Fix security issue in OAuth verifier validation

mediagoblin/oauth/oauth.py

@@ -100,6 +100,17 @@ class GMGRequestValidator(RequestValidator):
 
         return True
 
+    def validate_verifier(self, token, verifier):
+        """ Verifies the verifier token is correct. """
+        request_token = RequestToken.query.filter_by(token=token).first()
+        if request_token is None:
+            return False
+
+        if request_token.verifier != verifier:
+            return False
+
+        return True
+
     def validate_access_token(self, client_key, token, request):
         """ Verifies token exists for client with id of client_key """
         client = Client.query.filter_by(id=client_key).first()

mediagoblin/oauth/views.py

@@ -337,6 +337,16 @@ def access_token(request):
     request.resource_owner_key = parsed_tokens["oauth_consumer_key"]
     request.oauth_token = parsed_tokens["oauth_token"]
     request_validator = GMGRequestValidator(data)
+
+    # Check that the verifier is valid
+    verifier_valid = request_validator.validate_verifier(
+        token=request.oauth_token,
+        verifier=parsed_tokens["oauth_verifier"]
+    )
+    if not verifier_valid:
+        error = "Verifier code or token incorrect"
+        return json_response({"error": error}, status=401)
+
     av = AccessTokenEndpoint(request_validator)
     tokens = av.create_access_token(request, {})
     return form_response(tokens)