From 0bd8c41c2bfb9d4d878cbb7eb1a87b29bd218f28 Mon Sep 17 00:00:00 2001 From: Joe Gregorio Date: Thu, 3 Jan 2013 17:17:46 -0500 Subject: [PATCH] Don't accept 403 challenges by default for auth challenges. Fixes issue #230. Reviewed in https://codereview.appspot.com/7039053/. --- oauth2client/client.py | 6 ++++-- tests/test_oauth2client.py | 12 +++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/oauth2client/client.py b/oauth2client/client.py index 301d1ed..82db057 100644 --- a/oauth2client/client.py +++ b/oauth2client/client.py @@ -57,6 +57,9 @@ ID_TOKEN_VERIFICATON_CERTS = 'https://www.googleapis.com/oauth2/v1/certs' # Constant to use for the out of band OAuth 2.0 flow. OOB_CALLBACK_URN = 'urn:ietf:wg:oauth:2.0:oob' +# Google Data client libraries may need to set this to [401, 403]. +REFRESH_STATUS_CODES = [401] + class Error(Exception): """Base error for this module.""" @@ -444,8 +447,7 @@ class OAuth2Credentials(Credentials): resp, content = request_orig(uri, method, body, clean_headers(headers), redirections, connection_type) - # Older API (GData) respond with 403 - if resp.status in [401, 403]: + if resp.status in REFRESH_STATUS_CODES: logger.info('Refreshing due to a %s' % str(resp.status)) self._refresh(request_orig) self.apply(headers) diff --git a/tests/test_oauth2client.py b/tests/test_oauth2client.py index 2de87a1..37e69ea 100644 --- a/tests/test_oauth2client.py +++ b/tests/test_oauth2client.py @@ -37,7 +37,6 @@ except ImportError: from apiclient.http import HttpMock from apiclient.http import HttpMockSequence from oauth2client.anyjson import simplejson -from oauth2client.clientsecrets import _loadfile from oauth2client.client import AccessTokenCredentials from oauth2client.client import AccessTokenCredentialsError from oauth2client.client import AccessTokenRefreshError @@ -49,11 +48,13 @@ from oauth2client.client import NonAsciiHeaderError from oauth2client.client import OAuth2Credentials from oauth2client.client import OAuth2WebServerFlow from oauth2client.client import OOB_CALLBACK_URN +from oauth2client.client import REFRESH_STATUS_CODES from oauth2client.client import VerifyJwtTokenError from oauth2client.client import _extract_id_token from oauth2client.client import credentials_from_clientsecrets_and_code from oauth2client.client import credentials_from_code from oauth2client.client import flow_from_clientsecrets +from oauth2client.clientsecrets import _loadfile DATA_DIR = os.path.join(os.path.dirname(__file__), 'data') @@ -104,8 +105,7 @@ class BasicCredentialsTests(unittest.TestCase): user_agent) def test_token_refresh_success(self): - # Older API (GData) respond with 403 - for status_code in ['401', '403']: + for status_code in REFRESH_STATUS_CODES: http = HttpMockSequence([ ({'status': status_code}, ''), ({'status': '200'}, '{"access_token":"1/3w","expires_in":3600}'), @@ -117,8 +117,7 @@ class BasicCredentialsTests(unittest.TestCase): self.assertFalse(self.credentials.access_token_expired) def test_token_refresh_failure(self): - # Older API (GData) respond with 403 - for status_code in ['401', '403']: + for status_code in REFRESH_STATUS_CODES: http = HttpMockSequence([ ({'status': status_code}, ''), ({'status': '400'}, '{"error":"access_denied"}'), @@ -186,8 +185,7 @@ class AccessTokenCredentialsTests(unittest.TestCase): self.credentials = AccessTokenCredentials(access_token, user_agent) def test_token_refresh_success(self): - # Older API (GData) respond with 403 - for status_code in ['401', '403']: + for status_code in REFRESH_STATUS_CODES: http = HttpMockSequence([ ({'status': status_code}, ''), ])