aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJessica Tallon <jessica@megworld.co.uk>2014-11-04 09:54:04 +0000
committerJessica Tallon <jessica@megworld.co.uk>2014-11-04 10:42:31 +0000
commit4fc1671d84d834fefb616e8cbe72c8c2b64095b3 (patch)
treea80cc50ce20912597ae4d5c3a190dc36364cf2d5
parentaa68730237700a812e4d3aa5cd94458282e205de (diff)
downloadmediagoblin-4fc1671d84d834fefb616e8cbe72c8c2b64095b3.tar.lz
mediagoblin-4fc1671d84d834fefb616e8cbe72c8c2b64095b3.tar.xz
mediagoblin-4fc1671d84d834fefb616e8cbe72c8c2b64095b3.zip
Fix #1016 - Covert the timestamp from seconds to datetime object
-rw-r--r--mediagoblin/oauth/oauth.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/mediagoblin/oauth/oauth.py b/mediagoblin/oauth/oauth.py
index 8a60392c..7dc5aa5b 100644
--- a/mediagoblin/oauth/oauth.py
+++ b/mediagoblin/oauth/oauth.py
@@ -13,6 +13,7 @@
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import datetime
from oauthlib.common import Request
from oauthlib.oauth1 import RequestValidator
@@ -64,6 +65,14 @@ class GMGRequestValidator(RequestValidator):
def validate_timestamp_and_nonce(self, client_key, timestamp,
nonce, request, request_token=None,
access_token=None):
+ # RFC5849 (OAuth 1.0) section 3.3 says the timestamp is going
+ # to be seconds after the epoch, we need to convert for postgres
+ try:
+ timestamp = datetime.datetime.fromtimestamp(float(timestamp))
+ except ValueError:
+ # Well, the client must have passed up something ridiculous
+ return False
+
nc = NonceTimestamp.query.filter_by(timestamp=timestamp, nonce=nonce)
nc = nc.first()
if nc is None: