diff options
| author | Theron Luhn <theron@luhn.com> | 2022-03-06 09:24:34 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-06 23:24:34 +0600 |
| commit | b123283ba3d41acb3e787fdf68bd5907972b4bad (patch) | |
| tree | 74ecfbbcdc8dae9ec5b6356fb21a2b31de38104a | |
| parent | 2f887b5a070bf617a471c573ad52fb58251c61af (diff) | |
| download | oauthlib-b123283ba3d41acb3e787fdf68bd5907972b4bad.tar.gz | |
Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT. (#803)
* Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT.
* Add unit test for validating issuer.
| -rw-r--r-- | oauthlib/oauth2/rfc6749/endpoints/metadata.py | 4 | ||||
| -rw-r--r-- | tests/oauth2/rfc6749/endpoints/test_metadata.py | 10 |
2 files changed, 12 insertions, 2 deletions
diff --git a/oauthlib/oauth2/rfc6749/endpoints/metadata.py b/oauthlib/oauth2/rfc6749/endpoints/metadata.py index d43a824..a2820f2 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/metadata.py +++ b/oauthlib/oauth2/rfc6749/endpoints/metadata.py @@ -10,7 +10,7 @@ import copy import json import logging -from .. import grant_types +from .. import grant_types, utils from .authorization import AuthorizationEndpoint from .base import BaseEndpoint, catch_errors_and_unavailability from .introspect import IntrospectEndpoint @@ -68,7 +68,7 @@ class MetadataEndpoint(BaseEndpoint): raise ValueError("key {} is a mandatory metadata.".format(key)) elif is_issuer: - if not array[key].startswith("https"): + if not utils.is_secure_transport(array[key]): raise ValueError("key {}: {} must be an HTTPS URL".format(key, array[key])) if "?" in array[key] or "&" in array[key] or "#" in array[key]: raise ValueError("key {}: {} must not contain query or fragment components".format(key, array[key])) diff --git a/tests/oauth2/rfc6749/endpoints/test_metadata.py b/tests/oauth2/rfc6749/endpoints/test_metadata.py index d93f849..22cf4ba 100644 --- a/tests/oauth2/rfc6749/endpoints/test_metadata.py +++ b/tests/oauth2/rfc6749/endpoints/test_metadata.py @@ -135,3 +135,13 @@ class MetadataEndpointTest(TestCase): sort_list(metadata.claims) sort_list(expected_claims) self.assertEqual(sorted(metadata.claims.items()), sorted(expected_claims.items())) + + def test_metadata_validate_issuer(self): + with self.assertRaises(ValueError): + endpoint = TokenEndpoint( + None, None, grant_types={"password": None}, + ) + metadata = MetadataEndpoint([endpoint], { + "issuer": 'http://foo.bar', + "token_endpoint": "https://foo.bar/token", + }) |