diff options
author | Lorenz Diener <[email protected]> | 2018-06-27 20:25:38 +0200 |
---|---|---|
committer | GitHub <[email protected]> | 2018-06-27 20:25:38 +0200 |
commit | 58c3f745c372197e29b8ae0072c967cac414d98e (patch) | |
tree | 92093dcc763ed949153ed5ea43455da9b897c03e /mastodon | |
parent | e1891a1fed227a2851214d4673b9c04dbc73a22b (diff) | |
parent | 4319283bcdc4d9c1cef8e846bd43659f83e90c12 (diff) | |
download | mastodon.py-58c3f745c372197e29b8ae0072c967cac414d98e.tar.gz |
Merge pull request #139 from DeeUnderscore/scopes-subset-check
Make log_in() check if granted scopes are a superset of the requested scopes
Diffstat (limited to 'mastodon')
-rw-r--r-- | mastodon/Mastodon.py | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/mastodon/Mastodon.py b/mastodon/Mastodon.py index a649349..2f7868b 100644 --- a/mastodon/Mastodon.py +++ b/mastodon/Mastodon.py | |||
@@ -342,8 +342,9 @@ class Mastodon: | |||
342 | 342 | ||
343 | Handles password and OAuth-based authorization. | 343 | Handles password and OAuth-based authorization. |
344 | 344 | ||
345 | Will throw a `MastodonIllegalArgumentError` if username / password | 345 | Will throw a `MastodonIllegalArgumentError` if the OAuth or the |
346 | are wrong, scopes are not valid or granted scopes differ from requested. | 346 | username / password credentials given are incorrect, and |
347 | `MastodonAPIError` if all of the requested scopes were not granted. | ||
347 | 348 | ||
348 | For OAuth2 documentation, compare | 349 | For OAuth2 documentation, compare |
349 | https://github.com/doorkeeper-gem/doorkeeper/wiki/Interacting-as-an-OAuth-client-with-Doorkeeper | 350 | https://github.com/doorkeeper-gem/doorkeeper/wiki/Interacting-as-an-OAuth-client-with-Doorkeeper |
@@ -379,12 +380,11 @@ class Mastodon: | |||
379 | else: | 380 | else: |
380 | raise MastodonIllegalArgumentError('Invalid request: %s' % e) | 381 | raise MastodonIllegalArgumentError('Invalid request: %s' % e) |
381 | 382 | ||
382 | requested_scopes = " ".join(sorted(scopes)) | 383 | received_scopes = response["scope"].split(" ") |
383 | received_scopes = " ".join(sorted(response["scope"].split(" "))) | ||
384 | 384 | ||
385 | if requested_scopes != received_scopes: | 385 | if not set(scopes) <= set(received_scopes): |
386 | raise MastodonAPIError( | 386 | raise MastodonAPIError( |
387 | 'Granted scopes "' + received_scopes + '" differ from requested scopes "' + requested_scopes + '".') | 387 | 'Granted scopes "' + " ".join(received_scopes) + '" do not contain all of the requested scopes "' + " ".join(scopes) + '".') |
388 | 388 | ||
389 | if to_file is not None: | 389 | if to_file is not None: |
390 | with open(to_file, 'w') as token_file: | 390 | with open(to_file, 'w') as token_file: |