From d62a087bf95c99bf8ac55121e6dd314fccb6c0f8 Mon Sep 17 00:00:00 2001 From: Matt Ferrante Date: Tue, 2 Jan 2024 14:00:41 -0700 Subject: [PATCH 1/6] Fixed Form UrlEncoded OAuth Lib Core --- oauth2_provider/oauth2_backends.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py index 3ddb9c90b..204b96472 100644 --- a/oauth2_provider/oauth2_backends.py +++ b/oauth2_provider/oauth2_backends.py @@ -1,5 +1,6 @@ import json -from urllib.parse import urlparse, urlunparse +import base64 +from urllib.parse import urlparse, urlunparse, unquote from oauthlib import oauth2 from oauthlib.common import Request as OauthlibRequest @@ -237,6 +238,21 @@ def extract_body(self, request): return body +class JSONAndFormUrlencodedOAuthLibCore(JSONOAuthLibCore): + def extract_body(self, request): + # fixes base64 encoded form-submission. you can't control what all oauth clients use. + # if request.content_type in ['multipart/form-data', 'application/x-www-form-urlencoded']: + if request.content_type in ["application/x-www-form-urlencoded"]: + query_string = base64.b64decode(request.body).decode("utf-8") + query_params = {p.split("=")[0]: p.split("=")[1] for p in query_string.split("&")} + if "redirect_uri" in query_params: + query_params["redirect_uri"] = unquote(query_params["redirect_uri"]) + res = query_params.items() + + return res + + return super(OAuthLibCoreFixed, self).extract_body(request) + def get_oauthlib_core(): """ From e06f8e4c5f9a69ed81ade8da9cee35879feb5fb9 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 Jan 2024 21:03:02 +0000 Subject: [PATCH 2/6] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- oauth2_provider/oauth2_backends.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py index 204b96472..117e1fa51 100644 --- a/oauth2_provider/oauth2_backends.py +++ b/oauth2_provider/oauth2_backends.py @@ -1,6 +1,6 @@ -import json import base64 -from urllib.parse import urlparse, urlunparse, unquote +import json +from urllib.parse import unquote, urlparse, urlunparse from oauthlib import oauth2 from oauthlib.common import Request as OauthlibRequest @@ -238,6 +238,7 @@ def extract_body(self, request): return body + class JSONAndFormUrlencodedOAuthLibCore(JSONOAuthLibCore): def extract_body(self, request): # fixes base64 encoded form-submission. you can't control what all oauth clients use. From 5b3f64f2c5dbd54c4bc29c75558603669580d849 Mon Sep 17 00:00:00 2001 From: Matt Ferrante Date: Thu, 4 Jan 2024 00:38:23 -0700 Subject: [PATCH 3/6] Update oauth2_backends.py --- oauth2_provider/oauth2_backends.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py index 117e1fa51..10ca7e331 100644 --- a/oauth2_provider/oauth2_backends.py +++ b/oauth2_provider/oauth2_backends.py @@ -1,4 +1,3 @@ -import base64 import json from urllib.parse import unquote, urlparse, urlunparse @@ -242,17 +241,17 @@ def extract_body(self, request): class JSONAndFormUrlencodedOAuthLibCore(JSONOAuthLibCore): def extract_body(self, request): # fixes base64 encoded form-submission. you can't control what all oauth clients use. - # if request.content_type in ['multipart/form-data', 'application/x-www-form-urlencoded']: if request.content_type in ["application/x-www-form-urlencoded"]: - query_string = base64.b64decode(request.body).decode("utf-8") - query_params = {p.split("=")[0]: p.split("=")[1] for p in query_string.split("&")} - if "redirect_uri" in query_params: - query_params["redirect_uri"] = unquote(query_params["redirect_uri"]) - res = query_params.items() + try: + query_string = request.body.decode("utf-8") + query_params = {p.split("=")[0]: parse.unquote(p.split("=")[1]) for p in query_string.split("&")} + res = query_params.items() - return res + return res + except: + pass - return super(OAuthLibCoreFixed, self).extract_body(request) + return super(JSONAndFormUrlencodedOAuthLibCore, self).extract_body(request) def get_oauthlib_core(): From c0cca8aaa52f7171a22277e5f90d9b570d74e3e1 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 4 Jan 2024 07:38:33 +0000 Subject: [PATCH 4/6] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- oauth2_provider/oauth2_backends.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py index 10ca7e331..5998b0393 100644 --- a/oauth2_provider/oauth2_backends.py +++ b/oauth2_provider/oauth2_backends.py @@ -244,7 +244,9 @@ def extract_body(self, request): if request.content_type in ["application/x-www-form-urlencoded"]: try: query_string = request.body.decode("utf-8") - query_params = {p.split("=")[0]: parse.unquote(p.split("=")[1]) for p in query_string.split("&")} + query_params = { + p.split("=")[0]: parse.unquote(p.split("=")[1]) for p in query_string.split("&") + } res = query_params.items() return res From b3b45fe38b79493efe124a32f6988fc80b49cb50 Mon Sep 17 00:00:00 2001 From: Matt Ferrante Date: Thu, 4 Jan 2024 00:39:49 -0700 Subject: [PATCH 5/6] Update oauth2_backends.py --- oauth2_provider/oauth2_backends.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py index 5998b0393..e7beb1eec 100644 --- a/oauth2_provider/oauth2_backends.py +++ b/oauth2_provider/oauth2_backends.py @@ -245,7 +245,7 @@ def extract_body(self, request): try: query_string = request.body.decode("utf-8") query_params = { - p.split("=")[0]: parse.unquote(p.split("=")[1]) for p in query_string.split("&") + p.split("=")[0]: unquote(p.split("=")[1]) for p in query_string.split("&") } res = query_params.items() From 27cd68fb16dcf150133fabbc17ae3a9bc074d865 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 4 Jan 2024 07:39:58 +0000 Subject: [PATCH 6/6] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- oauth2_provider/oauth2_backends.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py index e7beb1eec..0c43292af 100644 --- a/oauth2_provider/oauth2_backends.py +++ b/oauth2_provider/oauth2_backends.py @@ -244,9 +244,7 @@ def extract_body(self, request): if request.content_type in ["application/x-www-form-urlencoded"]: try: query_string = request.body.decode("utf-8") - query_params = { - p.split("=")[0]: unquote(p.split("=")[1]) for p in query_string.split("&") - } + query_params = {p.split("=")[0]: unquote(p.split("=")[1]) for p in query_string.split("&")} res = query_params.items() return res