From cb659a923d5156f3700499c2964324a4b39d53e6 Mon Sep 17 00:00:00 2001 From: Lauri Andler Date: Tue, 16 Sep 2014 11:55:08 +0300 Subject: [PATCH 1/3] Removed client secret checking from authenticate_client_id Change client_authentication_required to return False if client_type is not confidential (unless client_secret is provided). --- flask_oauthlib/provider/oauth2.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flask_oauthlib/provider/oauth2.py b/flask_oauthlib/provider/oauth2.py index ebb3763d..b402fe6e 100644 --- a/flask_oauthlib/provider/oauth2.py +++ b/flask_oauthlib/provider/oauth2.py @@ -574,7 +574,10 @@ def client_authentication_required(self, request, *args, **kwargs): .. _`Section 4.1.3`: http://tools.ietf.org/html/rfc6749#section-4.1.3 .. _`Section 6`: http://tools.ietf.org/html/rfc6749#section-6 """ - if request.grant_type == 'password': + + client = self._clientgetter(request.client_id) + + if request.grant_type == 'password' and (client.client_type == 'confidential' or request.client_secret): return True auth_required = ('authorization_code', 'refresh_token') return 'Authorization' in request.headers and\ @@ -631,9 +634,6 @@ def authenticate_client_id(self, client_id, request, *args, **kwargs): log.debug('Authenticate failed, client not found.') return False - if client.client_secret != request.client_secret: - log.debug('Authenticate client failed, secret not match.') - return False # attach client on request for convenience request.client = client From 4cde7163cf661facec24c621ae42963e0245db8b Mon Sep 17 00:00:00 2001 From: Lauri Andler Date: Tue, 16 Sep 2014 13:08:47 +0300 Subject: [PATCH 2/3] Fixed logic - now tests pass --- flask_oauthlib/provider/oauth2.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/flask_oauthlib/provider/oauth2.py b/flask_oauthlib/provider/oauth2.py index b402fe6e..67563760 100644 --- a/flask_oauthlib/provider/oauth2.py +++ b/flask_oauthlib/provider/oauth2.py @@ -575,10 +575,14 @@ def client_authentication_required(self, request, *args, **kwargs): .. _`Section 6`: http://tools.ietf.org/html/rfc6749#section-6 """ - client = self._clientgetter(request.client_id) + + if(request.grant_type=='password'): + client = self._clientgetter(request.client_id) + if (not client) or client.client_type == 'confidential' or request.client_secret: + return True + else: + return False - if request.grant_type == 'password' and (client.client_type == 'confidential' or request.client_secret): - return True auth_required = ('authorization_code', 'refresh_token') return 'Authorization' in request.headers and\ request.grant_type in auth_required From cfc32c29270d91684cb633d0fd85a87cd218be3b Mon Sep 17 00:00:00 2001 From: Lauri Andler Date: Tue, 16 Sep 2014 13:15:36 +0300 Subject: [PATCH 3/3] Fixed lint errors --- flask_oauthlib/provider/oauth2.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/flask_oauthlib/provider/oauth2.py b/flask_oauthlib/provider/oauth2.py index 67563760..16973591 100644 --- a/flask_oauthlib/provider/oauth2.py +++ b/flask_oauthlib/provider/oauth2.py @@ -575,10 +575,10 @@ def client_authentication_required(self, request, *args, **kwargs): .. _`Section 6`: http://tools.ietf.org/html/rfc6749#section-6 """ - - if(request.grant_type=='password'): + if request.grant_type == 'password': client = self._clientgetter(request.client_id) - if (not client) or client.client_type == 'confidential' or request.client_secret: + if (not client) or client.client_type == 'confidential' or\ + request.client_secret: return True else: return False @@ -638,7 +638,6 @@ def authenticate_client_id(self, client_id, request, *args, **kwargs): log.debug('Authenticate failed, client not found.') return False - # attach client on request for convenience request.client = client return True