[Python-modules-commits] [python-oauthlib] 02/03: Import python-oauthlib_2.0.1.orig.tar.gz
Daniele Tricoli
eriol-guest at moszumanska.debian.org
Sun Dec 4 17:51:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
eriol-guest pushed a commit to branch master
in repository python-oauthlib.
commit d08e30fe1cb7ccdbbd34866ee8410ef3938e3682
Author: Daniele Tricoli <eriol at mornie.org>
Date: Sat Dec 3 01:27:42 2016 +0100
Import python-oauthlib_2.0.1.orig.tar.gz
---
CHANGELOG.rst | 4 ++
PKG-INFO | 2 +-
oauthlib.egg-info/PKG-INFO | 2 +-
oauthlib/__init__.py | 2 +-
oauthlib/oauth2/rfc6749/endpoints/authorization.py | 5 +-
oauthlib/oauth2/rfc6749/endpoints/token.py | 9 +++-
.../oauth2/rfc6749/grant_types/openid_connect.py | 9 ++--
oauthlib/oauth2/rfc6749/tokens.py | 3 ++
setup.cfg | 2 +-
.../rfc6749/endpoints/test_scope_handling.py | 57 +++++++++++++---------
tests/oauth2/rfc6749/test_server.py | 27 ++++++++++
11 files changed, 88 insertions(+), 34 deletions(-)
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4055a14..933a44a 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,10 @@
Changelog
=========
+2.0.1 (2016-11-23)
+------------------
+* (FIX) Normalize handling of request.scopes list
+
2.0.0 (2016-09-03)
------------------
* (New Feature) **OpenID** support.
diff --git a/PKG-INFO b/PKG-INFO
index aff62f3..20afd67 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: oauthlib
-Version: 2.0.0
+Version: 2.0.1
Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Home-page: https://github.com/idan/oauthlib
Author: Ib Lundgren
diff --git a/oauthlib.egg-info/PKG-INFO b/oauthlib.egg-info/PKG-INFO
index aff62f3..20afd67 100644
--- a/oauthlib.egg-info/PKG-INFO
+++ b/oauthlib.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: oauthlib
-Version: 2.0.0
+Version: 2.0.1
Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Home-page: https://github.com/idan/oauthlib
Author: Ib Lundgren
diff --git a/oauthlib/__init__.py b/oauthlib/__init__.py
index 0bb9096..93940ec 100644
--- a/oauthlib/__init__.py
+++ b/oauthlib/__init__.py
@@ -10,7 +10,7 @@
"""
__author__ = 'Idan Gazit <idan at gazit.me>'
-__version__ = '2.0.0'
+__version__ = '2.0.1'
import logging
diff --git a/oauthlib/oauth2/rfc6749/endpoints/authorization.py b/oauthlib/oauth2/rfc6749/endpoints/authorization.py
index adc9f85..de100b1 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/authorization.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/authorization.py
@@ -10,6 +10,7 @@ from __future__ import absolute_import, unicode_literals
import logging
from oauthlib.common import Request
+from oauthlib.oauth2.rfc6749 import utils
from .base import BaseEndpoint, catch_errors_and_unavailability
@@ -107,7 +108,9 @@ class AuthorizationEndpoint(BaseEndpoint):
"""Extract response_type and route to the designated handler."""
request = Request(
uri, http_method=http_method, body=body, headers=headers)
- request.scopes = None
+
+ request.scopes = utils.scope_to_list(request.scope)
+
response_type_handler = self.response_types.get(
request.response_type, self.default_response_type_handler)
return response_type_handler.validate_authorization_request(request)
diff --git a/oauthlib/oauth2/rfc6749/endpoints/token.py b/oauthlib/oauth2/rfc6749/endpoints/token.py
index c093e1e..96cfbc7 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/token.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/token.py
@@ -11,6 +11,7 @@ from __future__ import absolute_import, unicode_literals
import logging
from oauthlib.common import Request
+from oauthlib.oauth2.rfc6749 import utils
from .base import BaseEndpoint, catch_errors_and_unavailability
@@ -91,7 +92,13 @@ class TokenEndpoint(BaseEndpoint):
"""Extract grant_type and route to the designated handler."""
request = Request(
uri, http_method=http_method, body=body, headers=headers)
- request.scopes = None
+
+ # 'scope' is an allowed Token Request param in both the "Resource Owner Password Credentials Grant"
+ # and "Client Credentials Grant" flows
+ # https://tools.ietf.org/html/rfc6749#section-4.3.2
+ # https://tools.ietf.org/html/rfc6749#section-4.4.2
+ request.scopes = utils.scope_to_list(request.scope)
+
request.extra_credentials = credentials
if grant_type_for_scope:
request.grant_type = grant_type_for_scope
diff --git a/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py b/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py
index d09893e..6cc3772 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py
@@ -64,7 +64,7 @@ class AuthCodeGrantDispatcher(object):
def _handler_for_request(self, request):
handler = self.default_auth_grant
- if "openid" in request.scopes:
+ if request.scopes and "openid" in request.scopes:
handler = self.oidc_auth_grant
log.debug('Selecting handler for request %r.', handler)
@@ -96,7 +96,7 @@ class OpenIDConnectBase(GrantTypeBase):
def add_id_token(self, token, token_handler, request):
# Treat it as normal OAuth 2 auth code request if openid is not present
- if 'openid' not in request.scopes:
+ if not request.scopes or 'openid' not in request.scopes:
return token
# Only add an id token on auth/token step if asked for.
@@ -249,7 +249,7 @@ class OpenIDConnectBase(GrantTypeBase):
"""
# Treat it as normal OAuth 2 auth code request if openid is not present
- if not 'openid' in request.scopes:
+ if not request.scopes or 'openid' not in request.scopes:
return {}
# prompt other than 'none' should be handled by the server code that uses oauthlib
@@ -289,7 +289,8 @@ class OpenIDConnectBase(GrantTypeBase):
if request.response_type == 'token':
return {}
- if not 'openid' in request.scopes:
+ # Treat it as normal OAuth 2 auth code request if openid is not present
+ if not request.scopes or 'openid' not in request.scopes:
return {}
# REQUIRED. String value used to associate a Client session with an ID
diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py
index 06ff558..2060de1 100644
--- a/oauthlib/oauth2/rfc6749/tokens.py
+++ b/oauthlib/oauth2/rfc6749/tokens.py
@@ -262,6 +262,9 @@ class BearerToken(TokenBase):
'token_type': 'Bearer',
}
+ # If provided, include - this is optional in some cases https://tools.ietf.org/html/rfc6749#section-3.3 but
+ # there is currently no mechanism to coordinate issuing a token for only a subset of the requested scopes so
+ # all tokens issued are for the entire set of requested scopes.
if request.scopes is not None:
token['scope'] = ' '.join(request.scopes)
diff --git a/setup.cfg b/setup.cfg
index 861a9f5..6bc2ff3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,5 @@
[egg_info]
-tag_build =
tag_date = 0
+tag_build =
tag_svn_revision = 0
diff --git a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
index f48a4f9..3c3ee5e 100644
--- a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
+++ b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
@@ -12,7 +12,7 @@ from ....unittest import TestCase
from oauthlib.oauth2 import RequestValidator
from oauthlib.oauth2 import WebApplicationServer, MobileApplicationServer
-from oauthlib.oauth2 import LegacyApplicationServer, BackendApplicationServer
+from oauthlib.oauth2 import LegacyApplicationServer, BackendApplicationServer, Server
class TestScopeHandling(TestCase):
@@ -41,6 +41,7 @@ class TestScopeHandling(TestCase):
self.validator = mock.MagicMock(spec=RequestValidator)
self.validator.get_default_redirect_uri.return_value = TestScopeHandling.DEFAULT_REDIRECT_URI
self.validator.authenticate_client.side_effect = self.set_client
+ self.server = Server(self.validator)
self.web = WebApplicationServer(self.validator)
self.mobile = MobileApplicationServer(self.validator)
self.legacy = LegacyApplicationServer(self.validator)
@@ -50,6 +51,7 @@ class TestScopeHandling(TestCase):
scopes = (
('images', ['images']),
('images+videos', ['images', 'videos']),
+ ('images+videos+openid', ['images', 'videos', 'openid']),
('http%3A%2f%2fa.b%2fvideos', ['http://a.b/videos']),
('http%3A%2f%2fa.b%2fvideos+pics', ['http://a.b/videos', 'pics']),
('pics+http%3A%2f%2fa.b%2fvideos', ['pics', 'http://a.b/videos']),
@@ -64,6 +66,9 @@ class TestScopeHandling(TestCase):
scopes, _ = self.mobile.validate_authorization_request(
uri % (scope, 'token'))
self.assertItemsEqual(scopes, correct_scopes)
+ scopes, _ = self.server.validate_authorization_request(
+ uri % (scope, 'code'))
+ self.assertItemsEqual(scopes, correct_scopes)
def test_scope_preservation(self):
scope = 'pics+http%3A%2f%2fa.b%2fvideos'
@@ -72,36 +77,40 @@ class TestScopeHandling(TestCase):
token_uri = 'http://example.com/path'
# authorization grant
- h, _, s = self.web.create_authorization_response(
- auth_uri + 'code', scopes=decoded_scope.split(' '))
- self.validator.validate_code.side_effect = self.set_scopes(decoded_scope.split(' '))
- self.assertEqual(s, 302)
- self.assertIn('Location', h)
- code = get_query_credentials(h['Location'])['code'][0]
- _, body, _ = self.web.create_token_response(token_uri,
- body='grant_type=authorization_code&code=%s' % code)
- self.assertEqual(json.loads(body)['scope'], decoded_scope)
+ for backend_server_type in ['web', 'server']:
+ h, _, s = getattr(self, backend_server_type).create_authorization_response(
+ auth_uri + 'code', scopes=decoded_scope.split(' '))
+ self.validator.validate_code.side_effect = self.set_scopes(decoded_scope.split(' '))
+ self.assertEqual(s, 302)
+ self.assertIn('Location', h)
+ code = get_query_credentials(h['Location'])['code'][0]
+ _, body, _ = getattr(self, backend_server_type).create_token_response(token_uri,
+ body='grant_type=authorization_code&code=%s' % code)
+ self.assertEqual(json.loads(body)['scope'], decoded_scope)
# implicit grant
- h, _, s = self.mobile.create_authorization_response(
- auth_uri + 'token', scopes=decoded_scope.split(' '))
- self.assertEqual(s, 302)
- self.assertIn('Location', h)
- self.assertEqual(get_fragment_credentials(h['Location'])['scope'][0], decoded_scope)
+ for backend_server_type in ['mobile', 'server']:
+ h, _, s = getattr(self, backend_server_type).create_authorization_response(
+ auth_uri + 'token', scopes=decoded_scope.split(' '))
+ self.assertEqual(s, 302)
+ self.assertIn('Location', h)
+ self.assertEqual(get_fragment_credentials(h['Location'])['scope'][0], decoded_scope)
# resource owner password credentials grant
- body = 'grant_type=password&username=abc&password=secret&scope=%s'
+ for backend_server_type in ['legacy', 'server']:
+ body = 'grant_type=password&username=abc&password=secret&scope=%s'
- _, body, _ = self.legacy.create_token_response(token_uri,
- body=body % scope)
- self.assertEqual(json.loads(body)['scope'], decoded_scope)
+ _, body, _ = getattr(self, backend_server_type).create_token_response(token_uri,
+ body=body % scope)
+ self.assertEqual(json.loads(body)['scope'], decoded_scope)
# client credentials grant
- body = 'grant_type=client_credentials&scope=%s'
- self.validator.authenticate_client.side_effect = self.set_user
- _, body, _ = self.backend.create_token_response(token_uri,
- body=body % scope)
- self.assertEqual(json.loads(body)['scope'], decoded_scope)
+ for backend_server_type in ['backend', 'server']:
+ body = 'grant_type=client_credentials&scope=%s'
+ self.validator.authenticate_client.side_effect = self.set_user
+ _, body, _ = getattr(self, backend_server_type).create_token_response(token_uri,
+ body=body % scope)
+ self.assertEqual(json.loads(body)['scope'], decoded_scope)
def test_scope_changed(self):
scope = 'pics+http%3A%2f%2fa.b%2fvideos'
diff --git a/tests/oauth2/rfc6749/test_server.py b/tests/oauth2/rfc6749/test_server.py
index fe7edd7..aff0d84 100644
--- a/tests/oauth2/rfc6749/test_server.py
+++ b/tests/oauth2/rfc6749/test_server.py
@@ -151,6 +151,19 @@ class TokenEndpointTest(TestCase):
'expires_in': self.expires_in,
'access_token': 'abc',
'refresh_token': 'abc',
+ 'scope': 'all of them',
+ 'state': 'xyz'
+ }
+ self.assertEqual(json.loads(body), token)
+
+ body = 'grant_type=authorization_code&code=abc&state=xyz'
+ headers, body, status_code = self.endpoint.create_token_response(
+ '', body=body)
+ token = {
+ 'token_type': 'Bearer',
+ 'expires_in': self.expires_in,
+ 'access_token': 'abc',
+ 'refresh_token': 'abc',
'state': 'xyz'
}
self.assertEqual(json.loads(body), token)
@@ -271,6 +284,20 @@ twIDAQAB
'expires_in': self.expires_in,
'access_token': body['access_token'],
'refresh_token': 'abc',
+ 'scope': 'all of them',
+ 'state': 'xyz'
+ }
+ self.assertEqual(body, token)
+
+ body = 'grant_type=authorization_code&code=abc&state=xyz'
+ headers, body, status_code = self.endpoint.create_token_response(
+ '', body=body)
+ body = json.loads(body)
+ token = {
+ 'token_type': 'Bearer',
+ 'expires_in': self.expires_in,
+ 'access_token': body['access_token'],
+ 'refresh_token': 'abc',
'state': 'xyz'
}
self.assertEqual(body, token)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-oauthlib.git
More information about the Python-modules-commits
mailing list