Fix security issue in OAuth verifier validation
This commit is contained in:
parent
6e38fec80e
commit
86ee2d1a0e
@ -100,6 +100,17 @@ class GMGRequestValidator(RequestValidator):
|
|||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def validate_verifier(self, token, verifier):
|
||||||
|
""" Verifies the verifier token is correct. """
|
||||||
|
request_token = RequestToken.query.filter_by(token=token).first()
|
||||||
|
if request_token is None:
|
||||||
|
return False
|
||||||
|
|
||||||
|
if request_token.verifier != verifier:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
def validate_access_token(self, client_key, token, request):
|
def validate_access_token(self, client_key, token, request):
|
||||||
""" Verifies token exists for client with id of client_key """
|
""" Verifies token exists for client with id of client_key """
|
||||||
client = Client.query.filter_by(id=client_key).first()
|
client = Client.query.filter_by(id=client_key).first()
|
||||||
|
@ -337,6 +337,16 @@ def access_token(request):
|
|||||||
request.resource_owner_key = parsed_tokens["oauth_consumer_key"]
|
request.resource_owner_key = parsed_tokens["oauth_consumer_key"]
|
||||||
request.oauth_token = parsed_tokens["oauth_token"]
|
request.oauth_token = parsed_tokens["oauth_token"]
|
||||||
request_validator = GMGRequestValidator(data)
|
request_validator = GMGRequestValidator(data)
|
||||||
|
|
||||||
|
# Check that the verifier is valid
|
||||||
|
verifier_valid = request_validator.validate_verifier(
|
||||||
|
token=request.oauth_token,
|
||||||
|
verifier=parsed_tokens["oauth_verifier"]
|
||||||
|
)
|
||||||
|
if not verifier_valid:
|
||||||
|
error = "Verifier code or token incorrect"
|
||||||
|
return json_response({"error": error}, status=401)
|
||||||
|
|
||||||
av = AccessTokenEndpoint(request_validator)
|
av = AccessTokenEndpoint(request_validator)
|
||||||
tokens = av.create_access_token(request, {})
|
tokens = av.create_access_token(request, {})
|
||||||
return form_response(tokens)
|
return form_response(tokens)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user