projects / twitter-api-cdsw / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added updated version of oauthlib
[twitter-api-cdsw] / oauthlib / oauth2 / rfc6749 / grant_types / authorization_code.py
diff --git a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
index b6ff07c110f10f18afdd25393b7da274773398ed..658f5ad7b101c39b5ea432162b85a7c9d6fa90fc 100644 (file)
--- a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
@@ -264,6 +264,15 @@ class AuthorizationCodeGrant(GrantTypeBase):
         # error and MUST NOT automatically redirect the user-agent to the
         # invalid redirection URI.
 
+        # First check duplicate parameters
+        for param in ('client_id', 'response_type', 'redirect_uri', 'scope', 'state'):
+            try:
+                duplicate_params = request.duplicate_params
+            except ValueError:
+                raise errors.InvalidRequestFatalError(description='Unable to parse query string', request=request)
+            if param in duplicate_params:
+                raise errors.InvalidRequestFatalError(description='Duplicate %s parameter.' % param, request=request)
+
         # REQUIRED. The client identifier as described in Section 2.2.
         # http://tools.ietf.org/html/rfc6749#section-2.2
         if not request.client_id:
@@ -304,23 +313,22 @@ class AuthorizationCodeGrant(GrantTypeBase):
 
         # Note that the correct parameters to be added are automatically
         # populated through the use of specific exceptions.
-        if request.response_type is None:
-            raise errors.InvalidRequestError(description='Missing response_type parameter.', request=request)
 
-        for param in ('client_id', 'response_type', 'redirect_uri', 'scope', 'state'):
-            if param in request.duplicate_params:
-                raise errors.InvalidRequestError(description='Duplicate %s parameter.' % param, request=request)
+        # REQUIRED.
+        if request.response_type is None:
+            raise errors.MissingResponseTypeError(request=request)
+        # Value MUST be set to "code".
+        elif request.response_type != 'code':
+            raise errors.UnsupportedResponseTypeError(request=request)
 
         if not self.request_validator.validate_response_type(request.client_id,
-                                                             request.response_type, request.client, request):
+                                                             request.response_type,
+                                                             request.client, request):
+
             log.debug('Client %s is not authorized to use response_type %s.',
                       request.client_id, request.response_type)
             raise errors.UnauthorizedClientError(request=request)
 
-        # REQUIRED. Value MUST be set to "code".
-        if request.response_type != 'code':
-            raise errors.UnsupportedResponseTypeError(request=request)
-
         # OPTIONAL. The scope of the access request as described by Section 3.3
         # http://tools.ietf.org/html/rfc6749#section-3.3
         self.validate_scopes(request)
@@ -379,8 +387,8 @@ class AuthorizationCodeGrant(GrantTypeBase):
                       request.client_id, request.client, request.scopes)
             raise errors.InvalidGrantError(request=request)
 
-        for attr in ('user', 'state', 'scopes'):
-            if getattr(request, attr) is None:
+        for attr in ('user', 'scopes'):
+            if getattr(request, attr, None) is None:
                 log.debug('request.%s was not set on code validation.', attr)
 
         # REQUIRED, if the "redirect_uri" parameter was included in the
Example code for using Twitter data for CDSW

Benjamin Mako Hill || Want to submit a patch?