Merge 0b06627 into 3f10081

oauthlib/oauth1/rfc5849/endpoints/access_token.py

@@ -35,13 +35,13 @@ def create_access_token(self, request, credentials):
         :param request: An oauthlib.common.Request object.
         :returns: The token as an urlencoded string.
         """
-        request.realm = self.request_validator.get_realms(
+        request.realms = self.request_validator.get_realms(
                 request.oauth_token, request)
         token = {
             'oauth_token': self.token_generator(),
             'oauth_token_secret': self.token_generator(),
             # Backport the authorized scopes indication used in OAuth2
-            'oauth_authorized_realms': ' '.join(request.realm)
+            'oauth_authorized_realms': ' '.join(request.realms)
         }
         token.update(credentials)
         self.request_validator.save_access_token(token, request)

oauthlib/oauth1/rfc5849/endpoints/request_token.py

@@ -117,14 +117,14 @@ def validate_request_token_request(self, request):
         self._check_mandatory_parameters(request)
 
         if request.realm:
-            request.realm = request.realm.split(' ')
+            request.realms = request.realm.split(' ')
         else:
-            request.realm = self.request_validator.get_default_realms(
+            request.realms = self.request_validator.get_default_realms(
                     request.client_key, request)
-        if not self.request_validator.check_realm(request.realm):
+        if not self.request_validator.check_realms(request.realms):
             raise errors.InvalidRequestError(
                     description='Invalid realm %s. Allowed are %r.' % (
-                        request.realm, self.request_validator.realms))
+                        request.realms, self.request_validator.realms))
 
         if not request.redirect_uri:
             raise errors.InvalidRequestError(
@@ -169,8 +169,8 @@ def validate_request_token_request(self, request):
         # Access to protected resources will always validate the realm but note
         # that the realm is now tied to the access token and not provided by
         # the client.
-        valid_realm = self.request_validator.validate_requested_realm(
-                request.client_key, request.realm, request)
+        valid_realm = self.request_validator.validate_requested_realms(
+                request.client_key, request.realms, request)
 
         # Callback is normally never required, except for requests for
         # a Temporary Credential as described in `Section 2.1`_

oauthlib/oauth1/rfc5849/endpoints/resource.py

@@ -42,24 +42,24 @@ def wrapper(request, *args, **kwargs):
                             http_method=request.method,
                             body=request.data,
                             headers=request.headers,
-                            valid_realms=realms or [])
+                            realms=realms or [])
                     if v:
                         return f(*args, **kwargs)
                     else:
                         return abort(403)
     """
 
     def validate_protected_resource_request(self, uri, http_method='GET',
-            body=None, headers=None, valid_realms=None):
+            body=None, headers=None, realms=None):
         """Create a request token response, with a new request token if valid.
 
         :param uri: The full URI of the token request.
         :param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
         :param body: The request body as a string.
         :param headers: The request headers as a dict.
-        :param valid_realms: A list of realms the resource is protected under.
-                             This will be supplied to the ``validate_realm``
-                             method of the request validator.
+        :param realms: A list of realms the resource is protected under.
+                       This will be supplied to the ``validate_realms``
+                       method of the request validator.
         :returns: A tuple of 2 elements.
                   1. True if valid, False otherwise.
                   2. An oauthlib.common.Request object.
@@ -133,9 +133,9 @@ def validate_protected_resource_request(self, uri, http_method='GET',
         # Access to protected resources will always validate the realm but note
         # that the realm is now tied to the access token and not provided by
         # the client.
-        valid_realm = self.request_validator.validate_realm(request.client_key,
+        valid_realm = self.request_validator.validate_realms(request.client_key,
                 request.resource_owner_key, request, uri=request.uri,
-                valid_realms=valid_realms)
+                realms=realms)
 
         valid_signature = self._check_signature(request)
 

oauthlib/oauth1/rfc5849/request_validator.py

@@ -30,7 +30,7 @@ class RequestValidator(object):
     - check_access_token
     - check_nonce
     - check_verifier
-    - check_realm
+    - check_realms
 
     The methods above default to whitelist input parameters, checking that they
     are alphanumerical and between a minimum and maximum length. Rather than
@@ -55,8 +55,8 @@ class RequestValidator(object):
     - validate_access_token
     - validate_timestamp_and_nonce
     - validate_redirect_uri
-    - validate_requested_realm
-    - validate_realm
+    - validate_requested_realms
+    - validate_realms
     - validate_verifier
 
     Method used to retrieve sensitive information from storage.
@@ -173,9 +173,9 @@ def check_verifier(self, verifier):
         return (set(verifier) <= self.safe_characters and
                 lower <= len(verifier) <= upper)
 
-    def check_realm(self, realm):
+    def check_realms(self, realms):
         """Check that the realm is one of a set allowed realms."""
-        return all((r in self.realms for r in realm))
+        return all((r in self.realms for r in realms))
 
     @property
     def dummy_client(self):
@@ -579,11 +579,11 @@ def validate_redirect_uri(self, client_key, redirect_uri, request):
         """
         raise NotImplementedError("Subclasses must implement this function.")
 
-    def validate_requested_realm(self, client_key, realm, request):
+    def validate_requested_realms(self, client_key, realms, request):
         """Validates that the client may request access to the realm.
 
         :param client_key: The client/consumer key.
-        :param realm: The list of realms that client is requesting access to.
+        :param realms: The list of realms that client is requesting access to.
         :param request: An oauthlib.common.Request object.
         :returns: True or False
 
@@ -597,23 +597,23 @@ def validate_requested_realm(self, client_key, realm, request):
         """
         raise NotImplementedError("Subclasses must implement this function.")
 
-    def validate_realm(self, client_key, token, request, uri=None,
-            required_realm=None):
+    def validate_realms(self, client_key, token, request, uri=None,
+            realms=None):
         """Validates access to the request realm.
 
         :param client_key: The client/consumer key.
         :param token: A request token string.
         :param request: An oauthlib.common.Request object.
         :param uri: The URI the realms is protecting.
-        :param required_realm: A list of realms that must have been granted to
-                               the access token.
+        :param realms: A list of realms that must have been granted to
+                       the access token.
         :returns: True or False
 
         How providers choose to use the realm parameter is outside the OAuth
         specification but it is commonly used to restrict access to a subset
         of protected resources such as "photos".
 
-        required_realm is a convenience parameter which can be used to provide
+        realms is a convenience parameter which can be used to provide
         a per view method pre-defined list of allowed realms.
 
         This method is used by

tests/oauth1/rfc5849/endpoints/test_request_token.py

@@ -17,9 +17,9 @@ def setUp(self):
         self.validator.get_client_secret.return_value = 'bar'
         self.validator.get_default_realms.return_value = ['foo']
         self.validator.timestamp_lifetime = 600
-        self.validator.check_realm.return_value = True
+        self.validator.check_realms.return_value = True
         self.validator.validate_client_key.return_value = True
-        self.validator.validate_requested_realm.return_value = True
+        self.validator.validate_requested_realms.return_value = True
         self.validator.validate_redirect_uri.return_value = True
         self.validator.validate_timestamp_and_nonce.return_value = True
         self.validator.dummy_client = 'dummy'
@@ -39,8 +39,8 @@ def test_check_redirect_uri(self):
         self.assertEqual(s, 400)
         self.assertIn('invalid_request', b)
 
-    def test_check_realm(self):
-        self.validator.check_realm.return_value = False
+    def test_check_realms(self):
+        self.validator.check_realms.return_value = False
         u, h, b, s = self.endpoint.create_request_token_response(
                 self.uri, headers=self.headers)
         self.assertEqual(s, 400)
@@ -52,8 +52,8 @@ def test_validate_client_key(self):
                 self.uri, headers=self.headers)
         self.assertEqual(s, 401)
 
-    def test_validate_realm(self):
-        self.validator.validate_requested_realm.return_value = False
+    def test_validate_realms(self):
+        self.validator.validate_requested_realms.return_value = False
         u, h, b, s = self.endpoint.create_request_token_response(
                 self.uri, headers=self.headers)
         self.assertEqual(s, 401)

tests/oauth1/rfc5849/endpoints/test_resource.py

@@ -21,7 +21,7 @@ def setUp(self):
         self.validator.validate_client_key.return_value = True
         self.validator.validate_access_token.return_value = True
         self.validator.validate_timestamp_and_nonce.return_value = True
-        self.validator.validate_realm.return_value = True
+        self.validator.validate_realms.return_value = True
         self.validator.dummy_client = 'dummy'
         self.validator.dummy_secret = 'dummy'
         self.validator.dummy_access_token = 'dummy'
@@ -57,8 +57,8 @@ def test_validate_access_token(self):
                 self.uri, headers=self.headers)
         self.assertFalse(v)
 
-    def test_validate_realm(self):
-        self.validator.validate_realm.return_value = False
+    def test_validate_realms(self):
+        self.validator.validate_realms.return_value = False
         v, r = self.endpoint.validate_protected_resource_request(
                 self.uri, headers=self.headers)
         self.assertFalse(v)

tests/oauth1/rfc5849/test_request_validator.py

@@ -34,9 +34,9 @@ def test_not_implemented(self):
             None, None, None, None)
         self.assertRaises(NotImplementedError, v.validate_redirect_uri,
                 None, None, None)
-        self.assertRaises(NotImplementedError, v.validate_realm,
+        self.assertRaises(NotImplementedError, v.validate_realms,
                 None, None, None, None, None)
-        self.assertRaises(NotImplementedError, v.validate_requested_realm,
+        self.assertRaises(NotImplementedError, v.validate_requested_realms,
                 None, None, None)
         self.assertRaises(NotImplementedError, v.validate_verifier,
                 None, None, None, None)
@@ -56,14 +56,14 @@ def test_check_length(self):
             for valid in ('itsjustaboutlongenough',):
                 self.assertTrue(method(valid))
 
-    def test_check_realm(self):
+    def test_check_realms(self):
         v = RequestValidator()
-        self.assertFalse(v.check_realm(['foo']))
+        self.assertFalse(v.check_realms(['foo']))
 
         class FooRealmValidator(RequestValidator):
             @property
             def realms(self):
                 return ['foo']
 
         v = FooRealmValidator()
-        self.assertTrue(v.check_realm(['foo']))
+        self.assertTrue(v.check_realms(['foo']))