Commits

Kristian Bendiksen committed d4bc0f8

Ignore nonces in oauth requests.

This opens for replay attacks, but that is not important in the application where this fork is used.

Comments (0)

Files changed (1)

piston/authentication/oauth/store/db.py

         return consumer.user
 
     def check_nonce(self, request, oauth_request, nonce):
-        nonce, created = Nonce.objects.get_or_create(
-            consumer_key=oauth_request['oauth_consumer_key'],
-            token_key=oauth_request.get('oauth_token', ''),
-            key=nonce
-        )
-        return created
+        # nonce, created = Nonce.objects.get_or_create(
+        #     consumer_key=oauth_request['oauth_consumer_key'],
+        #     token_key=oauth_request.get('oauth_token', ''),
+        #     key=nonce
+        # )
+        # return created
+        
+        ## Ignore nonces: you should probably think twice about this
+        return True