heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed a horrible security issue in the OAuth plugin.

Browse Source 
Also added some real triggering logic to the OAuthAuth Auth object.
This commit is contained in:
Joar Wandborg 2012-09-19 21:57:59 +02:00
parent a7b8c214e9
commit f26224d433
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mediagoblin/plugins/oauth/__init__.py
View File

@ -48,7 +48,10 @@ def setup_plugin():
class OAuthAuth(Auth): class OAuthAuth(Auth):
def trigger(self, request): def trigger(self, request):
return True if 'access_token' in request.GET:
return True
return False
def __call__(self, request, *args, **kw): def __call__(self, request, *args, **kw):
access_token = request.GET.get('access_token') access_token = request.GET.get('access_token')
@ -60,9 +63,9 @@ class OAuthAuth(Auth):
return False return False
request.user = token.user request.user = token.user
return True
return True return False
hooks = { hooks = {
'setup': setup_plugin, 'setup': setup_plugin,