mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-27 03:54:01 +03:00
Merge pull request #915 from aburgel/fix-oauth-bad-consumer-key
Fix serialization exception caused by non-existent consumer
This commit is contained in:
commit
db8d61196a
|
@ -230,8 +230,9 @@ class OAuthAuthentication(BaseAuthentication):
|
||||||
try:
|
try:
|
||||||
consumer_key = oauth_request.get_parameter('oauth_consumer_key')
|
consumer_key = oauth_request.get_parameter('oauth_consumer_key')
|
||||||
consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key)
|
consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key)
|
||||||
except oauth_provider.store.InvalidConsumerError as err:
|
except oauth_provider.store.InvalidConsumerError:
|
||||||
raise exceptions.AuthenticationFailed(err)
|
msg = 'Invalid consumer token: %s' % oauth_request.get_parameter('oauth_consumer_key')
|
||||||
|
raise exceptions.AuthenticationFailed(msg)
|
||||||
|
|
||||||
if consumer.status != oauth_provider.consts.ACCEPTED:
|
if consumer.status != oauth_provider.consts.ACCEPTED:
|
||||||
msg = 'Invalid consumer key status: %s' % consumer.get_status_display()
|
msg = 'Invalid consumer key status: %s' % consumer.get_status_display()
|
||||||
|
|
|
@ -428,6 +428,47 @@ class OAuthTests(TestCase):
|
||||||
response = self.csrf_client.post('/oauth-with-scope/', params)
|
response = self.csrf_client.post('/oauth-with-scope/', params)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
|
@unittest.skipUnless(oauth_provider, 'django-oauth-plus not installed')
|
||||||
|
@unittest.skipUnless(oauth, 'oauth2 not installed')
|
||||||
|
def test_bad_consumer_key(self):
|
||||||
|
"""Ensure POSTing using HMAC_SHA1 signature method passes"""
|
||||||
|
params = {
|
||||||
|
'oauth_version': "1.0",
|
||||||
|
'oauth_nonce': oauth.generate_nonce(),
|
||||||
|
'oauth_timestamp': int(time.time()),
|
||||||
|
'oauth_token': self.token.key,
|
||||||
|
'oauth_consumer_key': 'badconsumerkey'
|
||||||
|
}
|
||||||
|
|
||||||
|
req = oauth.Request(method="POST", url="http://testserver/oauth/", parameters=params)
|
||||||
|
|
||||||
|
signature_method = oauth.SignatureMethod_HMAC_SHA1()
|
||||||
|
req.sign_request(signature_method, self.consumer, self.token)
|
||||||
|
auth = req.to_header()["Authorization"]
|
||||||
|
|
||||||
|
response = self.csrf_client.post('/oauth/', HTTP_AUTHORIZATION=auth)
|
||||||
|
self.assertEqual(response.status_code, 401)
|
||||||
|
|
||||||
|
@unittest.skipUnless(oauth_provider, 'django-oauth-plus not installed')
|
||||||
|
@unittest.skipUnless(oauth, 'oauth2 not installed')
|
||||||
|
def test_bad_token_key(self):
|
||||||
|
"""Ensure POSTing using HMAC_SHA1 signature method passes"""
|
||||||
|
params = {
|
||||||
|
'oauth_version': "1.0",
|
||||||
|
'oauth_nonce': oauth.generate_nonce(),
|
||||||
|
'oauth_timestamp': int(time.time()),
|
||||||
|
'oauth_token': 'badtokenkey',
|
||||||
|
'oauth_consumer_key': self.consumer.key
|
||||||
|
}
|
||||||
|
|
||||||
|
req = oauth.Request(method="POST", url="http://testserver/oauth/", parameters=params)
|
||||||
|
|
||||||
|
signature_method = oauth.SignatureMethod_HMAC_SHA1()
|
||||||
|
req.sign_request(signature_method, self.consumer, self.token)
|
||||||
|
auth = req.to_header()["Authorization"]
|
||||||
|
|
||||||
|
response = self.csrf_client.post('/oauth/', HTTP_AUTHORIZATION=auth)
|
||||||
|
self.assertEqual(response.status_code, 401)
|
||||||
|
|
||||||
class OAuth2Tests(TestCase):
|
class OAuth2Tests(TestCase):
|
||||||
"""OAuth 2.0 authentication"""
|
"""OAuth 2.0 authentication"""
|
||||||
|
|
Loading…
Reference in New Issue
Block a user