Merge branch 'master' of https://github.com/idan/oauthlib

AUTHORS

@@ -14,3 +14,4 @@ Tom Christie
 Chez
 Ondrej Slinták
 Mackenzie Thompson
+Hsiaoming Yang

oauthlib/oauth2/rfc6749/parameters.py

@@ -19,7 +19,7 @@
 from .errors import raise_from_error, MissingTokenError, MissingTokenTypeError
 from .errors import MismatchingStateError, MissingCodeError
 from .errors import InsecureTransportError
-from .utils import list_to_scope, scope_to_list
+from .utils import list_to_scope, scope_to_list, is_secure_transport
 
 
 def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None,
@@ -61,7 +61,7 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None,
     .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
     .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12
     """
-    if not uri.startswith('https://'):
+    if not is_secure_transport(uri):
         raise InsecureTransportError()
 
     params = [(('response_type', response_type)),
@@ -157,7 +157,7 @@ def parse_authorization_code_response(uri, state=None):
                 &state=xyz
 
     """
-    if not uri.lower().startswith('https://'):
+    if not is_secure_transport(uri.lower()):
         raise InsecureTransportError()
 
     query = urlparse.urlparse(uri).query
@@ -213,7 +213,7 @@ def parse_implicit_response(uri, state=None, scope=None):
         Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
                 &state=xyz&token_type=example&expires_in=3600
     """
-    if not uri.lower().startswith('https://'):
+    if not is_secure_transport(uri.lower()):
         raise InsecureTransportError()
 
     fragment = urlparse.urlparse(uri).fragment

oauthlib/oauth2/rfc6749/request_validator.py

@@ -337,7 +337,7 @@ def validate_refresh_token(self, refresh_token, client, request, *args, **kwargs
         raise NotImplementedError('Subclasses must implement this method.')
 
     def validate_response_type(self, client_id, response_type, client, request, *args, **kwargs):
-        """Ensure client is authorized to use the grant_type requested.
+        """Ensure client is authorized to use the response_type requested.
 
         :param client_id: Unicode client identifier
         :param response_type: Unicode response type, i.e. code, token.

oauthlib/oauth2/rfc6749/utils.py

@@ -8,6 +8,7 @@
 This module contains utility methods used by various parts of the OAuth 2 spec.
 """
 
+import os
 import datetime
 try:
     from urllib import quote
@@ -80,3 +81,10 @@ def generate_age(issue_time):
     td = datetime.datetime.now() - issue_time
     age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6
     return unicode_type(age)
+
+
+def is_secure_transport(uri):
+    """Check if the uri is over ssl."""
+    if os.environ.get('DEBUG'):
+        return True
+    return uri.startswith('https://')

tests/oauth2/rfc6749/test_utils.py

@@ -1,7 +1,9 @@
 from __future__ import absolute_import, unicode_literals
 
+import os
 from ...unittest import TestCase
 from oauthlib.oauth2.rfc6749.utils import escape, host_from_uri
+from oauthlib.oauth2.rfc6749.utils import is_secure_transport
 
 
 class UtilsTests(TestCase):
@@ -21,3 +23,15 @@ def test_host_from_uri(self):
         self.assertEqual(host_from_uri('https://a.b.com:8080'), ('a.b.com', '8080'))
         self.assertEqual(host_from_uri('http://www.example.com'), ('www.example.com', '80'))
         self.assertEqual(host_from_uri('https://www.example.com'), ('www.example.com', '443'))
+
+    def test_is_secure_transport(self):
+        """Test check secure uri."""
+        if 'DEBUG' in os.environ:
+            del os.environ['DEBUG']
+
+        self.assertTrue(is_secure_transport('https://example.com'))
+        self.assertFalse(is_secure_transport('http://example.com'))
+
+        os.environ['DEBUG'] = '1'
+        self.assertTrue(is_secure_transport('http://example.com'))
+        del os.environ['DEBUG']