Skip to content
Snippets Groups Projects
Commit eba71ac7 authored by Julian's avatar Julian
Browse files

Fix regression: OAuth2 authorize endpoint rejects empty scope parameter

Fixes #115

Regression was introduced by 45d4598e (Replace flask_oauthlib with plain oauthlib).
parent c07193c6
No related branches found
No related tags found
No related merge requests found
...@@ -90,6 +90,12 @@ class TestViews(UffdTestCase): ...@@ -90,6 +90,12 @@ class TestViews(UffdTestCase):
r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', redirect_uri='http://localhost:5009/callback'), follow_redirects=False) r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', redirect_uri='http://localhost:5009/callback'), follow_redirects=False)
self.assert_authorization(r) self.assert_authorization(r)
# Regression test for #115 (OAuth2 authorize endpoint rejects empty scope parameter)
def test_authorization_empty_scope(self):
self.login_as('user')
r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', scope='', redirect_uri='http://localhost:5009/callback'), follow_redirects=False)
self.assert_authorization(r)
def test_authorization_invalid_scope(self): def test_authorization_invalid_scope(self):
self.login_as('user') self.login_as('user')
r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', redirect_uri='http://localhost:5009/callback', scope='invalid'), follow_redirects=False) r = self.client.get(path=url_for('oauth2.authorize', response_type='code', client_id='test', state='teststate', redirect_uri='http://localhost:5009/callback', scope='invalid'), follow_redirects=False)
......
...@@ -50,6 +50,8 @@ class UffdRequestValidator(oauthlib.oauth2.RequestValidator): ...@@ -50,6 +50,8 @@ class UffdRequestValidator(oauthlib.oauth2.RequestValidator):
return oauthreq.client.default_scopes return oauthreq.client.default_scopes
def validate_scopes(self, client_id, scopes, client, oauthreq, *args, **kwargs): def validate_scopes(self, client_id, scopes, client, oauthreq, *args, **kwargs):
if scopes == ['']:
oauthreq.scopes = scopes = self.get_default_scopes(client_id, oauthreq)
return set(scopes).issubset({'profile'}) return set(scopes).issubset({'profile'})
def save_authorization_code(self, client_id, code, oauthreq, *args, **kwargs): def save_authorization_code(self, client_id, code, oauthreq, *args, **kwargs):
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment