Add support for selecting scopes during IndieAuth's 'code' type

This commit is contained in:
Danielle McLean 2017-11-01 13:27:55 +11:00
parent 0a202a215d
commit 06278935b6
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
3 changed files with 34 additions and 6 deletions

View file

@ -3,13 +3,13 @@ from secrets import token_hex
class IndieAuthCodeManager(models.Manager): class IndieAuthCodeManager(models.Manager):
def create_from_dict(self, d): def create_from_qdict(self, d):
code = self.create( code = self.create(
me=d['me'], me=d['me'],
client_id=d['client_id'], client_id=d['client_id'],
redirect_uri=d['redirect_uri'], redirect_uri=d['redirect_uri'],
response_type=d.get('response_type', 'id'), response_type=d.get('response_type', 'id'),
scope=d.get('scope', ''), scope=" ".join(d.getlist('scope')),
) )
code.code = token_hex(32) code.code = token_hex(32)
return code return code

View file

@ -22,6 +22,18 @@
<div class="card-body"> <div class="card-body">
<p class="card-text">do you want to confirm your identity, <a class="code" href="{{ me }}">{{ me }}</a>, with this app?</p> <p class="card-text">do you want to confirm your identity, <a class="code" href="{{ me }}">{{ me }}</a>, with this app?</p>
{% if params.response_type == 'code' %}
<p class="card-text">additionally, this app is requesting the following <i>scopes</i> - you can edit the scopes that will be granted to the app, if you wish</p>
<div class="custom-controls-stacked card-text">
{% for scope in scopes %}
<label class="custom-control custom-checkbox">
<input name="scope" type="checkbox" class="custom-control-input" checked value="{{ scope }}" />
<span class="custom-control-indicator"></span>
<span class="custom-control-description">{{ scope }}</span>
</label>
{% endfor %}
</div>
{% endif %}
<p class="card-text"><small>you will be redirected to <a class="code" href="{{ params.redirect_uri }}">{{ params.redirect_uri }}</a> after authorising this app</small></p> <p class="card-text"><small>you will be redirected to <a class="code" href="{{ params.redirect_uri }}">{{ params.redirect_uri }}</a> after authorising this app</small></p>
</div> </div>

View file

@ -62,6 +62,22 @@ class IndieView(TemplateView):
content_type='text/plain', content_type='text/plain',
) )
type = params['response_type']
if type not in ('id', 'code'):
return HttpResponseBadRequest(
'unknown response_type: {0}'.format(type),
content_type='text/plain'
)
scopes = ()
if type == 'code':
if 'scope' not in params:
return HttpResponseBadRequest(
'scopes required for code type',
content_type='text/plain',
)
scopes = params['scope'].split(' ')
client = mf2py.Parser(url=params['client_id'], html_parser='html5lib') client = mf2py.Parser(url=params['client_id'], html_parser='html5lib')
rels = (client.to_dict()['rel-urls'] rels = (client.to_dict()['rel-urls']
.get(params['redirect_uri'], {}) .get(params['redirect_uri'], {})
@ -78,6 +94,7 @@ class IndieView(TemplateView):
'me': me, 'me': me,
'verified': verified, 'verified': verified,
'params': params, 'params': params,
'scopes': scopes,
'title': 'indieauth', 'title': 'indieauth',
} }
@ -112,10 +129,9 @@ class IndieView(TemplateView):
@login_required @login_required
@require_POST @require_POST
def approve(request): def approve(request):
post = request.POST.dict() code = IndieAuthCode.objects.create_from_qdict(request.POST)
code = IndieAuthCode.objects.create_from_dict(post)
code.save() code.save()
params = {'code': code.code, 'me': code.me} params = {'code': code.code, 'me': code.me}
if 'state' in post: if 'state' in request.POST:
params['state'] = post['state'] params['state'] = request.POST['state']
return redirect(code.redirect_uri + '?' + urlencode(params)) return redirect(code.redirect_uri + '?' + urlencode(params))