OAuth 1.0a: if there is a callback, set it
         if oauth_callback:
             self.request_token.set_callback(oauth_callback)
         return self.request_token
     def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier):
         if oauth_consumer.key == self.consumer.key \
@@ -89,3 +98,13 @@ class DataStore(OAuthDataStore):
             self.request_token.save()
             return self.request_token
         raise OAuthError('Token key does not match.')
 def check_valid_callback(callback):
     """
     Checks the size and nature of the callback.
     """
     callback_url = urlparse(callback)
     return (callback_url.scheme in ['http', 'https']
             and callback_url.hostname
             and len(callback) < MAX_URL_LENGTH)

Up to file-list oauth_provider/tests.py:

@@ -595,6 +595,16 @@ If you try to access a resource with a w
     >>> response.content
     'Resource videos does not exist.'
     >>> parameters['scope'] = 'photos' # restore
 If you try to put a wrong callback, it will return an error::
     >>> parameters['oauth_callback'] = 'wrongcallback'
     >>> response = c.get("/oauth/request_token/", parameters)
     >>> response.status_code
     >>> response.content
     'Invalid callback URL.'
 Requesting User Authorization

commit 31:	4f12d70ae49d
parent 30:	95a6aab951cd
branch:	default

david / django-oauth (http://oauth.net/)