def has_valid_fxa_oauth(request, email): if not email: return False # Grab the token out of the Authorization header authorization = request.META.get('HTTP_AUTHORIZATION') if not authorization: return False authorization = authorization.split(None, 1) if authorization[0].lower() != 'bearer' or len(authorization) != 2: return False token = authorization[1].strip() oauth, profile = get_fxa_clients() # Validate the token with oauth-server and check for appropriate scope. # This will raise an exception if things are not as they should be. try: oauth.verify_token(token, scope=['basket', 'profile:email']) except fxa.errors.Error: # security failure or server problem. can't validate. return invalid sentry_client.captureException() return False try: fxa_email = profile.get_email(token) except fxa.errors.Error: # security failure or server problem. can't validate. return invalid sentry_client.captureException() return False return email == fxa_email
def has_valid_fxa_oauth(request, email): if not email: return False # Grab the token out of the Authorization header authorization = request.META.get("HTTP_AUTHORIZATION") if not authorization: return False authorization = authorization.split(None, 1) if authorization[0].lower() != "bearer" or len(authorization) != 2: return False token = authorization[1].strip() oauth, profile = get_fxa_clients() # Validate the token with oauth-server and check for appropriate scope. # This will raise an exception if things are not as they should be. try: oauth.verify_token(token, scope=["basket", "profile:email"]) except fxa.errors.Error: # security failure or server problem. can't validate. return invalid sentry_sdk.capture_exception() return False try: fxa_email = profile.get_email(token) except fxa.errors.Error: # security failure or server problem. can't validate. return invalid sentry_sdk.capture_exception() return False return email == fxa_email