Commits

Author Commit Message Labels Comments Date
bdb
make this work with multipart
bdb
Allow settings to override default lengths.
Mark Lee
oauth_provider.views: Ensure that HttpResponseBadRequest is imported.
David Larlet
Added tag 1.1 for changeset 7cb2d808b612
David Larlet
This is the time for a 1.1 release.
Tags
1.1
David Larlet
Link the test user to the consumer in tests, fix #2. Thanks Matthieu Tourne.
David Larlet
This is a STRONGLY recommended update. The issue, found by Matthieu Huguet, comes from Token/Consumer.generate_random_codes functions which test the key AND secret combination and not key OR secret. This is not a security issue because stores.DataStore.lookup_consumer/lookup_token tries to retrieve the token with an objects.get so it will raise a model.MultipleObjectsReturned error in case there are two similar keys. But you must be c…
David Larlet
Give a way to know if the authorization succeed or not to the callback view, you can now test on passed args if there is a token or an error. Thanks Toby White.
David Larlet
Partly revert previous commit, authorize_access wasn't evaluated as a boolean.
David Larlet
More robust authorize access test. Thanks Toby White.
David Larlet
Fix a bug, request.environ only exists in a WSGI environment. Thanks Toby White.
David Larlet
Add a way to restrict signature methods (to avoid plaintext for instance). Thanks Toby White.
David Larlet
Do not restrict callback url scheme and add a setting to blacklist some callback url hostnames. Thanks Toby White.
David Larlet
Allows consumer key & secret to be zero length (null=True, blank=True) - this is fine according to the OAuth spec, see http://groups.google.com/group/oauth/browse_thread/thread/15c5efb10d0a3813 for details, thanks Toby White
David Larlet
Use the MAX_URL_LENGTH constant, thanks for the reminder Toby White
David Larlet
Update documentation/test's warnings.
David Larlet
Handle 1.0a out-of-band case the right way, inspired by Toby White's fork. Note: never lie in your tests, cheater.
David Larlet
Avoid saving the request token twice, suggested by Toby White's fork, thanks.
David Larlet
Check callback's validity, comes from Toby White's fork, thanks.
David Larlet
OAuth 1.0a implementation, should be compatible with the (deprecated/unsecure) version 1.0 too. Please let me know if that's not the case.
David Larlet
Steal a more clever way to check if an OAuth request is valid from piston
David Larlet
Update models (stolen from piston) to be 1.0a ready, note that it will affect your Token/Consumer tables
David Larlet
Update python-oauth to the latest tip, Store's methods signatures changed but tests still pass, good.
David Larlet
Valid Development Status for pypi
David Larlet
Try with hg setuptools fork from Jannis Leidel
David Larlet
Added tag v1.0 for changeset eec586403486
David Larlet
Getting ready for 1.0 release
Tags
v1.0
David Larlet
Add a setup.py file to ease setuptools installation, thanks Ariel Nunez
David Larlet
Consistency with examples' folder name across my django apps
David Larlet
Configure admin for the example and add a .hgignore, thanks Ariel Nunez
  1. Prev
  2. Next