[Bug 1708873] Re: facebook authentication: crash on reading "args["access_token"][-1]"

rawphi Sat, 05 Aug 2017 13:25:57 -0700

** Description changed:

  tornado.auth.FacebookGraphMixin crashes when receiving the access token
  from facebook.
  
  On Ubuntu 17.04, tornado version 4.4.2-1ubuntu1
  
- 
- The problem seems to be at line 983 of 
/usr/lib/python2.7/dist-packages/tornado/auth.py.
+ The problem seems to be at line 983 of /usr/lib/python2.7/dist-
+ packages/tornado/auth.py.
  
  Replacing urlparse.parse_qs with escape.json_decode seems to fix the
  problem:
  
  -        args = urlparse.parse_qs(escape.native_str(response.body))
- +        args = escape.json_decode(escape.native_str(response.body))  #bug: 
response is a json string!!
+ -        session = {
+ -            "access_token": args["access_token"][-1],
+ -            "expires": args.get("expires")
+ -        }
+ 
+ +        args = escape.json_decode(escape.native_str(response.body)) #bug: 
response is a json string!!
+ +        session = {
+ +            "access_token": args["access_token"],
+ +            "expires": args.get("expires")
+ +        }
  
  
  Here's the traceback:
  
  Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1469, in 
_execute
      result = yield result
    File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1015, in run
      value = future.result()
    File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 237, in 
result
      raise_exc_info(self._exc_info)
    File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1021, in run
      yielded = self.gen.throw(*exc_info)
    File "webservice.py", line 72, in get
      user = yield 
self.get_authenticated_user(redirect_uri=self.absolutePathPrefix + 
'/auth/facebookgraph', client_id=self.settings["facebook_api_key"], 
client_secret=self.settings["facebook_secret"], code=code)
    File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1015, in run
      value = future.result()
    File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 237, in 
result
      raise_exc_info(self._exc_info)
    File "/usr/lib/python2.7/dist-packages/tornado/stack_context.py", line 314, 
in wrapped
      ret = fn(*args, **kwargs)
    File "/usr/lib/python2.7/dist-packages/tornado/auth.py", line 983, in 
_on_access_token
      "access_token": args["access_token"][-1],
  KeyError: 'access_token'


** Description changed:

  tornado.auth.FacebookGraphMixin crashes when receiving the access token
  from facebook.
  
  On Ubuntu 17.04, tornado version 4.4.2-1ubuntu1
  
  The problem seems to be at line 983 of /usr/lib/python2.7/dist-
  packages/tornado/auth.py.
  
  Replacing urlparse.parse_qs with escape.json_decode seems to fix the
  problem:
  
  -        args = urlparse.parse_qs(escape.native_str(response.body))
  -        session = {
  -            "access_token": args["access_token"][-1],
  -            "expires": args.get("expires")
  -        }
- 
  +        args = escape.json_decode(escape.native_str(response.body)) #bug: 
response is a json string!!
  +        session = {
  +            "access_token": args["access_token"],
  +            "expires": args.get("expires")
  +        }
- 
  
  Here's the traceback:
  
  Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1469, in 
_execute
      result = yield result
    File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1015, in run
      value = future.result()
    File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 237, in 
result
      raise_exc_info(self._exc_info)
    File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1021, in run
      yielded = self.gen.throw(*exc_info)
    File "webservice.py", line 72, in get
      user = yield 
self.get_authenticated_user(redirect_uri=self.absolutePathPrefix + 
'/auth/facebookgraph', client_id=self.settings["facebook_api_key"], 
client_secret=self.settings["facebook_secret"], code=code)
    File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1015, in run
      value = future.result()
    File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 237, in 
result
      raise_exc_info(self._exc_info)
    File "/usr/lib/python2.7/dist-packages/tornado/stack_context.py", line 314, 
in wrapped
      ret = fn(*args, **kwargs)
    File "/usr/lib/python2.7/dist-packages/tornado/auth.py", line 983, in 
_on_access_token
      "access_token": args["access_token"][-1],
  KeyError: 'access_token'

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708873

Title:
  facebook authentication:   crash on reading "args["access_token"][-1]"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-tornado/+bug/1708873/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1708873] Re: facebook authentication: crash on reading "args["access_token"][-1]"

Reply via email to