From 82d8987761db789a7a55efa2f6ead6c0b9b05237 Mon Sep 17 00:00:00 2001
From: Mayank Beri <mayankberi@gmail.com>
Date: Wed, 22 Nov 2017 12:32:36 +1100
Subject: [PATCH 1/3] Fixed issue with token URI not valid or returning error
 Bug#360

1. Fixed the code to handle content_type missing from headers. instead of defaulting it to JSON, now trying to load it to json, xml, or then simply returning the content. Code was failing when the content_type was missing but the content was not of json type.

2. Handled the case where an exception was raised when the token URL responsed in a code other than 200 or 201. Instead of raising OauthException now returning the error code in a dictionary so that it can be handled or displayed.
---
 flask_oauthlib/client.py | 43 ++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 15 deletions(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index 3b1cc278..6b209380 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -118,9 +118,27 @@ def parse_response(resp, content, strict=False, content_type=None):
     :param strict: strict mode for form urlencoded content
     :param content_type: assign a content type manually
     """
-    if not content_type:
-        content_type = resp.headers.get('content-type', 'application/json')
     ct, options = parse_options_header(content_type)
+    charset = options.get('charset', 'utf-8')
+
+    if not content_type:
+
+        try:
+            return json.loads(content)
+
+        except Exception as exception:
+            log.debug("The content is not json")
+
+        try:
+            return get_etree().fromstring(content)
+
+        except Exception as exception:
+            log.debug("The content is not XML")
+
+        if strict:
+            return content
+        else:
+            return url_decode(content, charset=charset).to_dict()
 
     if ct in ('application/json', 'text/javascript'):
         if not content:
@@ -132,7 +150,7 @@ def parse_response(resp, content, strict=False, content_type=None):
 
     if ct != 'application/x-www-form-urlencoded' and strict:
         return content
-    charset = options.get('charset', 'utf-8')
+
     return url_decode(content, charset=charset).to_dict()
 
 
@@ -641,13 +659,11 @@ def handle_oauth1_response(self, args):
             uri, headers, to_bytes(data, self.encoding),
             method=self.access_token_method
         )
-        data = parse_response(resp, content)
+
         if resp.code not in (200, 201):
-            raise OAuthException(
-                'Invalid response from %s' % self.name,
-                type='invalid_response', data=data
-            )
-        return data
+            return {'accessToken':None,'code':resp.code, 'msg':resp.msg}
+
+        return parse_response(resp, content)
 
     def handle_oauth2_response(self, args):
         """Handles an oauth2 authorization response."""
@@ -685,13 +701,10 @@ def handle_oauth2_response(self, args):
                 self.access_token_method
             )
 
-        data = parse_response(resp, content, content_type=self.content_type)
         if resp.code not in (200, 201):
-            raise OAuthException(
-                'Invalid response from %s' % self.name,
-                type='invalid_response', data=data
-            )
-        return data
+            return {'accessToken':None,'code':resp.code, 'msg':resp.msg}
+
+        return parse_response(resp, content, content_type=self.content_type)
 
     def handle_unknown_response(self):
         """Handles a unknown authorization response."""

From c93b9310531c35b0133f19e133587888919922b9 Mon Sep 17 00:00:00 2001
From: Mayank Beri <mayankberi@gmail.com>
Date: Sun, 26 Nov 2017 15:51:05 +1100
Subject: [PATCH 2/3] Fixed issue with token URI not valid or returning error
 Bug#360

1. Fixed the code to handle content_type missing from headers. instead of defaulting it to JSON, now trying to load it to json, xml, or then simply returning the content. Code was failing when the content_type was missing but the content was not of json type.

2. Handled the case where an exception was raised when the token URL responsed in a code other than 200 or 201. Instead of raising OauthException now returning the error code in a dictionary so that it can be handled or displayed.
---
 flask_oauthlib/client.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index 6b209380..f254b859 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -137,8 +137,8 @@ def parse_response(resp, content, strict=False, content_type=None):
 
         if strict:
             return content
-        else:
-            return url_decode(content, charset=charset).to_dict()
+
+        return url_decode(content, charset=charset).to_dict()
 
     if ct in ('application/json', 'text/javascript'):
         if not content:
@@ -659,11 +659,13 @@ def handle_oauth1_response(self, args):
             uri, headers, to_bytes(data, self.encoding),
             method=self.access_token_method
         )
-
+        data = parse_response(resp, content)
         if resp.code not in (200, 201):
-            return {'accessToken':None,'code':resp.code, 'msg':resp.msg}
-
-        return parse_response(resp, content)
+            raise OAuthException(
+                'Invalid response from %s' % self.name,
+                type='invalid_response', data=data
+            )
+        return data
 
     def handle_oauth2_response(self, args):
         """Handles an oauth2 authorization response."""
@@ -701,10 +703,13 @@ def handle_oauth2_response(self, args):
                 self.access_token_method
             )
 
+        data = parse_response(resp, content, content_type=self.content_type)
         if resp.code not in (200, 201):
-            return {'accessToken':None,'code':resp.code, 'msg':resp.msg}
-
-        return parse_response(resp, content, content_type=self.content_type)
+            raise OAuthException(
+                'Invalid response from %s' % self.name,
+                type='invalid_response', data=data
+            )
+        return data
 
     def handle_unknown_response(self):
         """Handles a unknown authorization response."""

From 0999dde5e9f3215d16dbad0aa703e4dd4f3e6c03 Mon Sep 17 00:00:00 2001
From: Mayank Beri <mayankberi@gmail.com>
Date: Sun, 26 Nov 2017 16:01:52 +1100
Subject: [PATCH 3/3] Fixed issue with token URI not valid or returning error
 Bug#360

1. Fixed the code to handle content_type missing from headers. instead of defaulting it to JSON, now trying to load it to json, xml, or then simply returning the content. Code was failing when the content_type was missing but the content was not of json type.

2. Handled the case where an exception was raised when the token URL responsed in a code other than 200 or 201. Instead of raising OauthException now returning the error code in a dictionary so that it can be handled or displayed.
---
 flask_oauthlib/client.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index f254b859..e27f5cbb 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -122,22 +122,18 @@ def parse_response(resp, content, strict=False, content_type=None):
     charset = options.get('charset', 'utf-8')
 
     if not content_type:
-
         try:
             return json.loads(content)
-
         except Exception as exception:
             log.debug("The content is not json")
 
         try:
             return get_etree().fromstring(content)
-
         except Exception as exception:
             log.debug("The content is not XML")
 
         if strict:
             return content
-
         return url_decode(content, charset=charset).to_dict()
 
     if ct in ('application/json', 'text/javascript'):