Ubuntu
python-tornado package

facebook authentication: crash on reading "args["access_token"][-1]"

Bug #1708873 reported by rawphi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-tornado (Ubuntu)
New
Undecided
Unassigned

Bug Description

tornado.auth.FacebookGraphMixin crashes when receiving the access token from facebook.

On Ubuntu 17.04, tornado version 4.4.2-1ubuntu1

The problem seems to be at line 983 of /usr/lib/python2.7/dist-packages/tornado/auth.py.

Replacing urlparse.parse_qs with escape.json_decode seems to fix the problem:

- args = urlparse.parse_qs(escape.native_str(response.body))
- session = {
- "access_token": args["access_token"][-1],
- "expires": args.get("expires")
- }
+ args = escape.json_decode(escape.native_str(response.body)) #bug: response is a json string!!
+ session = {
+ "access_token": args["access_token"],
+ "expires": args.get("expires")
+ }

Here's the traceback:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1469, in _execute
    result = yield result
  File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1015, in run
    value = future.result()
  File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 237, in result
    raise_exc_info(self._exc_info)
  File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1021, in run
    yielded = self.gen.throw(*exc_info)
  File "webservice.py", line 72, in get
    user = yield self.get_authenticated_user(redirect_uri=self.absolutePathPrefix + '/auth/facebookgraph', client_id=self.settings["facebook_api_key"], client_secret=self.settings["facebook_secret"], code=code)
  File "/usr/lib/python2.7/dist-packages/tornado/gen.py", line 1015, in run
    value = future.result()
  File "/usr/lib/python2.7/dist-packages/tornado/concurrent.py", line 237, in result
    raise_exc_info(self._exc_info)
  File "/usr/lib/python2.7/dist-packages/tornado/stack_context.py", line 314, in wrapped
    ret = fn(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/tornado/auth.py", line 983, in _on_access_token
    "access_token": args["access_token"][-1],
KeyError: 'access_token'

See original description
rawphi (raphael-ist)
description: updated
description: updated
rawphi (raphael-ist)
description: updated
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.