X-Git-Url: https://projects.mako.cc/source/twitter-api-cdsw/blobdiff_plain/ba48aab4fca5486068104ad61b2d37db6f7cc86a..29c8e0142111e03237eb8f92a9470ba90d295e10:/oauthlib/common.py diff --git a/oauthlib/common.py b/oauthlib/common.py index 0179b8e..ed2b699 100644 --- a/oauthlib/common.py +++ b/oauthlib/common.py @@ -36,6 +36,8 @@ UNICODE_ASCII_CHARACTER_SET = ('abcdefghijklmnopqrstuvwxyz' CLIENT_ID_CHARACTER_SET = (r' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN' 'OPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}') +PASSWORD_PATTERN = re.compile(r'password=[^&]+') +INVALID_HEX_PATTERN = re.compile(r'%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]') always_safe = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' @@ -107,7 +109,7 @@ def decode_params_utf8(params): return decoded -urlencoded = set(always_safe) | set('=&;%+~,*@') +urlencoded = set(always_safe) | set('=&;%+~,*@!') def urldecode(query): @@ -132,8 +134,7 @@ def urldecode(query): # All encoded values begin with % followed by two hex characters # correct = %00, %A0, %0A, %FF # invalid = %G0, %5H, %PO - invalid_hex = '%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]' - if len(re.findall(invalid_hex, query)): + if INVALID_HEX_PATTERN.search(query): raise ValueError('Invalid hex encoding in query string.') # We encode to utf-8 prior to parsing because parse_qsl behaves @@ -378,20 +379,44 @@ class Request(object): self.http_method = encode(http_method) self.headers = CaseInsensitiveDict(encode(headers or {})) self.body = encode(body) - self.decoded_body = extract_params(encode(body)) + self.decoded_body = extract_params(self.body) self.oauth_params = [] - - self._params = {} + self.validator_log = {} + + self._params = { + "access_token": None, + "client": None, + "client_id": None, + "client_secret": None, + "code": None, + "extra_credentials": None, + "grant_type": None, + "redirect_uri": None, + "refresh_token": None, + "response_type": None, + "scope": None, + "scopes": None, + "state": None, + "token": None, + "user": None, + "token_type_hint": None, + } self._params.update(dict(urldecode(self.uri_query))) self._params.update(dict(self.decoded_body or [])) self._params.update(self.headers) def __getattr__(self, name): - return self._params.get(name, None) + if name in self._params: + return self._params[name] + else: + raise AttributeError(name) def __repr__(self): + body = self.body + if body and 'password=' in body: + body = PASSWORD_PATTERN.sub('password=***', body) return '' % ( - self.uri, self.http_method, self.headers, self.body) + self.uri, self.http_method, self.headers, body) @property def uri_query(self):