Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(159)

Issue 6473053: Add XSRF projection to oauth2decorator callback. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
12 years, 10 months ago by jcgregorio_google
Modified:
12 years, 10 months ago
CC:
google-api-python-client_googlegroups.com
Visibility:
Public.

Description

XSRF per the spec http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.12

Patch Set 1 #

Patch Set 2 : 80 chars #

Total comments: 2

Patch Set 3 : also fix up django sample. #

Patch Set 4 : Added more tests. Also xsrf is now used to protect the redirect_uri. #

Patch Set 5 : 80 chars #

Total comments: 2

Patch Set 6 : clarified singleton name #

Unified diffs Side-by-side diffs Delta from patch set Stats (+470 lines, -214 lines) Patch
M oauth2client/appengine.py View 1 2 3 4 5 7 chunks +112 lines, -27 lines 0 comments Download
M oauth2client/client.py View 1 2 1 chunk +1 line, -1 line 0 comments Download
A oauth2client/xsrfutil.py View 1 2 1 chunk +106 lines, -0 lines 0 comments Download
M runtests.sh View 1 chunk +1 line, -0 lines 0 comments Download
M samples/appengine/grant.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
R samples/dailymotion/README View 1 2 1 chunk +0 lines, -3 lines 0 comments Download
R samples/dailymotion/app.yaml View 1 2 1 chunk +0 lines, -9 lines 0 comments Download
R samples/dailymotion/index.yaml View 1 2 1 chunk +0 lines, -11 lines 0 comments Download
R samples/dailymotion/main.py View 1 2 1 chunk +0 lines, -100 lines 0 comments Download
R samples/dailymotion/welcome.html View 1 2 1 chunk +0 lines, -14 lines 0 comments Download
A samples/django_sample/client_secrets.json View 1 2 1 chunk +9 lines, -0 lines 0 comments Download
M samples/django_sample/plus/models.py View 1 2 1 chunk +0 lines, -4 lines 0 comments Download
M samples/django_sample/plus/views.py View 1 2 3 4 3 chunks +22 lines, -15 lines 0 comments Download
M tests/test_oauth2client_appengine.py View 1 2 3 4 5 9 chunks +107 lines, -29 lines 0 comments Download
A tests/test_oauth2client_xsrfutil.py View 1 1 chunk +111 lines, -0 lines 0 comments Download

Messages

Total messages: 8
jcgregorio_google
12 years, 10 months ago (2012-08-23 16:39:16 UTC) #1
Ali Afshar
LGTM http://codereview.appspot.com/6473053/diff/2001/oauth2client/xsrfutil.py File oauth2client/xsrfutil.py (right): http://codereview.appspot.com/6473053/diff/2001/oauth2client/xsrfutil.py#newcode79 oauth2client/xsrfutil.py:79: user_id: the user ID of the authenticated user ...
12 years, 10 months ago (2012-08-23 17:31:43 UTC) #2
jcgregorio_google
PTAL, dropped the DailyMotion sample and added XSRF protection into the Django sample. The DailyMotion ...
12 years, 10 months ago (2012-08-23 18:05:20 UTC) #3
jcgregorio_google
Added unit tests for appengine.xsrf_secret_key() and appengine._build_state_value and _parse_state_value.
12 years, 10 months ago (2012-08-24 14:11:04 UTC) #4
Ali Afshar
https://codereview.appspot.com/6473053/diff/11001/oauth2client/appengine.py File oauth2client/appengine.py (right): https://codereview.appspot.com/6473053/diff/11001/oauth2client/appengine.py#newcode87 oauth2client/appengine.py:87: model = SiteXsrfSecretKey.get_or_insert('there_is_only_one') Not obvious what this string is.
12 years, 10 months ago (2012-08-24 15:30:39 UTC) #5
jcgregorio_google
https://codereview.appspot.com/6473053/diff/11001/oauth2client/appengine.py File oauth2client/appengine.py (right): https://codereview.appspot.com/6473053/diff/11001/oauth2client/appengine.py#newcode87 oauth2client/appengine.py:87: model = SiteXsrfSecretKey.get_or_insert('there_is_only_one') Simplified and added comment. On 2012/08/24 ...
12 years, 10 months ago (2012-08-24 15:46:41 UTC) #6
Ali Afshar
LGTM
12 years, 10 months ago (2012-08-24 15:54:34 UTC) #7
jcgregorio_google
12 years, 10 months ago (2012-08-24 15:58:47 UTC) #8
On 2012/08/24 15:54:34, Ali Afshar wrote:
> LGTM

Committed in
http://code.google.com/p/google-api-python-client/source/detail?r=d931e04f8bb...
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b