Commits

Kristian Bendiksen  committed d4bc0f8

Ignore nonces in oauth requests.

This opens for replay attacks, but that is not important in the application where this fork is used.

  • Participants
  • Parent commits 6f1b896

Comments (0)

Files changed (1)

File piston/authentication/oauth/store/db.py

         return consumer.user
 
     def check_nonce(self, request, oauth_request, nonce):
-        nonce, created = Nonce.objects.get_or_create(
-            consumer_key=oauth_request['oauth_consumer_key'],
-            token_key=oauth_request.get('oauth_token', ''),
-            key=nonce
-        )
-        return created
+        # nonce, created = Nonce.objects.get_or_create(
+        #     consumer_key=oauth_request['oauth_consumer_key'],
+        #     token_key=oauth_request.get('oauth_token', ''),
+        #     key=nonce
+        # )
+        # return created
+        
+        ## Ignore nonces: you should probably think twice about this
+        return True