Skip to content

Commit

Permalink
Fixes 485, do not pass body for validating resource request
Browse files Browse the repository at this point in the history
  • Loading branch information
@coopfeathy
coopfeathy committed Sep 25, 2022
1 parent 0c14217 commit a0b64f5
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 8 deletions.
2 changes: 1 addition & 1 deletion authlib/integrations/django_oauth2/resource_protector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def acquire_token(self, request, scopes=None):
:return: token object
"""
url = request.build_absolute_uri()
req = HttpRequest(request.method, url, request.body, request.headers)
req = HttpRequest(request.method, url, None, request.headers)
req.req = request
if isinstance(scopes, str):
scopes = [scopes]
Expand Down
11 changes: 4 additions & 7 deletions authlib/integrations/flask_oauth2/resource_protector.py
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import functools
from contextlib import contextmanager
from flask import json
from flask import g, json
from flask import request as _req
from flask import _app_ctx_stack
from werkzeug.local import LocalProxy
from authlib.oauth2 import (
OAuth2Error,
Expand Down Expand Up @@ -70,7 +69,7 @@ def acquire_token(self, scopes=None):
request = HttpRequest(
_req.method,
_req.full_path,
_req.data,
None,
_req.headers
)
request.req = _req
Expand All @@ -79,8 +78,7 @@ def acquire_token(self, scopes=None):
scopes = [scopes]
token = self.validate_request(scopes, request)
token_authenticated.send(self, token=token)
ctx = _app_ctx_stack.top
ctx.authlib_server_oauth2_token = token
g.authlib_server_oauth2_token = token
return token

@contextmanager
Expand Down Expand Up @@ -117,8 +115,7 @@ def decorated(*args, **kwargs):


def _get_current_token():
ctx = _app_ctx_stack.top
return getattr(ctx, 'authlib_server_oauth2_token', None)
return g.get('authlib_server_oauth2_token')


current_token = LocalProxy(_get_current_token)

0 comments on commit a0b64f5

Please sign in to comment.