heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed a horrible security issue in the OAuth plugin.

Browse Source 
Also added some real triggering logic to the OAuthAuth Auth object.
This commit is contained in:
Joar Wandborg 2012-09-19 21:57:59 +02:00
parent a7b8c214e9
commit f26224d433
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mediagoblin/plugins/oauth/__init__.py
View File

@ -48,8 +48,11 @@ def setup_plugin():
class OAuthAuth(Auth):
def trigger(self, request):
if 'access_token' in request.GET:
return True
return False
def __call__(self, request, *args, **kw):
access_token = request.GET.get('access_token')
if access_token:
@ -60,9 +63,9 @@ class OAuthAuth(Auth):
return False
request.user = token.user
return True
return False
hooks = {
'setup': setup_plugin,