[Fix Bug] When library call authenticate_client but client's secret key is null that can cause the program raise a 500 Internal Server Error. (lepture#258)

madawei2699 · lepture · commit fa7d9d68fecc · 2016-06-02T00:56:15.000+09:00
* [Fix Bug] When library call authenticate_client but client's secret key is null that can cause the program raise a 500 Internal Server Error.

* [Fix Bug] When library call authenticate_client but client's secret key is null that can cause the program raise a 500 Internal Server Error.
diff --git a/flask_oauthlib/provider/oauth2.py b/flask_oauthlib/provider/oauth2.py
@@ -623,9 +623,11 @@ def authenticate_client(self, request, *args, **kwargs):
 
         request.client = client
 
-        if client.client_secret != client_secret:
-            log.debug('Authenticate client failed, secret not match.')
-            return False
+        # http://tools.ietf.org/html/rfc6749#section-2
+        # The client MAY omit the parameter if the client secret is an empty string.
+        if hasattr(client, 'client_secret') and client.client_secret != client_secret:
+                log.debug('Authenticate client failed, secret not match.')
+                return False
 
         log.debug('Authenticate client success.')
         return True
