only do dict comparisons if not tainted

wp_oauth_backend/wp_oauth.py

@@ -152,34 +152,35 @@ class StepwiseMathWPOAuth2(BaseOAuth2):
             ))
             tainted = True
 
-        # a def in the third_party_auth pipeline list calls get_user_details() after its already
-        # been called once. i don't know why. but, it passes the original get_user_details() dict
-        # enhanced with additional token-related keys. if we receive this modified dict then we 
-        # should pass it along to the next defs in the pipeline.
-        #
-        # If most of the original keys (see dict definition below) exist in the response object
-        # then we can assume that this is our case.
-        qc_keys = ['id', 'date_joined', 'email', 'first_name', 'fullname', 'is_staff', 'is_superuser', 'last_name', 'username']
-        if all(key in response for key in qc_keys):
-            if VERBOSE_LOGGING:
-                logger.info('get_user_details() -  detected an enhanced get_user_details() dict in the response: {response}'.format(
-                    response=json.dumps(response, sort_keys=True, indent=4)
-                    ))
-            return response
+        if not tainted:
+            # a def in the third_party_auth pipeline list calls get_user_details() after its already
+            # been called once. i don't know why. but, it passes the original get_user_details() dict
+            # enhanced with additional token-related keys. if we receive this modified dict then we 
+            # should pass it along to the next defs in the pipeline.
+            #
+            # If most of the original keys (see dict definition below) exist in the response object
+            # then we can assume that this is our case.
+            qc_keys = ['id', 'date_joined', 'email', 'first_name', 'fullname', 'is_staff', 'is_superuser', 'last_name', 'username']
+            if all(key in response for key in qc_keys):
+                if VERBOSE_LOGGING:
+                    logger.info('get_user_details() -  detected an enhanced get_user_details() dict in the response: {response}'.format(
+                        response=json.dumps(response, sort_keys=True, indent=4)
+                        ))
+                return response
 
-        # otherwise we pobably received the default response from the oauth provider based on 
-        # the scopes 'basic' 'email' 'profile'. We'll check a few of the most important keys to see
-        # if they exist.
-        if ('ID' not in response.keys()) or ('user_email' not in response.keys()) or ('user_login' not in response.keys()):
-            logger.warning('get_user_details() -  response object is missing one or more required keys: {response}'.format(
-                response=json.dumps(response, sort_keys=True, indent=4)
-            ))
-            tainted = True
-        else:
-            if VERBOSE_LOGGING:
-                logger.info('get_user_details() -  start. response: {response}'.format(
+            # otherwise we pobably received the default response from the oauth provider based on 
+            # the scopes 'basic' 'email' 'profile'. We'll check a few of the most important keys to see
+            # if they exist.
+            if ('ID' not in response.keys()) or ('user_email' not in response.keys()) or ('user_login' not in response.keys()):
+                logger.warning('get_user_details() -  response object is missing one or more required keys: {response}'.format(
                     response=json.dumps(response, sort_keys=True, indent=4)
-                    ))
+                ))
+                tainted = True
+            else:
+                if VERBOSE_LOGGING:
+                    logger.info('get_user_details() -  start. response: {response}'.format(
+                        response=json.dumps(response, sort_keys=True, indent=4)
+                        ))
 
         if tainted and self.user_details:
             logger.warning('get_user_details() -  returning cached results. user_details: {user_details}'.format(