From 86ee2d1a0e9057e26add65807191fc28b0eec568 Mon Sep 17 00:00:00 2001
From: Jessica Tallon <tsyesika@tsyesika.se>
Date: Sun, 20 Dec 2015 01:11:31 +0000
Subject: Fix security issue in OAuth verifier validation

---
 mediagoblin/oauth/oauth.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'mediagoblin/oauth/oauth.py')

diff --git a/mediagoblin/oauth/oauth.py b/mediagoblin/oauth/oauth.py
index c7951734..4a7f25c2 100644
--- a/mediagoblin/oauth/oauth.py
+++ b/mediagoblin/oauth/oauth.py
@@ -100,6 +100,17 @@ class GMGRequestValidator(RequestValidator):
 
         return True
 
+    def validate_verifier(self, token, verifier):
+        """ Verifies the verifier token is correct. """
+        request_token = RequestToken.query.filter_by(token=token).first()
+        if request_token is None:
+            return False
+
+        if request_token.verifier != verifier:
+            return False
+
+        return True
+
     def validate_access_token(self, client_key, token, request):
         """ Verifies token exists for client with id of client_key """
         client = Client.query.filter_by(id=client_key).first()
-- 
cgit v1.2.3