launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:fix-oauthlib into launchpad:master

To: mp+394061@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Wed, 18 Nov 2020 10:16:25 -0000
Reply-to: mp+394061@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:fix-oauthlib into launchpad:master.

Commit message:
Fix handling of anonymous requests with oauthlib

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/394061

RFC 5849 allows omitting the "oauth_token" parameter when empty, whereas OAuth Core 1.0 Revision A didn't; we started running into this in the test suite now that LaunchpadWebServiceCaller uses oauthlib to sign its requests.  It's clearly harmless either way, so accept it.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:fix-oauthlib into launchpad:master.

diff --git a/lib/lp/services/webapp/servers.py b/lib/lp/services/webapp/servers.py
index bcf1621..9c47f21 100644
--- a/lib/lp/services/webapp/servers.py
+++ b/lib/lp/services/webapp/servers.py
@@ -1286,7 +1286,7 @@ class WebServicePublication(WebServicePublicationMixin,
         consumers = getUtility(IOAuthConsumerSet)
         consumer = consumers.getByKey(consumer_key)
         token_key = form.get('oauth_token')
-        anonymous_request = (token_key == '')
+        anonymous_request = not token_key
 
         if consumer_key is None:
             # Either the client's OAuth implementation is broken, or