comply with the RFC and submit useless and unused information when redeeming the access code.

Author: Jack Diederich

foauth2.py

@@ -32,19 +32,17 @@
 THE SOFTWARE.
 """
 
-import random
-import time
 import urllib
 import urllib2
-import urlparse
+import StringIO
 
 try:
     import simplejson
 except ImportError:
     # Have django or are running in the Google App Engine?
     from django.utils import simplejson
 
-VERSION = '1.0'
+VERSION = '1.1'
 
 class Error(RuntimeError):
     """Generic exception class."""
@@ -70,23 +68,26 @@ class Client(object):
 
     def __init__(self, client_id, client_secret, access_token=None,
                  refresh_token=None, timeout=None):
-
         if not client_id or not client_secret:
             raise ValueError("Client_id and client_secret must be set.")
-
         self.client_id = client_id
         self.client_secret = client_secret
         self.timeout = timeout
         self.access_token = access_token
         self.refresh_token = refresh_token
+        self._authorization_redirect_uri = None
 
     def authorization_url(self, auth_uri=None, redirect_uri=None, scope=None, state=None,
                           access_type='offline', approval_prompt=None):
         """ Get the URL to redirect the user for client authorization """
         if redirect_uri is None:
             redirect_uri = self.redirect_uri
+        if redirect_uri:
+            self._authorization_redirect_uri = redirect_uri
         if auth_uri is None:
             auth_uri = self.auth_uri
+        if not auth_uri:
+            raise ValueError("an auth_uri is required")
         if scope is None:
             scope = self.scope
 
@@ -111,12 +112,12 @@ def authorization_url(self, auth_uri=None, redirect_uri=None, scope=None, state=
 
     def redeem_code(self, refresh_uri=None, redirect_uri=None, code=None, scope=None):
         """Get an access token from the supplied code """
-
-        # prepare required args
         if code is None:
-            raise ValueError("Code must be set.")
+            raise ValueError("Code must be set. see see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.3")
         if redirect_uri is None:
             redirect_uri = self.redirect_uri
+        if self._authorization_redirect_uri and redirect_uri != self._authorization_redirect_uri:
+            raise ValueError("redirect_uri mismatch. see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.3")
         if refresh_uri is None:
             refresh_uri = self.refresh_uri
         if scope is None:
@@ -126,10 +127,10 @@ def redeem_code(self, refresh_uri=None, redirect_uri=None, code=None, scope=None
             'client_id': self.client_id,
             'client_secret': self.client_secret,
             'code': code,
-            'redirect_uri': redirect_uri,
             'grant_type' : 'authorization_code',
         }
-
+        if redirect_uri is not None:
+            data['redirect_uri'] = redirect_uri
         if scope is not None:
             data['scope'] = scope
         body = urllib.urlencode(data)
@@ -225,6 +226,8 @@ def request(self, uri, body, headers, method='GET'):
         raise ValueError(response.read())
 
     def handle_rate_limit(self):
+        import random
+        import time
         time.sleep(1 + random.random() * 3)
 
 
@@ -252,6 +255,44 @@ def stats(self, short_url):
         return self.request(stat_url, None, headers)
 
 
+class BufferAPI(GooglAPI):
+    auth_uri = 'https://bufferapp.com/oauth2/authorize'
+    refresh_uri = 'https://api.bufferapp.com/1/oauth2/token.json'
+    scope = None
+    service = 'buffer'
+    data_uri = 'https://api.bufferapp.com/1/'
+
+    def authorization_url(self, **kwargs):
+        # Buffer doesn't use access_type
+        kwargs['access_type'] = None
+        return super(BufferAPI, self).authorization_url(**kwargs)
+
+    def get_profiles(self):
+        url = self.data_uri + 'profiles.json'
+        headers = {'Content-Type' : 'application/json'}
+        return self.request(url, None, headers)
+
+    def get_info(self):
+        url = self.data_uri + 'info/configuration.json'
+        headers = {'Content-Type' : 'application/json'}
+        return self.request(url, None, headers)
+
+    def get_pending(self, profile_id):
+        url = self.data_uri + 'profiles/%s/updates/pending.json' % profile_id
+        headers = {'Content-Type' : 'application/json'}
+        return self.request(url, None, headers)
+
+    def post_update(self, profile_ids, message):
+        url = self.data_uri + 'updates/create.json'
+        import urllib
+        data = [('text', urllib.urlencode(message)), ('shorten', 1)]
+        for pid in profile_ids:
+            data.append(('profile_ids[]', pid))
+        body = urllib.urlencode(data)
+        headers = {'Content-type' : 'application/x-www-form-urlencoded'}
+        return self.request(url, body, headers)
+
+
 class GAnalyticsAPI(GooglAPI):
     # OAuth API
     refresh_uri = 'https://accounts.google.com/o/oauth2/token'
@@ -305,40 +346,3 @@ def list(self, uid, count):
         headers = {'Content-Type': 'application/json'}
         data = self.request(url, None, headers)
         return data
-
-
-class BufferAPI(GooglAPI):
-    auth_uri = 'https://bufferapp.com/oauth2/authorize'
-    refresh_uri = 'https://api.bufferapp.com/1/oauth2/token.json'
-    scope = None
-    service = 'buffer'
-    data_uri = 'https://api.bufferapp.com/1/'
-
-    def refresh_access_token(self, refresh_uri=None, refresh_token=None, grant_type='authorization_code'):
-        # Buffer wants a different grant_type than Google
-        return super(BufferAPI, self).refresh_access_token(refresh_uri=refresh_uri, refresh_token=refresh_token, grant_type=grant_type)
-
-    # data API
-    def get_profiles(self):
-        url = self.data_uri + 'profiles.json'
-        headers = {'Content-Type' : 'application/json'}
-        return self.request(url, None, headers)
-
-    def get_info(self):
-        url = self.data_uri + 'info/configuration.json'
-        headers = {'Content-Type' : 'application/json'}
-        return self.request(url, None, headers)
-
-    def get_pending(profile_id):
-        url = self.data_uri + 'profiles/%s/updates/pending.json' % profile_id
-        headers = {'Content-Type' : 'application/json'}
-        return self.request(url, None, headers)
-
-    def post_update(profile_ids, message):
-        url = self.data_uri + 'updates/create.json' % profile_id
-        import urllib
-        data = [('text', urllib.urlencode(message)), ('shorten', 1)]
-        for pid in profile_ids:
-            data.append(('profile_ids[]', pid))
-        body = urllib.urlencode(data)
-        return self.request(url, body, headers)

test_foauth.py

@@ -0,0 +1,28 @@
+import mock
+import unittest
+
+import foauth2
+
+
+class TestFoauth2(unittest.TestCase):
+    def test_section_4_1_3(self):
+        # test the parts we care about from http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.3
+        client = foauth2.Client('client_id', 'client_secret')
+        self.assertRaises(ValueError, client.authorization_url)
+        redirect_uri = 'http://example.com/'
+        client.authorization_url('http://example.com/oauth', redirect_uri=redirect_uri)
+
+        self.assertRaises(ValueError, client.redeem_code)
+        self.assertRaises(ValueError, client.redeem_code, code='code')
+        client._request = mock.Mock()
+        client._request().read._return_value = '{"access_token": "token", "code": "xyzzy"}'
+        client._request().code = 200
+        self.assertRaises(ValueError, client.redeem_code, code='code', redirect_uri='mismatch')
+        client.redeem_code(code='code', redirect_uri=redirect_uri)
+
+        client._authorization_redirect_uri = None
+        client.redeem_code(code='code')
+
+
+if __name__ == '__main__':
+    unittest.main()