00dani/lemoncurry
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for

Browse source
This commit is contained in:
Danielle McLean 2017-11-03 15:51:27 +11:00
parent 40810d6310
commit 43a56e865e
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
2 changed files with 7 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lemonauth/views/indie.py
View file

@ -101,7 +101,7 @@ class IndieView(TemplateView):
return utils.bad_req(
'this endpoint only supports response_type=id'
)
if code['id'] != post.get('client_id'):
if code['cid'] != post.get('client_id'):
return utils.forbid('client id did not match')
if code['uri'] != post.get('redirect_uri'):
return utils.forbid('redirect uri did not match')
@ -116,9 +116,6 @@ class IndieView(TemplateView):
@login_required
@require_POST
def approve(request):
post = request.POST
params = tokens.gen_auth_code(post)
uri = post['redirect_uri']
uri, params = tokens.gen_auth_code(request)
sep = '&' if '?' in uri else '?'
return redirect(uri + sep + urlencode(params))