Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form
This commit is contained in:
parent
6bdcce1844
commit
221d548e4a
4 changed files with 38 additions and 21 deletions
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
{% block main %}
|
{% block main %}
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<form class="card" method="post" action="{% url 'lemonauth:indie' %}">
|
<form class="card" method="post" action="{% url 'lemonauth:indie_approve' %}">
|
||||||
<h4 class="card-header h-x-app">
|
<h4 class="card-header h-x-app">
|
||||||
{% if app %}<img class="u-logo p-name" src="{{ app.logo | first }}" alt="{{ app.name | first }}" />{% endif %}
|
{% if app %}<img class="u-logo p-name" src="{{ app.logo | first }}" alt="{{ app.name | first }}" />{% endif %}
|
||||||
sign in to
|
sign in to
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
</h4>
|
</h4>
|
||||||
|
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<p class="card-text">do you want to confirm your identity, <a class="code" href="{{ params.me }}">{{ params.me }}</a>, with this app?</p>
|
<p class="card-text">do you want to confirm your identity, <a class="code" href="{{ me }}">{{ me }}</a>, with this app?</p>
|
||||||
<p class="card-text"><small>you will be redirected to <a class="code" href="{{ params.redirect_uri }}">{{ params.redirect_uri }}</a> after authorising this app</small></p>
|
<p class="card-text"><small>you will be redirected to <a class="code" href="{{ params.redirect_uri }}">{{ params.redirect_uri }}</a> after authorising this app</small></p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -28,9 +28,11 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
{% if params.state %}
|
<input name="me" type="hidden" value="{{ me }}" />
|
||||||
<input name="state" type="hidden" value="{{ params.state }}" />
|
<input name="client_id" type="hidden" value="{{ params.client_id }}" />
|
||||||
{% endif %}
|
<input name="redirect_uri" type="hidden" value="{{ params.redirect_uri }}" />
|
||||||
|
{% if params.state %}<input name="state" type="hidden" value="{{ params.state }}" />{% endif %}
|
||||||
|
<input name="response_type" type="hidden" value="{{ params.response_type }}" />
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
@ -6,4 +6,5 @@ urlpatterns = [
|
||||||
url('^login$', views.login, name='login'),
|
url('^login$', views.login, name='login'),
|
||||||
url('^logout$', views.logout, name='logout'),
|
url('^logout$', views.logout, name='logout'),
|
||||||
url('^indie$', views.IndieView.as_view(), name='indie'),
|
url('^indie$', views.IndieView.as_view(), name='indie'),
|
||||||
|
url('^indie/approve$', views.indie_approve, name='indie_approve'),
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
from .login import login
|
from .login import login
|
||||||
from .logout import logout
|
from .logout import logout
|
||||||
from .indie import IndieView
|
from .indie import IndieView, approve as indie_approve
|
||||||
|
|
|
@ -1,23 +1,39 @@
|
||||||
import mf2py
|
import mf2py
|
||||||
|
|
||||||
|
from annoying.decorators import render_to
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.http import HttpResponseForbidden, HttpResponseBadRequest
|
from django.http import HttpResponseForbidden, HttpResponseBadRequest
|
||||||
from django.shortcuts import render
|
from django.http import JsonResponse
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
from django.views.generic import TemplateView
|
from django.views.generic import TemplateView
|
||||||
|
from django.views.decorators.http import require_POST
|
||||||
from lemoncurry import breadcrumbs, utils
|
from lemoncurry import breadcrumbs, utils
|
||||||
from urllib.parse import urljoin
|
from urllib.parse import urljoin, urlunparse, urlparse
|
||||||
|
|
||||||
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
|
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
|
||||||
|
|
||||||
|
|
||||||
|
def canonical(url):
|
||||||
|
(scheme, loc, path, params, q, fragment) = urlparse(url)
|
||||||
|
if not path:
|
||||||
|
path = '/'
|
||||||
|
if not loc:
|
||||||
|
loc, path = path, ''
|
||||||
|
if not scheme:
|
||||||
|
scheme = 'https'
|
||||||
|
return urlunparse((scheme, loc, path, params, q, fragment))
|
||||||
|
|
||||||
|
|
||||||
class IndieView(TemplateView):
|
class IndieView(TemplateView):
|
||||||
template_name = 'lemonauth/indie.html'
|
template_name = 'lemonauth/indie.html'
|
||||||
required_params = ('me', 'client_id', 'redirect_uri')
|
required_params = ('me', 'client_id', 'redirect_uri')
|
||||||
|
|
||||||
@method_decorator(login_required)
|
@method_decorator(login_required)
|
||||||
|
@method_decorator(render_to(template_name))
|
||||||
def get(self, request):
|
def get(self, request):
|
||||||
params = request.GET
|
params = request.GET.dict()
|
||||||
|
params.setdefault('response_type', 'id')
|
||||||
|
|
||||||
for param in self.required_params:
|
for param in self.required_params:
|
||||||
if param not in params:
|
if param not in params:
|
||||||
return HttpResponseBadRequest(
|
return HttpResponseBadRequest(
|
||||||
|
@ -25,13 +41,9 @@ class IndieView(TemplateView):
|
||||||
content_type='text/plain',
|
content_type='text/plain',
|
||||||
)
|
)
|
||||||
|
|
||||||
me = params['me']
|
me = canonical(params['me'])
|
||||||
if me[-1] == '/':
|
user = urljoin(utils.origin(request), request.user.url)
|
||||||
me = me[:-1]
|
if user != me:
|
||||||
|
|
||||||
origin = utils.origin(request)
|
|
||||||
user = urljoin(origin, request.user.url)
|
|
||||||
if user not in (me, me + '/'):
|
|
||||||
return HttpResponseForbidden(
|
return HttpResponseForbidden(
|
||||||
'you are logged in but not as {0}'.format(me),
|
'you are logged in but not as {0}'.format(me),
|
||||||
content_type='text/plain',
|
content_type='text/plain',
|
||||||
|
@ -52,8 +64,10 @@ class IndieView(TemplateView):
|
||||||
except IndexError:
|
except IndexError:
|
||||||
app = None
|
app = None
|
||||||
|
|
||||||
return render(request, self.template_name, {
|
return {'app': app, 'me': me, 'params': params, 'title': 'indieauth'}
|
||||||
'app': app,
|
|
||||||
'params': params,
|
|
||||||
'title': 'indieauth',
|
@login_required
|
||||||
})
|
@require_POST
|
||||||
|
def approve(request):
|
||||||
|
return JsonResponse(request.POST)
|
||||||
|
|
Loading…
Reference in a new issue