From eba71ac76c6f32a23135c1450daad4cad4189f14 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Mon, 13 Sep 2021 16:40:50 +0200
Subject: [PATCH] Fix regression: OAuth2 authorize endpoint rejects empty scope
parameter
Fixes #115
Regression was introduced by 45d4598 (Replace flask_oauthlib with plain oauthlib).
---
tests/test_oauth2.py | 6 ++++++
uffd/oauth2/views.py | 2 ++
2 files changed, 8 insertions(+)
diff --git a/tests/test_oauth2.py b/tests/test_oauth2.py
index a4fb8295..17d9cb70 100644
--- a/tests/test_oauth2.py
+++ b/tests/test_oauth2.py
@@ -90,6 +90,12 @@ class TestViews(UffdTestCase):
r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', redirect_uri='http://localhost:5009/callback'), follow_redirects=False)
self.assert_authorization(r)
+ # Regression test for #115 (OAuth2 authorize endpoint rejects empty scope parameter)
+ def test_authorization_empty_scope(self):
+ self.login_as('user')
+ r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', scope='', redirect_uri='http://localhost:5009/callback'), follow_redirects=False)
+ self.assert_authorization(r)
+
def test_authorization_invalid_scope(self):
self.login_as('user')
r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', redirect_uri='http://localhost:5009/callback', scope='invalid'), follow_redirects=False)
diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
index 001e3754..3b580aef 100644
--- a/uffd/oauth2/views.py
+++ b/uffd/oauth2/views.py
@@ -50,6 +50,8 @@ class UffdRequestValidator(oauthlib.oauth2.RequestValidator):
return oauthreq.client.default_scopes
def validate_scopes(self, client_id, scopes, client, oauthreq, *args, **kwargs):
+ if scopes == ['']:
+ oauthreq.scopes = scopes = self.get_default_scopes(client_id, oauthreq)
return set(scopes).issubset({'profile'})
def save_authorization_code(self, client_id, code, oauthreq, *args, **kwargs):
--
GitLab