diff options
author | Ib Lundgren <ib.lundgren@gmail.com> | 2013-05-31 11:11:50 +0100 |
---|---|---|
committer | Ib Lundgren <ib.lundgren@gmail.com> | 2013-05-31 11:11:50 +0100 |
commit | 6bb22001c85ea1b155d5dfcc680e210ac72dcf13 (patch) | |
tree | 4a20e6b7ec0a9cba4acef9744519583b7cdb8835 | |
parent | ad7e58bc00e2e1b0807b70d0f26c54db5a44ec5a (diff) | |
parent | 15a5f0aa12338078157b719b67a5555f22080d5b (diff) | |
download | oauthlib-6bb22001c85ea1b155d5dfcc680e210ac72dcf13.tar.gz |
Merge branch 'master' of https://github.com/idan/oauthlib
-rw-r--r-- | AUTHORS | 1 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/parameters.py | 8 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/request_validator.py | 2 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/utils.py | 8 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/test_utils.py | 14 |
5 files changed, 28 insertions, 5 deletions
@@ -14,3 +14,4 @@ Tom Christie Chez Ondrej Slinták Mackenzie Thompson +Hsiaoming Yang diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index f4421ff..6b73ce2 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -19,7 +19,7 @@ from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type from .errors import raise_from_error, MissingTokenError, MissingTokenTypeError from .errors import MismatchingStateError, MissingCodeError from .errors import InsecureTransportError -from .utils import list_to_scope, scope_to_list +from .utils import list_to_scope, scope_to_list, is_secure_transport def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, @@ -61,7 +61,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ - if not uri.startswith('https://'): + if not is_secure_transport(uri): raise InsecureTransportError() params = [(('response_type', response_type)), @@ -157,7 +157,7 @@ def parse_authorization_code_response(uri, state=None): &state=xyz """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() query = urlparse.urlparse(uri).query @@ -213,7 +213,7 @@ def parse_implicit_response(uri, state=None, scope=None): Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 """ - if not uri.lower().startswith('https://'): + if not is_secure_transport(uri.lower()): raise InsecureTransportError() fragment = urlparse.urlparse(uri).fragment diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py index 92fd776..01c4522 100644 --- a/oauthlib/oauth2/rfc6749/request_validator.py +++ b/oauthlib/oauth2/rfc6749/request_validator.py @@ -337,7 +337,7 @@ class RequestValidator(object): raise NotImplementedError('Subclasses must implement this method.') def validate_response_type(self, client_id, response_type, client, request, *args, **kwargs): - """Ensure client is authorized to use the grant_type requested. + """Ensure client is authorized to use the response_type requested. :param client_id: Unicode client identifier :param response_type: Unicode response type, i.e. code, token. diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py index 0a8aab5..b052532 100644 --- a/oauthlib/oauth2/rfc6749/utils.py +++ b/oauthlib/oauth2/rfc6749/utils.py @@ -8,6 +8,7 @@ oauthlib.utils This module contains utility methods used by various parts of the OAuth 2 spec. """ +import os import datetime try: from urllib import quote @@ -80,3 +81,10 @@ def generate_age(issue_time): td = datetime.datetime.now() - issue_time age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 return unicode_type(age) + + +def is_secure_transport(uri): + """Check if the uri is over ssl.""" + if os.environ.get('DEBUG'): + return True + return uri.startswith('https://') diff --git a/tests/oauth2/rfc6749/test_utils.py b/tests/oauth2/rfc6749/test_utils.py index 9d25229..6e713a7 100644 --- a/tests/oauth2/rfc6749/test_utils.py +++ b/tests/oauth2/rfc6749/test_utils.py @@ -1,7 +1,9 @@ from __future__ import absolute_import, unicode_literals +import os from ...unittest import TestCase from oauthlib.oauth2.rfc6749.utils import escape, host_from_uri +from oauthlib.oauth2.rfc6749.utils import is_secure_transport class UtilsTests(TestCase): @@ -21,3 +23,15 @@ class UtilsTests(TestCase): self.assertEqual(host_from_uri('https://a.b.com:8080'), ('a.b.com', '8080')) self.assertEqual(host_from_uri('http://www.example.com'), ('www.example.com', '80')) self.assertEqual(host_from_uri('https://www.example.com'), ('www.example.com', '443')) + + def test_is_secure_transport(self): + """Test check secure uri.""" + if 'DEBUG' in os.environ: + del os.environ['DEBUG'] + + self.assertTrue(is_secure_transport('https://example.com')) + self.assertFalse(is_secure_transport('http://example.com')) + + os.environ['DEBUG'] = '1' + self.assertTrue(is_secure_transport('http://example.com')) + del os.environ['DEBUG'] |