From be554ecef1c691eba553eb29ddabce7eaf27f1f9 Mon Sep 17 00:00:00 2001
From: Alessio Bogon <youtux@gmail.com>
Date: Thu, 30 Apr 2015 23:42:37 +0200
Subject: [PATCH 1/3] Fix compliance_fixes not being correctly checked

---
 flask_oauthlib/contrib/client/application.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/flask_oauthlib/contrib/client/application.py b/flask_oauthlib/contrib/client/application.py
index f792714e..91c0d667 100644
--- a/flask_oauthlib/contrib/client/application.py
+++ b/flask_oauthlib/contrib/client/application.py
@@ -307,11 +307,12 @@ def make_oauth_session(self, **kwargs):
 
         # patches session
         compliance_fixes = self.compliance_fixes
-        if compliance_fixes.startswith('.'):
-            compliance_fixes = \
-                'requests_oauthlib.compliance_fixes' + compliance_fixes
-        apply_fixes = import_string(compliance_fixes)
-        oauth = apply_fixes(oauth)
+        if compliance_fixes is not None:
+            if compliance_fixes.startswith('.'):
+                compliance_fixes = \
+                    'requests_oauthlib.compliance_fixes' + compliance_fixes
+            apply_fixes = import_string(compliance_fixes)
+            oauth = apply_fixes(oauth)
 
         return oauth
 

From 072f1d5bacd2fa95d194ff8be5426b79a1dddc79 Mon Sep 17 00:00:00 2001
From: Ryan-K <ryan@elelsee.com>
Date: Sun, 3 May 2015 21:25:44 -0500
Subject: [PATCH 2/3] Add support for 0-legged oauth

---
 flask_oauthlib/provider/oauth1.py | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/flask_oauthlib/provider/oauth1.py b/flask_oauthlib/provider/oauth1.py
index 7886a6be..9736ee61 100644
--- a/flask_oauthlib/provider/oauth1.py
+++ b/flask_oauthlib/provider/oauth1.py
@@ -14,7 +14,7 @@
 from flask import request, redirect, url_for
 from flask import make_response, abort
 from oauthlib.oauth1 import RequestValidator
-from oauthlib.oauth1 import WebApplicationServer as Server
+from oauthlib.oauth1 import WebApplicationServer, SignatureOnlyEndpoint
 from oauthlib.oauth1 import SIGNATURE_HMAC, SIGNATURE_RSA
 from oauthlib.common import to_unicode, add_params_to_uri, urlencode
 from oauthlib.oauth1.rfc5849 import errors
@@ -27,6 +27,12 @@
 log = logging.getLogger('flask_oauthlib')
 
 
+class Server(WebApplicationServer, SignatureOnlyEndpoint):
+    def __init__(self, request_validator):
+        WebApplicationServer.__init__(self, request_validator)
+        SignatureOnlyEndpoint.__init__(self, request_validator)
+
+
 class OAuth1Provider(object):
     """Provide secure services using OAuth1.
 
@@ -483,7 +489,7 @@ def decorated(*args, **kwargs):
                 return _error_response(e)
         return decorated
 
-    def require_oauth(self, *realms, **kwargs):
+    def require_oauth(self, *realms, **oauth_kwargs):
         """Protect resource with specified scopes."""
         def wrapper(f):
             @wraps(f)
@@ -497,9 +503,15 @@ def decorated(*args, **kwargs):
                 server = self.server
                 uri, http_method, body, headers = extract_params()
                 try:
-                    valid, req = server.validate_protected_resource_request(
-                        uri, http_method, body, headers, realms
-                    )
+                    if oauth_kwargs.get("require_user", True):
+                        valid, req = server.validate_protected_resource_request(
+                            uri, http_method, body, headers, realms
+                        )
+                    else:
+                        valid, req = server.validate_request(
+                            uri, http_method, body, headers
+                        )
+
                 except Exception as e:
                     log.warn('Exception: %r', e)
                     e.urlencoded = urlencode([('error', 'unknown')])
@@ -511,7 +523,8 @@ def decorated(*args, **kwargs):
                 if not valid:
                     return abort(401)
                 # alias user for convenience
-                req.user = req.access_token.user
+                if oauth_kwargs.get("require_user", True):
+                    req.user = req.access_token.user
                 request.oauth = req
                 return f(*args, **kwargs)
             return decorated

From 42eae4af270f941a6e8c09a58da59b337d482c87 Mon Sep 17 00:00:00 2001
From: Ryan-K <ryan.kolak@gmail.com>
Date: Fri, 5 Jun 2015 16:39:13 -0500
Subject: [PATCH 3/3] Update oauth1.rst

Document usage of require_oauth decorator with require_user=False
---
 docs/oauth1.rst | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/docs/oauth1.rst b/docs/oauth1.rst
index a1b9f082..7d612bc9 100644
--- a/docs/oauth1.rst
+++ b/docs/oauth1.rst
@@ -438,7 +438,7 @@ Just like request token handler, you can add more data in access token.
 Protect Resource
 ----------------
 
-Protect the resource of a user with ``require_oauth`` decorator now::
+Protect a resource with ``require_oauth`` decorator now::
 
     @app.route('/api/me')
     @oauth.require_oauth('email')
@@ -451,9 +451,21 @@ Protect the resource of a user with ``require_oauth`` decorator now::
     def user(username):
         user = User.query.filter_by(username=username).first()
         return jsonify(email=user.email, username=user.username)
+        
+    @app.route('/api/client')
+    @oauth.require_oauth(require_user=False)
+    def client():
+        client = Client.query.filter_by(client_key=request.oauth.client_key).first()
+        return jsonify(client_key=client.client_key, 
+                       name=client.name, 
+                       description=client.description, 
+                       user_id=client.user_id)
 
 The decorator accepts a list of realms, only the clients with the given realms
-can access the defined resources.
+can access the defined resources. Additionally, the decorator supports a require_user
+parameter that defaults to True. By setting this to false, this implements "0-legged"
+oauth which allows an authorized client to make requests without the context of a user.
+
 
 .. versionchanged:: 0.5.0