Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- oauthlib-0.7.1-github/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py 2014-10-27 09:56:50.000000000 -0700
- +++ oauthlib-0.7.1-pypi/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py 2014-10-27 07:32:43.000000000 -0700
- @@ -5,7 +5,6 @@
- """
- from __future__ import unicode_literals, absolute_import
- -import json
- import logging
- from oauthlib import common
- @@ -13,7 +12,6 @@
- from .base import GrantTypeBase
- from .. import errors
- -from ..request_validator import RequestValidator
- log = logging.getLogger(__name__)
- @@ -94,9 +92,10 @@
- .. _`Authorization Code Grant`: http://tools.ietf.org/html/rfc6749#section-4.1
- """
- -
- - def __init__(self, request_validator=None):
- - self.request_validator = request_validator or RequestValidator()
- + grant_types = ['authorization_code']
- + mandatory_parameters = ['grant_type', 'code']
- + disallowed_duplicates = ['grant_type', 'code', 'client_id', 'redirect_uri', 'scope']
- + refresh_token = True
- def create_authorization_code(self, request):
- """Generates an authorization grant represented as a dictionary."""
- @@ -216,32 +215,6 @@
- request.client_id, grant, request)
- return {'Location': common.add_params_to_uri(request.redirect_uri, grant.items())}, None, 302
- - def create_token_response(self, request, token_handler):
- - """Validate the authorization code.
- -
- - The client MUST NOT use the authorization code more than once. If an
- - authorization code is used more than once, the authorization server
- - MUST deny the request and SHOULD revoke (when possible) all tokens
- - previously issued based on that authorization code. The authorization
- - code is bound to the client identifier and redirection URI.
- - """
- - headers = {
- - 'Content-Type': 'application/json',
- - 'Cache-Control': 'no-store',
- - 'Pragma': 'no-cache',
- - }
- - try:
- - self.validate_token_request(request)
- - log.debug('Token request validation ok for %r.', request)
- - except errors.OAuth2Error as e:
- - log.debug('Client error during validation of %r. %r.', request, e)
- - return headers, e.json, e.status_code
- -
- - token = token_handler.create_token(request, refresh_token=True)
- - self.request_validator.invalidate_authorization_code(
- - request.client_id, request.code, request)
- - return headers, json.dumps(token), 200
- -
- def validate_authorization_request(self, request):
- """Check the authorization request for normal and fatal errors.
- @@ -269,7 +242,8 @@
- if not request.client_id:
- raise errors.MissingClientIdError(request=request)
- - if not self.request_validator.validate_client_id(request.client_id, request):
- + if not self.request_validator.validate_client_id(
- + request.client_id, request):
- raise errors.InvalidClientIdError(request=request)
- # OPTIONAL. As described in Section 3.1.2.
- @@ -305,14 +279,20 @@
- # Note that the correct parameters to be added are automatically
- # populated through the use of specific exceptions.
- if request.response_type is None:
- - raise errors.InvalidRequestError(description='Missing response_type parameter.', request=request)
- + raise errors.InvalidRequestError(
- + description='Missing response_type parameter.',
- + request=request)
- - for param in ('client_id', 'response_type', 'redirect_uri', 'scope', 'state'):
- + for param in ('client_id', 'response_type', 'redirect_uri', 'scope',
- + 'state'):
- if param in request.duplicate_params:
- - raise errors.InvalidRequestError(description='Duplicate %s parameter.' % param, request=request)
- -
- - if not self.request_validator.validate_response_type(request.client_id,
- - request.response_type, request.client, request):
- + raise errors.InvalidRequestError(
- + description='Duplicate %s parameter.' % param,
- + request=request)
- +
- + if not self.request_validator.validate_response_type(
- + request.client_id, request.response_type, request.client,
- + request):
- log.debug('Client %s is not authorized to use response_type %s.',
- request.client_id, request.response_type)
- raise errors.UnauthorizedClientError(request=request)
- @@ -334,29 +314,19 @@
- }
- def validate_token_request(self, request):
- - # REQUIRED. Value MUST be set to "authorization_code".
- - if request.grant_type != 'authorization_code':
- - raise errors.UnsupportedGrantTypeError(request=request)
- -
- - if request.code is None:
- - raise errors.InvalidRequestError(
- - description='Missing code parameter.', request=request)
- -
- - for param in ('client_id', 'grant_type', 'redirect_uri'):
- - if param in request.duplicate_params:
- - raise errors.InvalidRequestError(description='Duplicate %s parameter.' % param,
- - request=request)
- + self.early_validate_token_request(request)
- if self.request_validator.client_authentication_required(request):
- - # If the client type is confidential or the client was issued client
- - # credentials (or assigned other authentication requirements), the
- - # client MUST authenticate with the authorization server as described
- - # in Section 3.2.1.
- + # If the client type is confidential or the client was issued
- + # client credentials (or assigned other authentication
- + # requirements), the client MUST authenticate with the
- + # authorization server as described in Section 3.2.1.
- # http://tools.ietf.org/html/rfc6749#section-3.2.1
- if not self.request_validator.authenticate_client(request):
- log.debug('Client authentication failed, %r.', request)
- raise errors.InvalidClientError(request=request)
- - elif not self.request_validator.authenticate_client_id(request.client_id, request):
- + elif not self.request_validator.authenticate_client_id(
- + request.client_id, request):
- # REQUIRED, if the client is not authenticating with the
- # authorization server as described in Section 3.2.1.
- # http://tools.ietf.org/html/rfc6749#section-3.2.1
- @@ -368,13 +338,12 @@
- 'request.client.client_id attribute '
- 'in authenticate_client.')
- - # Ensure client is authorized use of this grant type
- self.validate_grant_type(request)
- # REQUIRED. The authorization code received from the
- # authorization server.
- - if not self.request_validator.validate_code(request.client_id,
- - request.code, request.client, request):
- + if not self.request_validator.validate_code(
- + request.client_id, request.code, request.client, request):
- log.debug('Client, %r (%r), is not allowed access to scopes %r.',
- request.client_id, request.client, request.scopes)
- raise errors.InvalidGrantError(request=request)
- @@ -386,8 +355,9 @@
- # REQUIRED, if the "redirect_uri" parameter was included in the
- # authorization request as described in Section 4.1.1, and their
- # values MUST be identical.
- - if not self.request_validator.confirm_redirect_uri(request.client_id, request.code,
- - request.redirect_uri, request.client):
- + if not self.request_validator.confirm_redirect_uri(
- + request.client_id, request.code, request.redirect_uri,
- + request.client):
- log.debug('Redirect_uri (%r) invalid for client %r (%r).',
- request.redirect_uri, request.client_id, request.client)
- raise errors.AccessDeniedError(request=request)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement