Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug in require_oauth decorator? #3

Open
daniel-lundin opened this issue Dec 12, 2012 · 3 comments
Open

Bug in require_oauth decorator? #3

daniel-lundin opened this issue Dec 12, 2012 · 3 comments

Comments

@daniel-lundin
Copy link

First, thanks for your great efforts in this project.

I've found that I don't need to provide oauth_token_secret when requiring an access token from an authorized request token.

The require_oauth decorator looks strange to me.
The return value from oauthlib.oauth1.rfc5849.Server.verify_request is actually a tuple so if-statement will always run:
https://github.com/ib-lundgren/flask-oauthprovider/blob/master/flask_oauthprovider.py#L286

Am I missing something?
@ib-lundgren
Copy link
Owner

Hey,

This extension was a quick proof of concept while working on oauthlib and was sadly slightly forgotten since as I ran out of free time to work on it. The little time I have over to spend now days I do on oauthlib directly.

Regarding the return value, it used to only be a bool and I've not updated to match the tuple return value.

I'm planning some api additions to oauth 1 server and when those are into oauthlib I'll try and find a moment to update this extension a bit =)

@daniel-lundin
Copy link
Author

Ah, I see.

I think I will write a provider based directly on oauth 1 server then instead for now.

Thank you.

@ib-lundgren
Copy link
Owner

Go for it! And please let me know how things go =)

I'll ping you when I've made the updates. flask-oauthprovider is quite a thin layer between oauthlib and an actual implementation and might serve best as a guide. As far as the example goes I think if you update the return value to include the request object it should work fine (knock on wood, I've not read the code in months).

valid = self.verify_request(...
valid, request = self.verify_request(...

datalogics-kam added a commit to datalogics/flask-oauthprovider that referenced this issue Mar 29, 2013
@datalogics-kam
require_oauth decorator was always succeeding.
f56c268 
verify_request() returns a tuple of (valid, oauth_request). The code was
treating it as if it returned just a bool, and since the never-empty
tuple was always truthy, requests always seemed to work.

Fixes ib-lundgren/flask-oauthprovider/ib-lundgren#3
datalogics-kam added a commit to datalogics-kam/flask-oauthprovider that referenced this issue Mar 29, 2013
@datalogics-kam
require_oauth decorator was always succeeding.
5249a17 
verify_request() returns a tuple of (valid, oauth_request). The code was
treating it as if it returned just a bool, and since the never-empty
tuple was always truthy, requests always seemed to work.

Fixes ib-lundgren/flask-oauthprovider/ib-lundgren#3
@datalogics-kam datalogics-kam mentioned this issue Mar 29, 2013
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daniel-lundin @ib-lundgren