Fix host for calls to /oauth2/authorize

mbogosian · posita · commit 91d48feac5a0 · 2017-06-09T05:56:09.000-07:00
diff --git a/dropbox/oauth.py b/dropbox/oauth.py
@@ -15,7 +15,11 @@
 import six
 import urllib
 
-from .session import pinned_session
+from .session import (
+    API_HOST,
+    WEB_HOST,
+    pinned_session,
+)
 
 if six.PY3:
     url_path_quote = urllib.parse.quote  # pylint: disable=no-member,useless-suppression
@@ -92,8 +96,6 @@ def __init__(self, consumer_key, consumer_secret, locale=None):
         self.locale = locale
         self.requests_session = pinned_session()
 
-        self._host = os.environ.get('DROPBOX_WEB_HOST', 'www.dropbox.com')
-
     def _get_authorize_url(self, redirect_uri, state):
         params = dict(response_type='code',
                       client_id=self.consumer_key)
@@ -102,7 +104,7 @@ def _get_authorize_url(self, redirect_uri, state):
         if state is not None:
             params['state'] = state
 
-        return self.build_url('/oauth2/authorize', params)
+        return self.build_url('/oauth2/authorize', params, WEB_HOST)
 
     def _finish(self, code, redirect_uri):
         url = self.build_url('/oauth2/token')
@@ -155,7 +157,7 @@ def build_path(self, target, params=None):
         else:
             return target_path
 
-    def build_url(self, target, params=None):
+    def build_url(self, target, params=None, host=API_HOST):
         """Build an API URL.
 
         This method adds scheme and hostname to the path
@@ -166,7 +168,7 @@ def build_url(self, target, params=None):
         :return: The full API URL.
         :rtype: str
         """
-        return "https://%s%s" % (self._host, self.build_path(target, params))
+        return "https://%s%s" % (host, self.build_path(target, params))
 
 
 class DropboxOAuth2FlowNoRedirect(DropboxOAuth2FlowBase):
diff --git a/dropbox/session.py b/dropbox/session.py
@@ -4,7 +4,7 @@
 
 import requests
 from requests.adapters import HTTPAdapter
-from requests.packages.urllib3.poolmanager import PoolManager
+from urllib3.poolmanager import PoolManager
 
 
 _TRUSTED_CERT_FILE = pkg_resources.resource_filename(__name__, 'trusted-certs.crt')
@@ -52,7 +52,11 @@ def pinned_session(pool_maxsize=8):
     url_path_quote = urllib.parse.quote  # pylint: disable=no-member,useless-suppression
     url_encode = urllib.parse.urlencode  # pylint: disable=no-member,useless-suppression
 
-DOMAIN = os.environ.get('DROPBOX_DOMAIN', '.dropboxapi.com')
+API_DOMAIN = os.environ.get('DROPBOX_API_DOMAIN',
+    os.environ.get('DROPBOX_DOMAIN', '.dropboxapi.com'))
+
+WEB_DOMAIN = os.environ.get('DROPBOX_WEB_DOMAIN',
+    os.environ.get('DROPBOX_DOMAIN', '.dropbox.com'))
 
 # Default short hostname for RPC-style routes.
 HOST_API = 'api'
@@ -66,10 +70,10 @@ def pinned_session(pool_maxsize=8):
 # Default short hostname for the Drobox website.
 HOST_WWW = 'www'
 
-API_HOST = os.environ.get('DROPBOX_API_HOST', HOST_API + DOMAIN)
-API_CONTENT_HOST = os.environ.get('DROPBOX_API_CONTENT_HOST', HOST_CONTENT + DOMAIN)
-API_NOTIFICATION_HOST = os.environ.get('DROPBOX_API_NOTIFY_HOST', HOST_NOTIFY + DOMAIN)
-WEB_HOST = os.environ.get('DROPBOX_WEB_HOST', HOST_WWW + DOMAIN)
+API_HOST = os.environ.get('DROPBOX_API_HOST', HOST_API + API_DOMAIN)
+API_CONTENT_HOST = os.environ.get('DROPBOX_API_CONTENT_HOST', HOST_CONTENT + API_DOMAIN)
+API_NOTIFICATION_HOST = os.environ.get('DROPBOX_API_NOTIFY_HOST', HOST_NOTIFY + API_DOMAIN)
+WEB_HOST = os.environ.get('DROPBOX_WEB_HOST', HOST_WWW + WEB_DOMAIN)
 
 class OAuthToken(object):
     """
diff --git a/setup.py b/setup.py
@@ -25,7 +25,7 @@
 version = eval(line.split('=', 1)[1].strip())  # pylint: disable=eval-used
 
 install_reqs = [
-    'requests >= 2.5.1, != 2.6.1',
+    'requests >= 2.5.1, != 2.6.1, !=2.16.0, !=2.16.1',
     'six >= 1.3.0',
     'urllib3',
 ]
diff --git a/test/test_dropbox.py b/test/test_dropbox.py
@@ -7,6 +7,8 @@
 import os
 import posixpath
 import random
+import re
+import six
 import string
 import sys
 import threading
@@ -19,8 +21,10 @@
 
 from dropbox import (
     Dropbox,
+    DropboxOAuth2Flow,
     DropboxTeam,
     client,
+    session,
 )
 from dropbox.exceptions import (
     ApiError,
@@ -66,6 +70,25 @@ def wrapped(self, *args, **kwargs):
 
 class TestDropbox(unittest.TestCase):
 
+    def test_default_oauth2_urls(self):
+        flow_obj = DropboxOAuth2Flow('dummy_app_key', 'dummy_app_secret',
+            'http://localhost/dummy', 'dummy_session', 'dbx-auth-csrf-token')
+
+        six.assertRegex(
+            flow_obj._get_authorize_url('http://localhost/redirect', 'state'),
+            r'^https://{}/oauth2/authorize\?'.format(re.escape(session.WEB_HOST)),
+        )
+
+        self.assertEqual(
+            flow_obj.build_url('/oauth2/authorize'),
+            'https://{}/oauth2/authorize'.format(session.API_HOST),
+        )
+
+        self.assertEqual(
+            flow_obj.build_url('/oauth2/authorize', host=session.WEB_HOST),
+            'https://{}/oauth2/authorize'.format(session.WEB_HOST),
+        )
+
     def test_bad_auth(self):
         # Test malformed token
         malformed_token_dbx = Dropbox(MALFORMED_TOKEN)

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`version = eval(line.split('=', 1)[1].strip()) # pylint: disable=eval-used`
`26`	`26`
`27`	`27`	`install_reqs = [`
`28`		`- 'requests >= 2.5.1, != 2.6.1',`
	`28`	`+ 'requests >= 2.5.1, != 2.6.1, !=2.16.0, !=2.16.1',`
`29`	`29`	`'six >= 1.3.0',`
`30`	`30`	`'urllib3',`
`31`	`31`	`]`