def has_valid_fxa_oauth(request, email):
if not email:
return False
# Grab the token out of the Authorization header
authorization = request.META.get('HTTP_AUTHORIZATION')
if not authorization:
return False
authorization = authorization.split(None, 1)
if authorization[0].lower() != 'bearer' or len(authorization) != 2:
return False
token = authorization[1].strip()
oauth, profile = get_fxa_clients()
# Validate the token with oauth-server and check for appropriate scope.
# This will raise an exception if things are not as they should be.
try:
oauth.verify_token(token, scope=['basket', 'profile:email'])
except fxa.errors.Error:
# security failure or server problem. can't validate. return invalid
sentry_client.captureException()
return False
try:
fxa_email = profile.get_email(token)
except fxa.errors.Error:
# security failure or server problem. can't validate. return invalid
sentry_client.captureException()
return False
return email == fxa_email
def has_valid_fxa_oauth(request, email):
if not email:
return False
# Grab the token out of the Authorization header
authorization = request.META.get("HTTP_AUTHORIZATION")
if not authorization:
return False
authorization = authorization.split(None, 1)
if authorization[0].lower() != "bearer" or len(authorization) != 2:
return False
token = authorization[1].strip()
oauth, profile = get_fxa_clients()
# Validate the token with oauth-server and check for appropriate scope.
# This will raise an exception if things are not as they should be.
try:
oauth.verify_token(token, scope=["basket", "profile:email"])
except fxa.errors.Error:
# security failure or server problem. can't validate. return invalid
sentry_sdk.capture_exception()
return False
try:
fxa_email = profile.get_email(token)
except fxa.errors.Error:
# security failure or server problem. can't validate. return invalid
sentry_sdk.capture_exception()
return False
return email == fxa_email