Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant
This commit is contained in:
parent
43a56e865e
commit
ab810a8f94
2 changed files with 18 additions and 15 deletions
|
@ -13,25 +13,18 @@ def decode(token):
|
||||||
|
|
||||||
|
|
||||||
def gen_auth_code(req):
|
def gen_auth_code(req):
|
||||||
post = req.POST
|
|
||||||
params = {'me': post['me']}
|
|
||||||
if 'state' in post:
|
|
||||||
params['state'] = post['state']
|
|
||||||
|
|
||||||
code = {
|
code = {
|
||||||
'me': post['me'],
|
|
||||||
'uid': req.user.id,
|
'uid': req.user.id,
|
||||||
'cid': post['client_id'],
|
'cid': req.POST['client_id'],
|
||||||
'uri': post['redirect_uri'],
|
'uri': req.POST['redirect_uri'],
|
||||||
'typ': post.get('response_type', 'id'),
|
'typ': req.POST.get('response_type', 'id'),
|
||||||
'iat': datetime.utcnow(),
|
'iat': datetime.utcnow(),
|
||||||
'exp': datetime.utcnow() + timedelta(seconds=30),
|
'exp': datetime.utcnow() + timedelta(seconds=30),
|
||||||
}
|
}
|
||||||
if 'scope' in post:
|
if 'scope' in req.POST:
|
||||||
code['sco'] = ' '.join(post.getlist('scope'))
|
code['sco'] = ' '.join(req.POST.getlist('scope'))
|
||||||
|
|
||||||
params['code'] = encode(code)
|
return encode(code)
|
||||||
return (post['redirect_uri'], params)
|
|
||||||
|
|
||||||
|
|
||||||
def verify_auth_code(c):
|
def verify_auth_code(c):
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import mf2py
|
import mf2py
|
||||||
|
|
||||||
from annoying.decorators import render_to
|
from annoying.decorators import render_to
|
||||||
|
from django.contrib.auth import get_user_model
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.http import JsonResponse
|
from django.http import JsonResponse
|
||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
|
@ -106,8 +107,10 @@ class IndieView(TemplateView):
|
||||||
if code['uri'] != post.get('redirect_uri'):
|
if code['uri'] != post.get('redirect_uri'):
|
||||||
return utils.forbid('redirect uri did not match')
|
return utils.forbid('redirect uri did not match')
|
||||||
|
|
||||||
|
user = get_user_model().get(pk=code['uid'])
|
||||||
|
me = urljoin(utils.origin(request), user.url)
|
||||||
# If we got here, it's valid! Yay!
|
# If we got here, it's valid! Yay!
|
||||||
return utils.choose_type(request, {'me': code['me']}, {
|
return utils.choose_type(request, {'me': me}, {
|
||||||
'application/x-www-form-urlencoded': utils.form_encoded_response,
|
'application/x-www-form-urlencoded': utils.form_encoded_response,
|
||||||
'application/json': JsonResponse,
|
'application/json': JsonResponse,
|
||||||
})
|
})
|
||||||
|
@ -116,6 +119,13 @@ class IndieView(TemplateView):
|
||||||
@login_required
|
@login_required
|
||||||
@require_POST
|
@require_POST
|
||||||
def approve(request):
|
def approve(request):
|
||||||
uri, params = tokens.gen_auth_code(request)
|
params = {
|
||||||
|
'me': urljoin(utils.origin(request), request.user.url),
|
||||||
|
'code': tokens.gen_auth_code(request),
|
||||||
|
}
|
||||||
|
if 'state' in request.POST:
|
||||||
|
params['state'] = request.POST['state']
|
||||||
|
|
||||||
|
uri = request.POST['redirect_uri']
|
||||||
sep = '&' if '?' in uri else '?'
|
sep = '&' if '?' in uri else '?'
|
||||||
return redirect(uri + sep + urlencode(params))
|
return redirect(uri + sep + urlencode(params))
|
||||||
|
|
Loading…
Reference in a new issue