diff --git a/oauth2client/contrib/appengine.py b/oauth2client/contrib/appengine.py index 746312a..8096439 100644 --- a/oauth2client/contrib/appengine.py +++ b/oauth2client/contrib/appengine.py @@ -88,14 +88,6 @@ def _safe_html(s): return cgi.escape(s, quote=1).replace("'", ''') -class InvalidClientSecretsError(Exception): - """The client_secrets.json file is malformed or missing required fields.""" - - -class InvalidXsrfTokenError(Exception): - """The XSRF token is invalid or expired.""" - - class SiteXsrfSecretKey(db.Model): """Storage for the sites XSRF secret key. @@ -475,18 +467,15 @@ def _parse_state_value(state, user): state: string, The value of the state parameter. user: google.appengine.api.users.User, The current user. - Raises: - InvalidXsrfTokenError: if the XSRF token is invalid. - Returns: - The redirect URI. + The redirect URI, or None if XSRF token is not valid. """ uri, token = state.rsplit(':', 1) - if not xsrfutil.validate_token(xsrf_secret_key(), token, user.user_id(), - action_id=uri): - raise InvalidXsrfTokenError() - - return uri + if xsrfutil.validate_token(xsrf_secret_key(), token, user.user_id(), + action_id=uri): + return uri + else: + return None class OAuth2Decorator(object): @@ -814,6 +803,10 @@ class OAuth2Decorator(object): user=user).put(credentials) redirect_uri = _parse_state_value( str(self.request.get('state')), user) + if redirect_uri is None: + self.response.out.write( + 'The authorization request failed') + return if (decorator._token_response_param and credentials.token_response): @@ -884,7 +877,7 @@ class OAuth2DecoratorFromClientSecrets(OAuth2Decorator): cache=cache) if client_type not in (clientsecrets.TYPE_WEB, clientsecrets.TYPE_INSTALLED): - raise InvalidClientSecretsError( + raise clientsecrets.InvalidClientSecretsError( "OAuth2Decorator doesn't support this OAuth 2.0 flow.") constructor_kwargs = dict(kwargs) diff --git a/tests/contrib/test_appengine.py b/tests/contrib/test_appengine.py index 2290663..964b239 100644 --- a/tests/contrib/test_appengine.py +++ b/tests/contrib/test_appengine.py @@ -55,8 +55,6 @@ from oauth2client.contrib.appengine import CredentialsModel from oauth2client.contrib.appengine import CredentialsNDBModel from oauth2client.contrib.appengine import CredentialsProperty from oauth2client.contrib.appengine import FlowProperty -from oauth2client.contrib.appengine import ( - InvalidClientSecretsError as AppEngineInvalidClientSecretsError) from oauth2client.contrib.appengine import OAuth2Decorator from oauth2client.contrib.appengine import oauth2decorator_from_clientsecrets from oauth2client.contrib.appengine import OAuth2DecoratorFromClientSecrets @@ -921,7 +919,7 @@ class DecoratorTests(unittest2.TestCase): 'oauth2client.contrib.appengine.clientsecrets.loadfile') with loadfile_patch as loadfile_mock: loadfile_mock.return_value = ('badtype', None) - with self.assertRaises(AppEngineInvalidClientSecretsError): + with self.assertRaises(InvalidClientSecretsError): OAuth2DecoratorFromClientSecrets( 'doesntmatter.json', scope=['foo_scope', 'bar_scope']) @@ -1077,5 +1075,5 @@ class DecoratorXsrfProtectionTests(unittest2.TestCase): self.assertEqual( 'https://example.org', appengine._parse_state_value(state, UserMock())) - with self.assertRaises(appengine.InvalidXsrfTokenError): - appengine._parse_state_value(state[1:], UserMock()) + redirect_uri = appengine._parse_state_value(state[1:], UserMock()) + self.assertIsNone(redirect_uri)