Преглед изворни кода
[Fix] oauth url delimiter moved to function instead of global (#2305)
* [Fix] oauth url delimiter moved to function instead of global * [Fix] renamed oauth_url_delimiter to get_url_delimiterversion-14
Revant Nandgaonkar
пре 8 година
committed by
Rushabh Mehta
Rushabh Mehta
2 измењених фајлова са 11 додато и 9 уклоњено
Подељен поглед
Diff Options
-
+2 -1frappe/api.py
-
+9 -8frappe/oauth.py
+ 2
- 1
frappe/api.py
Прегледај датотеку
| @@ -129,6 +129,7 @@ def handle(): | |||
| return build_response("json") | |||
| def validate_oauth(): | |||
| from frappe.oauth import get_url_delimiter | |||
| form_dict = frappe.local.form_dict | |||
| authorization_header = frappe.get_request_header("Authorization").split(" ") if frappe.get_request_header("Authorization") else None | |||
| if authorization_header and authorization_header[0].lower() == "bearer": | |||
| @@ -142,7 +143,7 @@ def validate_oauth(): | |||
| body = r.get_data() | |||
| headers = r.headers | |||
| required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(";") | |||
| required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(get_url_delimiter()) | |||
| valid, oauthlib_request = get_oauth_server().verify_request(uri, http_method, body, headers, required_scopes) | |||
+ 9
- 8
frappe/oauth.py
Прегледај датотеку
| @@ -11,7 +11,8 @@ from oauthlib.oauth2.rfc6749.endpoints.resource import ResourceEndpoint | |||
| from oauthlib.oauth2.rfc6749.endpoints.revocation import RevocationEndpoint | |||
| from oauthlib.common import Request | |||
| separated_by = " " | |||
| def get_url_delimiter(separator_character=" "): | |||
| return separator_character | |||
| class WebApplicationServer(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint, | |||
| RevocationEndpoint): | |||
| @@ -76,7 +77,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| # Is the client allowed to use the supplied redirect_uri? i.e. has | |||
| # the client previously registered this EXACT redirect uri. | |||
| redirect_uris = frappe.db.get_value("OAuth Client", client_id, 'redirect_uris').split(separated_by) | |||
| redirect_uris = frappe.db.get_value("OAuth Client", client_id, 'redirect_uris').split(get_url_delimiter()) | |||
| if redirect_uri in redirect_uris: | |||
| return True | |||
| @@ -92,7 +93,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): | |||
| # Is the client allowed to access the requested scopes? | |||
| client_scopes = frappe.db.get_value("OAuth Client", client_id, 'scopes').split(separated_by) | |||
| client_scopes = frappe.db.get_value("OAuth Client", client_id, 'scopes').split(get_url_delimiter()) | |||
| are_scopes_valid = True | |||
| @@ -104,7 +105,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| def get_default_scopes(self, client_id, request, *args, **kwargs): | |||
| # Scopes a client will authorize for if none are supplied in the | |||
| # authorization request. | |||
| scopes = frappe.db.get_value("OAuth Client", client_id, 'scopes').split(separated_by) | |||
| scopes = frappe.db.get_value("OAuth Client", client_id, 'scopes').split(get_url_delimiter()) | |||
| request.scopes = scopes #Apparently this is possible. | |||
| return scopes | |||
| @@ -126,7 +127,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| cookie_dict = get_cookie_dict_from_headers(request) | |||
| oac = frappe.new_doc('OAuth Authorization Code') | |||
| oac.scopes = separated_by.join(request.scopes) | |||
| oac.scopes = get_url_delimiter().join(request.scopes) | |||
| oac.redirect_uri_bound_to_authorization_code = request.redirect_uri | |||
| oac.client = client_id | |||
| oac.user = urllib.unquote(cookie_dict['user_id']) | |||
| @@ -176,7 +177,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| checkcodes.append(vcode["name"]) | |||
| if code in checkcodes: | |||
| request.scopes = frappe.db.get_value("OAuth Authorization Code", code, 'scopes').split(separated_by) | |||
| request.scopes = frappe.db.get_value("OAuth Authorization Code", code, 'scopes').split(get_url_delimiter()) | |||
| request.user = frappe.db.get_value("OAuth Authorization Code", code, 'user') | |||
| return True | |||
| else: | |||
| @@ -202,7 +203,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| otoken = frappe.new_doc("OAuth Bearer Token") | |||
| otoken.client = request.client['name'] | |||
| otoken.user = request.user | |||
| otoken.scopes = separated_by.join(request.scopes) | |||
| otoken.scopes = get_url_delimiter().join(request.scopes) | |||
| otoken.access_token = token['access_token'] | |||
| otoken.refresh_token = token['refresh_token'] | |||
| otoken.expires_in = token['expires_in'] | |||
| @@ -226,7 +227,7 @@ class OAuthWebRequestValidator(RequestValidator): | |||
| otoken = frappe.get_doc("OAuth Bearer Token", token) #{"access_token": str(token)}) | |||
| is_token_valid = (frappe.utils.datetime.datetime.now() < otoken.expiration_time) \ | |||
| and otoken.status != "Revoked" | |||
| client_scopes = frappe.db.get_value("OAuth Client", otoken.client, 'scopes').split(separated_by) | |||
| client_scopes = frappe.db.get_value("OAuth Client", otoken.client, 'scopes').split(get_url_delimiter()) | |||
| are_scopes_valid = True | |||
| for scp in scopes: | |||
| are_scopes_valid = are_scopes_valid and True if scp in client_scopes else False | |||