Ubuntu One Servers

  1. Bug #989157
  2. Comment #2

Comment 2 for bug 989157

Revision history for this message
Vincenzo Di Somma (vds) wrote : Re: updown OAuth may fail with valid credentials

For what I can see, we don't store the nonces, once the oauth lib asks us if we have a nonce U1BaseOAuthDataStore.lookup_nonce always returns None.
So we are not using this security feature of OAuth.
There are two possible ways to solve the issue we are having:

1) Increase the timestamp_threshold in web.oauth.views.get_oauth_server to something bigger than 900 (ie 7200), if some upload will take more than 7200 secs the problem will still occur.

2) monkey patch python-oauth so that the nonce/timestamp check is always passed, is a small patch. If, in the future, we'll want to do a proper nonce/timestamp check we can always remove the monkey patch and go for option 1)