From d7a59ef0c23a292cb7a187023f8cabb652514773 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 18 Mar 2014 17:05:27 -0400 Subject: [PATCH] Add checks for invalid scopes in the auth approval process --- auth/scopes.py | 13 +++++++------ endpoints/web.py | 3 +++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/auth/scopes.py b/auth/scopes.py index 30d88169d..fea8b8884 100644 --- a/auth/scopes.py +++ b/auth/scopes.py @@ -54,11 +54,12 @@ def get_scope_information(scopes_string): scopes = scopes_from_scope_string(scopes_string) scope_info = [] for scope in scopes: - scope_info.append({ - 'title': ALL_SCOPES[scope]['title'], - 'scope': ALL_SCOPES[scope]['scope'], - 'description': ALL_SCOPES[scope]['description'], - 'icon': ALL_SCOPES[scope]['icon'], - }) + if scope: + scope_info.append({ + 'title': ALL_SCOPES[scope]['title'], + 'scope': ALL_SCOPES[scope]['scope'], + 'description': ALL_SCOPES[scope]['description'], + 'icon': ALL_SCOPES[scope]['icon'], + }) return scope_info diff --git a/endpoints/web.py b/endpoints/web.py index 5ead821da..f7c3ec009 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -278,6 +278,9 @@ def request_authorization_code(): # Load the scope information. scope_info = scopes.get_scope_information(scope) + if not scope_info: + abort(404) + return # Load the application information. oauth_app = provider.get_application_for_client_id(client_id)