only do dict comparisons if not tainted

This commit is contained in:
lpm0073 2022-10-05 19:47:46 -05:00
parent cb78347ed2
commit 53f530c0af

View File

@ -152,34 +152,35 @@ class StepwiseMathWPOAuth2(BaseOAuth2):
))
tainted = True
# a def in the third_party_auth pipeline list calls get_user_details() after its already
# been called once. i don't know why. but, it passes the original get_user_details() dict
# enhanced with additional token-related keys. if we receive this modified dict then we
# should pass it along to the next defs in the pipeline.
#
# If most of the original keys (see dict definition below) exist in the response object
# then we can assume that this is our case.
qc_keys = ['id', 'date_joined', 'email', 'first_name', 'fullname', 'is_staff', 'is_superuser', 'last_name', 'username']
if all(key in response for key in qc_keys):
if VERBOSE_LOGGING:
logger.info('get_user_details() - detected an enhanced get_user_details() dict in the response: {response}'.format(
response=json.dumps(response, sort_keys=True, indent=4)
))
return response
if not tainted:
# a def in the third_party_auth pipeline list calls get_user_details() after its already
# been called once. i don't know why. but, it passes the original get_user_details() dict
# enhanced with additional token-related keys. if we receive this modified dict then we
# should pass it along to the next defs in the pipeline.
#
# If most of the original keys (see dict definition below) exist in the response object
# then we can assume that this is our case.
qc_keys = ['id', 'date_joined', 'email', 'first_name', 'fullname', 'is_staff', 'is_superuser', 'last_name', 'username']
if all(key in response for key in qc_keys):
if VERBOSE_LOGGING:
logger.info('get_user_details() - detected an enhanced get_user_details() dict in the response: {response}'.format(
response=json.dumps(response, sort_keys=True, indent=4)
))
return response
# otherwise we pobably received the default response from the oauth provider based on
# the scopes 'basic' 'email' 'profile'. We'll check a few of the most important keys to see
# if they exist.
if ('ID' not in response.keys()) or ('user_email' not in response.keys()) or ('user_login' not in response.keys()):
logger.warning('get_user_details() - response object is missing one or more required keys: {response}'.format(
response=json.dumps(response, sort_keys=True, indent=4)
))
tainted = True
else:
if VERBOSE_LOGGING:
logger.info('get_user_details() - start. response: {response}'.format(
# otherwise we pobably received the default response from the oauth provider based on
# the scopes 'basic' 'email' 'profile'. We'll check a few of the most important keys to see
# if they exist.
if ('ID' not in response.keys()) or ('user_email' not in response.keys()) or ('user_login' not in response.keys()):
logger.warning('get_user_details() - response object is missing one or more required keys: {response}'.format(
response=json.dumps(response, sort_keys=True, indent=4)
))
))
tainted = True
else:
if VERBOSE_LOGGING:
logger.info('get_user_details() - start. response: {response}'.format(
response=json.dumps(response, sort_keys=True, indent=4)
))
if tainted and self.user_details:
logger.warning('get_user_details() - returning cached results. user_details: {user_details}'.format(