only do dict comparisons if not tainted
This commit is contained in:
parent
cb78347ed2
commit
53f530c0af
@ -152,34 +152,35 @@ class StepwiseMathWPOAuth2(BaseOAuth2):
|
||||
))
|
||||
tainted = True
|
||||
|
||||
# a def in the third_party_auth pipeline list calls get_user_details() after its already
|
||||
# been called once. i don't know why. but, it passes the original get_user_details() dict
|
||||
# enhanced with additional token-related keys. if we receive this modified dict then we
|
||||
# should pass it along to the next defs in the pipeline.
|
||||
#
|
||||
# If most of the original keys (see dict definition below) exist in the response object
|
||||
# then we can assume that this is our case.
|
||||
qc_keys = ['id', 'date_joined', 'email', 'first_name', 'fullname', 'is_staff', 'is_superuser', 'last_name', 'username']
|
||||
if all(key in response for key in qc_keys):
|
||||
if VERBOSE_LOGGING:
|
||||
logger.info('get_user_details() - detected an enhanced get_user_details() dict in the response: {response}'.format(
|
||||
response=json.dumps(response, sort_keys=True, indent=4)
|
||||
))
|
||||
return response
|
||||
if not tainted:
|
||||
# a def in the third_party_auth pipeline list calls get_user_details() after its already
|
||||
# been called once. i don't know why. but, it passes the original get_user_details() dict
|
||||
# enhanced with additional token-related keys. if we receive this modified dict then we
|
||||
# should pass it along to the next defs in the pipeline.
|
||||
#
|
||||
# If most of the original keys (see dict definition below) exist in the response object
|
||||
# then we can assume that this is our case.
|
||||
qc_keys = ['id', 'date_joined', 'email', 'first_name', 'fullname', 'is_staff', 'is_superuser', 'last_name', 'username']
|
||||
if all(key in response for key in qc_keys):
|
||||
if VERBOSE_LOGGING:
|
||||
logger.info('get_user_details() - detected an enhanced get_user_details() dict in the response: {response}'.format(
|
||||
response=json.dumps(response, sort_keys=True, indent=4)
|
||||
))
|
||||
return response
|
||||
|
||||
# otherwise we pobably received the default response from the oauth provider based on
|
||||
# the scopes 'basic' 'email' 'profile'. We'll check a few of the most important keys to see
|
||||
# if they exist.
|
||||
if ('ID' not in response.keys()) or ('user_email' not in response.keys()) or ('user_login' not in response.keys()):
|
||||
logger.warning('get_user_details() - response object is missing one or more required keys: {response}'.format(
|
||||
response=json.dumps(response, sort_keys=True, indent=4)
|
||||
))
|
||||
tainted = True
|
||||
else:
|
||||
if VERBOSE_LOGGING:
|
||||
logger.info('get_user_details() - start. response: {response}'.format(
|
||||
# otherwise we pobably received the default response from the oauth provider based on
|
||||
# the scopes 'basic' 'email' 'profile'. We'll check a few of the most important keys to see
|
||||
# if they exist.
|
||||
if ('ID' not in response.keys()) or ('user_email' not in response.keys()) or ('user_login' not in response.keys()):
|
||||
logger.warning('get_user_details() - response object is missing one or more required keys: {response}'.format(
|
||||
response=json.dumps(response, sort_keys=True, indent=4)
|
||||
))
|
||||
))
|
||||
tainted = True
|
||||
else:
|
||||
if VERBOSE_LOGGING:
|
||||
logger.info('get_user_details() - start. response: {response}'.format(
|
||||
response=json.dumps(response, sort_keys=True, indent=4)
|
||||
))
|
||||
|
||||
if tainted and self.user_details:
|
||||
logger.warning('get_user_details() - returning cached results. user_details: {user_details}'.format(
|
||||
|
Loading…
x
Reference in New Issue
Block a user