Half-implement an IndieAuth authorization endpoint - it accepts the right parameters, verifies your client_id, and displays a prompt, but you can't actually approve the auth yet

This commit is contained in:
Danielle McLean 2017-10-26 11:35:57 +11:00
parent d234fd942d
commit 93be2f5a32
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
7 changed files with 145 additions and 1 deletions

View file

@ -22,6 +22,7 @@ qrcode = "*"
django-otp-agents = "*" django-otp-agents = "*"
python-slugify = "*" python-slugify = "*"
django-markdown-deux = "*" django-markdown-deux = "*"
"mf2py" = "*"
[dev-packages] [dev-packages]

65
Pipfile.lock generated
View file

@ -1,7 +1,7 @@
{ {
"_meta": { "_meta": {
"hash": { "hash": {
"sha256": "c32114b4f91b4ef6f4023a180c8db8c0567a6f9206da1af2136af17dd6026b93" "sha256": "ead57b340efa8b663100364efa6b9037299456bb3e37d533b6d7c4404608749c"
}, },
"host-environment-markers": { "host-environment-markers": {
"implementation_name": "cpython", "implementation_name": "cpython",
@ -27,6 +27,28 @@
] ]
}, },
"default": { "default": {
"beautifulsoup4": {
"hashes": [
"sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11",
"sha256:11a9a27b7d3bddc6d86f59fb76afb70e921a25ac2d6cc55b40d072bd68435a76",
"sha256:808b6ac932dccb0a4126558f7dfdcf41710dd44a4ef497a0bb59a77f9f078e89"
],
"version": "==4.6.0"
},
"certifi": {
"hashes": [
"sha256:54a07c09c586b0e4c619f02a5e94e36619da8e2b053e20f594348c0611803704",
"sha256:40523d2efb60523e113b44602298f0960e900388cf3bb6043f645cf57ea9e3f5"
],
"version": "==2017.7.27.1"
},
"chardet": {
"hashes": [
"sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691",
"sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae"
],
"version": "==3.0.4"
},
"django": { "django": {
"hashes": [ "hashes": [
"sha256:7ab6a9c798a5f9f359ee6da3677211f883fb02ef32cebe9b29751eb7a871febf", "sha256:7ab6a9c798a5f9f359ee6da3677211f883fb02ef32cebe9b29751eb7a871febf",
@ -120,6 +142,20 @@
], ],
"version": "==19.7.1" "version": "==19.7.1"
}, },
"html5lib": {
"hashes": [
"sha256:b8934484cf22f1db684c0fae27569a0db404d0208d20163fbf51cc537245d008",
"sha256:ee747c0ffd3028d2722061936b5c65ee4fe13c8e4613519b4447123fc4546298"
],
"version": "==0.999999999"
},
"idna": {
"hashes": [
"sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4",
"sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f"
],
"version": "==2.6"
},
"lxml": { "lxml": {
"hashes": [ "hashes": [
"sha256:7a8715539adb41c78129983ba69d852e0102a3f51d559eeb91dce1f6290c4ad0", "sha256:7a8715539adb41c78129983ba69d852e0102a3f51d559eeb91dce1f6290c4ad0",
@ -159,6 +195,12 @@
], ],
"version": "==2.3.4" "version": "==2.3.4"
}, },
"mf2py": {
"hashes": [
"sha256:021b675c0732bdbc3b8c153e1ee8e1f476c3d0ffc56a7908f9e9f90147c5fccd"
],
"version": "==1.0.5"
},
"olefile": { "olefile": {
"hashes": [ "hashes": [
"sha256:61f2ca0cd0aa77279eb943c07f607438edf374096b66332fae1ee64a6f0f73ad" "sha256:61f2ca0cd0aa77279eb943c07f607438edf374096b66332fae1ee64a6f0f73ad"
@ -300,6 +342,13 @@
], ],
"version": "==2.10.6" "version": "==2.10.6"
}, },
"requests": {
"hashes": [
"sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
"sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
],
"version": "==2.18.4"
},
"rjsmin": { "rjsmin": {
"hashes": [ "hashes": [
"sha256:dd9591aa73500b08b7db24367f8d32c6470021f39d5ab4e50c7c02e4401386f1" "sha256:dd9591aa73500b08b7db24367f8d32c6470021f39d5ab4e50c7c02e4401386f1"
@ -319,6 +368,20 @@
"sha256:280a6ab88e1f2eb5af79edff450021a0d3f0448952847cd79677e55e58bad051" "sha256:280a6ab88e1f2eb5af79edff450021a0d3f0448952847cd79677e55e58bad051"
], ],
"version": "==0.4.21" "version": "==0.4.21"
},
"urllib3": {
"hashes": [
"sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
"sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
],
"version": "==1.22"
},
"webencodings": {
"hashes": [
"sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78",
"sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923"
],
"version": "==0.5.1"
} }
}, },
"develop": {} "develop": {}

View file

@ -0,0 +1,24 @@
{% extends 'lemoncurry/layout.html' %}
{% block main %}
<div class="container">
<form class="card" method="post" action="{% url 'lemonauth:indie' %}">
<h4 class="card-header">
<a href="{{ params.client_id }}">{{ params.client_id }}</a>
</h4>
<div class="card-body">
<p class="card-text">do you want to confirm your identity, <a href="{{ params.me }}">{{ params.me }}</a>, with this app?</p>
</div>
<div class="card-footer">
<p class="card-text">you can't actually auth yet but this button is how you will do it</p>
<button class="btn btn-success" type="button">
<i class="fa fa-check"></i>
approve
</button>
</div>
{% csrf_token %}
</form>
</div>
{% endblock %}

View file

@ -5,4 +5,5 @@ app_name = 'lemonauth'
urlpatterns = [ urlpatterns = [
url('^login$', views.login, name='login'), url('^login$', views.login, name='login'),
url('^logout$', views.logout, name='logout'), url('^logout$', views.logout, name='logout'),
url('^indie$', views.IndieView.as_view(), name='indie'),
] ]

View file

@ -1,2 +1,3 @@
from .login import login from .login import login
from .logout import logout from .logout import logout
from .indie import IndieView

53
lemonauth/views/indie.py Normal file
View file

@ -0,0 +1,53 @@
import mf2py
from django.contrib.auth.decorators import login_required
from django.http import HttpResponseForbidden, HttpResponseBadRequest
from django.shortcuts import render
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView
from lemoncurry import breadcrumbs
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
class IndieView(TemplateView):
template_name = 'lemonauth/indie.html'
required_params = ('me', 'client_id', 'redirect_uri')
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super(IndieView, self).dispatch(*args, **kwargs)
def get(self, request):
params = request.GET
for param in self.required_params:
if param not in params:
return HttpResponseBadRequest(
'parameter {0} is required'.format(param),
content_type='text/plain',
)
me = params['me']
user = '{0}://{1}{2}'.format(
request.scheme,
request.META['HTTP_HOST'],
request.user.url
)
if me != user:
return HttpResponseForbidden(
'you are logged in but not as {0}'.format(me),
content_type='text/plain',
)
client = mf2py.parse(url=params['client_id'])
rels = client['rel-urls'].get(params['redirect_uri'], {}).get('rels', ())
if 'redirect_uri' not in rels:
return HttpResponseBadRequest(
'your redirect_uri is not published on your client_id page',
content_type='text/plain'
)
return render(request, self.template_name, {
'params': params,
'title': 'indieauth',
})

View file

@ -11,6 +11,7 @@
{% include 'meta/meta.html' %} {% include 'meta/meta.html' %}
{% placeFavicon %} {% placeFavicon %}
<link rel="authorization_endpoint" href="{% url 'lemonauth:indie' %}" />
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/css/bootstrap.min.css" <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/css/bootstrap.min.css"
integrity="sha384-PsH8R72JQ3SOdhVi3uxftmaW6Vc51MKb0q5P2rRUpPvrszuE4W1povHYgTpBfshb" crossorigin="anonymous" /> integrity="sha384-PsH8R72JQ3SOdhVi3uxftmaW6Vc51MKb0q5P2rRUpPvrszuE4W1povHYgTpBfshb" crossorigin="anonymous" />
{% compress css %} {% compress css %}