Add checks for invalid scopes in the auth approval process

2014-03-18 17:05:27 -04:00 · 2014-03-18 17:05:27 -04:00 · d7a59ef0c2
commit d7a59ef0c2
parent b0dcb5d7e3
2 changed files with 10 additions and 6 deletions
--- a/auth/scopes.py
+++ b/auth/scopes.py
@ -54,11 +54,12 @@ def get_scope_information(scopes_string):
  scopes = scopes_from_scope_string(scopes_string)
  scope_info = []
  for scope in scopes:
-    scope_info.append({
-      'title': ALL_SCOPES[scope]['title'],
-      'scope': ALL_SCOPES[scope]['scope'],
-      'description': ALL_SCOPES[scope]['description'],
-      'icon': ALL_SCOPES[scope]['icon'],
-    })
+    if scope:
+      scope_info.append({
+          'title': ALL_SCOPES[scope]['title'],
+          'scope': ALL_SCOPES[scope]['scope'],
+          'description': ALL_SCOPES[scope]['description'],
+          'icon': ALL_SCOPES[scope]['icon'],
+          })

  return scope_info
--- a/endpoints/web.py
+++ b/endpoints/web.py
@ -278,6 +278,9 @@ def request_authorization_code():

    # Load the scope information.
    scope_info = scopes.get_scope_information(scope)
+    if not scope_info:
+      abort(404)
+      return

    # Load the application information.
    oauth_app = provider.get_application_for_client_id(client_id)