diff options
| author | Jessica Tallon <tsyesika@tsyesika.se> | 2015-08-21 17:57:39 +0200 |
|---|---|---|
| committer | Jessica Tallon <tsyesika@tsyesika.se> | 2015-08-21 17:57:39 +0200 |
| commit | e9bb5879f772e4d546aadb4bb6f935c7c55b8000 (patch) | |
| tree | 28a6c88d8b5e21bf4c0c4fbffdea4689595dd535 /mediagoblin/oauth/views.py | |
| parent | 3b4ad554c7ae17b1b6e431e235e7744e7670be89 (diff) | |
| download | mediagoblin-e9bb5879f772e4d546aadb4bb6f935c7c55b8000.tar.lz mediagoblin-e9bb5879f772e4d546aadb4bb6f935c7c55b8000.tar.xz mediagoblin-e9bb5879f772e4d546aadb4bb6f935c7c55b8000.zip | |
Fix #5344 - OAuth NotImplemented exception
This introduces a migration which adds a dummy Client, RequestToken
and AccessToken. These are used when an invalid request comes in,
instead of bailing early, it needs dummy data to prevent timing
attacks.
This then implements the methods which get the IDs of the dummy
objects. If these are changed in the future a migration which checks
for the previous dummy object should be created and updates them to
reflect the new IDs/tokens.
Diffstat (limited to 'mediagoblin/oauth/views.py')
| -rw-r--r-- | mediagoblin/oauth/views.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mediagoblin/oauth/views.py b/mediagoblin/oauth/views.py index 1b4787d6..2bfaab3e 100644 --- a/mediagoblin/oauth/views.py +++ b/mediagoblin/oauth/views.py @@ -211,7 +211,7 @@ def request_token(request): error = "Invalid client_id" return json_response({"error": error}, status=400) - # make request token and return to client + # make request token and return to client request_validator = GMGRequestValidator(authorization) rv = RequestTokenEndpoint(request_validator) tokens = rv.create_request_token(request, authorization) |