From 73ed8f4dd3c496ce06bf691627f48988c2e62b3e Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Wed, 3 Jul 2013 15:08:18 +0800 Subject: [PATCH 1/2] use realms as the list container, realm as the string container --- .../oauth1/rfc5849/endpoints/access_token.py | 4 ++-- .../oauth1/rfc5849/endpoints/request_token.py | 12 +++++----- oauthlib/oauth1/rfc5849/endpoints/resource.py | 14 +++++------ oauthlib/oauth1/rfc5849/request_validator.py | 24 +++++++++---------- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/oauthlib/oauth1/rfc5849/endpoints/access_token.py b/oauthlib/oauth1/rfc5849/endpoints/access_token.py index 24727bbd..9ad185a8 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/access_token.py +++ b/oauthlib/oauth1/rfc5849/endpoints/access_token.py @@ -35,13 +35,13 @@ def create_access_token(self, request, credentials): :param request: An oauthlib.common.Request object. :returns: The token as an urlencoded string. """ - request.realm = self.request_validator.get_realms( + request.realms = self.request_validator.get_realms( request.oauth_token, request) token = { 'oauth_token': self.token_generator(), 'oauth_token_secret': self.token_generator(), # Backport the authorized scopes indication used in OAuth2 - 'oauth_authorized_realms': ' '.join(request.realm) + 'oauth_authorized_realms': ' '.join(request.realms) } token.update(credentials) self.request_validator.save_access_token(token, request) diff --git a/oauthlib/oauth1/rfc5849/endpoints/request_token.py b/oauthlib/oauth1/rfc5849/endpoints/request_token.py index 0fe8e3d4..2956bcc4 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/request_token.py +++ b/oauthlib/oauth1/rfc5849/endpoints/request_token.py @@ -117,14 +117,14 @@ def validate_request_token_request(self, request): self._check_mandatory_parameters(request) if request.realm: - request.realm = request.realm.split(' ') + request.realms = request.realm.split(' ') else: - request.realm = self.request_validator.get_default_realms( + request.realms = self.request_validator.get_default_realms( request.client_key, request) - if not self.request_validator.check_realm(request.realm): + if not self.request_validator.check_realms(request.realms): raise errors.InvalidRequestError( description='Invalid realm %s. Allowed are %r.' % ( - request.realm, self.request_validator.realms)) + request.realms, self.request_validator.realms)) if not request.redirect_uri: raise errors.InvalidRequestError( @@ -169,8 +169,8 @@ def validate_request_token_request(self, request): # Access to protected resources will always validate the realm but note # that the realm is now tied to the access token and not provided by # the client. - valid_realm = self.request_validator.validate_requested_realm( - request.client_key, request.realm, request) + valid_realm = self.request_validator.validate_requested_realms( + request.client_key, request.realms, request) # Callback is normally never required, except for requests for # a Temporary Credential as described in `Section 2.1`_ diff --git a/oauthlib/oauth1/rfc5849/endpoints/resource.py b/oauthlib/oauth1/rfc5849/endpoints/resource.py index 9ca49cb0..8391745e 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/resource.py +++ b/oauthlib/oauth1/rfc5849/endpoints/resource.py @@ -42,7 +42,7 @@ def wrapper(request, *args, **kwargs): http_method=request.method, body=request.data, headers=request.headers, - valid_realms=realms or []) + realms=realms or []) if v: return f(*args, **kwargs) else: @@ -50,16 +50,16 @@ def wrapper(request, *args, **kwargs): """ def validate_protected_resource_request(self, uri, http_method='GET', - body=None, headers=None, valid_realms=None): + body=None, headers=None, realms=None): """Create a request token response, with a new request token if valid. :param uri: The full URI of the token request. :param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc. :param body: The request body as a string. :param headers: The request headers as a dict. - :param valid_realms: A list of realms the resource is protected under. - This will be supplied to the ``validate_realm`` - method of the request validator. + :param realms: A list of realms the resource is protected under. + This will be supplied to the ``validate_realms`` + method of the request validator. :returns: A tuple of 2 elements. 1. True if valid, False otherwise. 2. An oauthlib.common.Request object. @@ -133,9 +133,9 @@ def validate_protected_resource_request(self, uri, http_method='GET', # Access to protected resources will always validate the realm but note # that the realm is now tied to the access token and not provided by # the client. - valid_realm = self.request_validator.validate_realm(request.client_key, + valid_realm = self.request_validator.validate_realms(request.client_key, request.resource_owner_key, request, uri=request.uri, - valid_realms=valid_realms) + realms=realms) valid_signature = self._check_signature(request) diff --git a/oauthlib/oauth1/rfc5849/request_validator.py b/oauthlib/oauth1/rfc5849/request_validator.py index 9bf57d07..de5b623f 100644 --- a/oauthlib/oauth1/rfc5849/request_validator.py +++ b/oauthlib/oauth1/rfc5849/request_validator.py @@ -30,7 +30,7 @@ class RequestValidator(object): - check_access_token - check_nonce - check_verifier - - check_realm + - check_realms The methods above default to whitelist input parameters, checking that they are alphanumerical and between a minimum and maximum length. Rather than @@ -55,8 +55,8 @@ class RequestValidator(object): - validate_access_token - validate_timestamp_and_nonce - validate_redirect_uri - - validate_requested_realm - - validate_realm + - validate_requested_realms + - validate_realms - validate_verifier Method used to retrieve sensitive information from storage. @@ -173,9 +173,9 @@ def check_verifier(self, verifier): return (set(verifier) <= self.safe_characters and lower <= len(verifier) <= upper) - def check_realm(self, realm): + def check_realms(self, realms): """Check that the realm is one of a set allowed realms.""" - return all((r in self.realms for r in realm)) + return all((r in self.realms for r in realms)) @property def dummy_client(self): @@ -579,11 +579,11 @@ def validate_redirect_uri(self, client_key, redirect_uri, request): """ raise NotImplementedError("Subclasses must implement this function.") - def validate_requested_realm(self, client_key, realm, request): + def validate_requested_realms(self, client_key, realms, request): """Validates that the client may request access to the realm. :param client_key: The client/consumer key. - :param realm: The list of realms that client is requesting access to. + :param realms: The list of realms that client is requesting access to. :param request: An oauthlib.common.Request object. :returns: True or False @@ -597,23 +597,23 @@ def validate_requested_realm(self, client_key, realm, request): """ raise NotImplementedError("Subclasses must implement this function.") - def validate_realm(self, client_key, token, request, uri=None, - required_realm=None): + def validate_realms(self, client_key, token, request, uri=None, + realms=None): """Validates access to the request realm. :param client_key: The client/consumer key. :param token: A request token string. :param request: An oauthlib.common.Request object. :param uri: The URI the realms is protecting. - :param required_realm: A list of realms that must have been granted to - the access token. + :param realms: A list of realms that must have been granted to + the access token. :returns: True or False How providers choose to use the realm parameter is outside the OAuth specification but it is commonly used to restrict access to a subset of protected resources such as "photos". - required_realm is a convenience parameter which can be used to provide + realms is a convenience parameter which can be used to provide a per view method pre-defined list of allowed realms. This method is used by From 0b0662708d4b27df01e78d076f7f7a482c3c5289 Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Wed, 3 Jul 2013 15:15:17 +0800 Subject: [PATCH 2/2] fix test cases for realms --- tests/oauth1/rfc5849/endpoints/test_request_token.py | 12 ++++++------ tests/oauth1/rfc5849/endpoints/test_resource.py | 6 +++--- tests/oauth1/rfc5849/test_request_validator.py | 10 +++++----- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/oauth1/rfc5849/endpoints/test_request_token.py b/tests/oauth1/rfc5849/endpoints/test_request_token.py index 38d871f7..3779acd6 100644 --- a/tests/oauth1/rfc5849/endpoints/test_request_token.py +++ b/tests/oauth1/rfc5849/endpoints/test_request_token.py @@ -17,9 +17,9 @@ def setUp(self): self.validator.get_client_secret.return_value = 'bar' self.validator.get_default_realms.return_value = ['foo'] self.validator.timestamp_lifetime = 600 - self.validator.check_realm.return_value = True + self.validator.check_realms.return_value = True self.validator.validate_client_key.return_value = True - self.validator.validate_requested_realm.return_value = True + self.validator.validate_requested_realms.return_value = True self.validator.validate_redirect_uri.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True self.validator.dummy_client = 'dummy' @@ -39,8 +39,8 @@ def test_check_redirect_uri(self): self.assertEqual(s, 400) self.assertIn('invalid_request', b) - def test_check_realm(self): - self.validator.check_realm.return_value = False + def test_check_realms(self): + self.validator.check_realms.return_value = False u, h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 400) @@ -52,8 +52,8 @@ def test_validate_client_key(self): self.uri, headers=self.headers) self.assertEqual(s, 401) - def test_validate_realm(self): - self.validator.validate_requested_realm.return_value = False + def test_validate_realms(self): + self.validator.validate_requested_realms.return_value = False u, h, b, s = self.endpoint.create_request_token_response( self.uri, headers=self.headers) self.assertEqual(s, 401) diff --git a/tests/oauth1/rfc5849/endpoints/test_resource.py b/tests/oauth1/rfc5849/endpoints/test_resource.py index 0937fdb8..6fe6b495 100644 --- a/tests/oauth1/rfc5849/endpoints/test_resource.py +++ b/tests/oauth1/rfc5849/endpoints/test_resource.py @@ -21,7 +21,7 @@ def setUp(self): self.validator.validate_client_key.return_value = True self.validator.validate_access_token.return_value = True self.validator.validate_timestamp_and_nonce.return_value = True - self.validator.validate_realm.return_value = True + self.validator.validate_realms.return_value = True self.validator.dummy_client = 'dummy' self.validator.dummy_secret = 'dummy' self.validator.dummy_access_token = 'dummy' @@ -57,8 +57,8 @@ def test_validate_access_token(self): self.uri, headers=self.headers) self.assertFalse(v) - def test_validate_realm(self): - self.validator.validate_realm.return_value = False + def test_validate_realms(self): + self.validator.validate_realms.return_value = False v, r = self.endpoint.validate_protected_resource_request( self.uri, headers=self.headers) self.assertFalse(v) diff --git a/tests/oauth1/rfc5849/test_request_validator.py b/tests/oauth1/rfc5849/test_request_validator.py index 34a950a3..e068c28f 100644 --- a/tests/oauth1/rfc5849/test_request_validator.py +++ b/tests/oauth1/rfc5849/test_request_validator.py @@ -34,9 +34,9 @@ def test_not_implemented(self): None, None, None, None) self.assertRaises(NotImplementedError, v.validate_redirect_uri, None, None, None) - self.assertRaises(NotImplementedError, v.validate_realm, + self.assertRaises(NotImplementedError, v.validate_realms, None, None, None, None, None) - self.assertRaises(NotImplementedError, v.validate_requested_realm, + self.assertRaises(NotImplementedError, v.validate_requested_realms, None, None, None) self.assertRaises(NotImplementedError, v.validate_verifier, None, None, None, None) @@ -56,9 +56,9 @@ def test_check_length(self): for valid in ('itsjustaboutlongenough',): self.assertTrue(method(valid)) - def test_check_realm(self): + def test_check_realms(self): v = RequestValidator() - self.assertFalse(v.check_realm(['foo'])) + self.assertFalse(v.check_realms(['foo'])) class FooRealmValidator(RequestValidator): @property @@ -66,4 +66,4 @@ def realms(self): return ['foo'] v = FooRealmValidator() - self.assertTrue(v.check_realm(['foo'])) + self.assertTrue(v.check_realms(['foo']))