Put the shortcuts for returning 40* responses into lemoncurry.utils
This commit is contained in:
parent
1e56d5a09a
commit
41d490ea80
2 changed files with 23 additions and 25 deletions
|
@ -2,7 +2,6 @@ import mf2py
|
||||||
|
|
||||||
from annoying.decorators import render_to
|
from annoying.decorators import render_to
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.http import HttpResponseForbidden, HttpResponseBadRequest
|
|
||||||
from django.http import JsonResponse
|
from django.http import JsonResponse
|
||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
|
@ -17,14 +16,6 @@ from ..models import IndieAuthCode
|
||||||
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
|
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
|
||||||
|
|
||||||
|
|
||||||
def bad_req(message):
|
|
||||||
return HttpResponseBadRequest(message, content_type='text/plain')
|
|
||||||
|
|
||||||
|
|
||||||
def forbid(message):
|
|
||||||
return HttpResponseForbidden(message, content_type='text/plain')
|
|
||||||
|
|
||||||
|
|
||||||
def canonical(url):
|
def canonical(url):
|
||||||
(scheme, loc, path, params, q, fragment) = urlparse(url)
|
(scheme, loc, path, params, q, fragment) = urlparse(url)
|
||||||
if not path:
|
if not path:
|
||||||
|
@ -49,32 +40,28 @@ class IndieView(TemplateView):
|
||||||
|
|
||||||
for param in self.required_params:
|
for param in self.required_params:
|
||||||
if param not in params:
|
if param not in params:
|
||||||
return HttpResponseBadRequest(
|
return utils.bad_req(
|
||||||
'parameter {0} is required'.format(param),
|
'parameter {0} is required'.format(param)
|
||||||
content_type='text/plain',
|
|
||||||
)
|
)
|
||||||
|
|
||||||
me = canonical(params['me'])
|
me = canonical(params['me'])
|
||||||
user = urljoin(utils.origin(request), request.user.url)
|
user = urljoin(utils.origin(request), request.user.url)
|
||||||
if user != me:
|
if user != me:
|
||||||
return HttpResponseForbidden(
|
return utils.forbid(
|
||||||
'you are logged in but not as {0}'.format(me),
|
'you are logged in but not as {0}'.format(me)
|
||||||
content_type='text/plain',
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type = params['response_type']
|
type = params['response_type']
|
||||||
if type not in ('id', 'code'):
|
if type not in ('id', 'code'):
|
||||||
return HttpResponseBadRequest(
|
return utils.bad_req(
|
||||||
'unknown response_type: {0}'.format(type),
|
'unknown response_type: {0}'.format(type)
|
||||||
content_type='text/plain'
|
|
||||||
)
|
)
|
||||||
|
|
||||||
scopes = ()
|
scopes = ()
|
||||||
if type == 'code':
|
if type == 'code':
|
||||||
if 'scope' not in params:
|
if 'scope' not in params:
|
||||||
return HttpResponseBadRequest(
|
return utils.bad_req(
|
||||||
'scopes required for code type',
|
'scopes required for code type'
|
||||||
content_type='text/plain',
|
|
||||||
)
|
)
|
||||||
scopes = params['scope'].split(' ')
|
scopes = params['scope'].split(' ')
|
||||||
|
|
||||||
|
@ -103,7 +90,7 @@ class IndieView(TemplateView):
|
||||||
try:
|
try:
|
||||||
code = IndieAuthCode.objects.get(code=post.get('code'))
|
code = IndieAuthCode.objects.get(code=post.get('code'))
|
||||||
except IndieAuthCode.DoesNotExist:
|
except IndieAuthCode.DoesNotExist:
|
||||||
return forbid('invalid auth code')
|
return utils.forbid('invalid auth code')
|
||||||
|
|
||||||
# We always delete the code immediately to ensure it's only single-use.
|
# We always delete the code immediately to ensure it's only single-use.
|
||||||
# If you pass the right code but the wrong other info, bad luck, you
|
# If you pass the right code but the wrong other info, bad luck, you
|
||||||
|
@ -113,11 +100,13 @@ class IndieView(TemplateView):
|
||||||
# After deleting the code from the DB, we verify the other parameters
|
# After deleting the code from the DB, we verify the other parameters
|
||||||
# of the request.
|
# of the request.
|
||||||
if code.response_type != 'id':
|
if code.response_type != 'id':
|
||||||
return bad_req('this endpoint only supports response_type=id')
|
return utils.bad_req(
|
||||||
|
'this endpoint only supports response_type=id'
|
||||||
|
)
|
||||||
if post.get('client_id') != code.client_id:
|
if post.get('client_id') != code.client_id:
|
||||||
return forbid('client id did not match')
|
return utils.forbid('client id did not match')
|
||||||
if post.get('redirect_uri') != code.redirect_uri:
|
if post.get('redirect_uri') != code.redirect_uri:
|
||||||
return forbid('redirect uri did not match')
|
return utils.forbid('redirect uri did not match')
|
||||||
|
|
||||||
# If we got here, it's valid! Yay!
|
# If we got here, it's valid! Yay!
|
||||||
return utils.choose_type(request, {'me': code.me}, {
|
return utils.choose_type(request, {'me': code.me}, {
|
||||||
|
|
|
@ -2,6 +2,7 @@ import json
|
||||||
from accept_types import get_best_match
|
from accept_types import get_best_match
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
|
from django.http import HttpResponseForbidden, HttpResponseBadRequest
|
||||||
from os.path import join
|
from os.path import join
|
||||||
from shorturls import default_converter as converter
|
from shorturls import default_converter as converter
|
||||||
from shorturls.templatetags.shorturl import ShortURL
|
from shorturls.templatetags.shorturl import ShortURL
|
||||||
|
@ -48,3 +49,11 @@ def shortlink(obj):
|
||||||
if hasattr(settings, 'SHORT_BASE_URL') and settings.SHORT_BASE_URL:
|
if hasattr(settings, 'SHORT_BASE_URL') and settings.SHORT_BASE_URL:
|
||||||
return urljoin(settings.SHORT_BASE_URL, prefix + tinyid)
|
return urljoin(settings.SHORT_BASE_URL, prefix + tinyid)
|
||||||
return '/' + prefix + tinyid
|
return '/' + prefix + tinyid
|
||||||
|
|
||||||
|
|
||||||
|
def bad_req(message):
|
||||||
|
return HttpResponseBadRequest(message, content_type='text/plain')
|
||||||
|
|
||||||
|
|
||||||
|
def forbid(message):
|
||||||
|
return HttpResponseForbidden(message, content_type='text/plain')
|
||||||
|
|
Loading…
Reference in a new issue