Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho)

2017-10-29 17:07:36 +11:00 · 2017-10-29 17:07:36 +11:00 · acce72e90e
commit acce72e90e
parent 8b4a14ffa3
4 changed files with 47 additions and 1 deletions
--- a/1
+++ b/1
@ -30,6 +30,7 @@ django-push = "*"
 pyyaml = "*"
 django-annoying = "*"
 django-shorturls = "*"
+accept-types = "*"


 [dev-packages]
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "3f9a75dcd0609cd38fc01d23b8f2e198e494f5ab7120e5bb8af08b909a16ea52"
+            "sha256": "c9835b77b96ade2202ff84521a2cda6a3c04679d448cc434a49f3ce07d6befcf"
        },
        "host-environment-markers": {
            "implementation_name": "cpython",
@ -27,6 +27,12 @@
        ]
    },
    "default": {
+        "accept-types": {
+            "hashes": [
+                "sha256:9ae86512bf3a3eaad6a2793617a34eb15b384593e6c28697bef9b15ac237017a"
+            ],
+            "version": "==0.3.0"
+        },
        "beautifulsoup4": {
            "hashes": [
                "sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11",
--- a/lemonauth/views/indie.py
+++ b/lemonauth/views/indie.py
@ -3,9 +3,11 @@ import mf2py
 from annoying.decorators import render_to
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponseForbidden, HttpResponseBadRequest
+from django.http import JsonResponse
 from django.shortcuts import redirect
 from django.utils.decorators import method_decorator
 from django.views.generic import TemplateView
+from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
 from lemoncurry import breadcrumbs, utils
 from urllib.parse import urlencode, urljoin, urlunparse, urlparse
@ -26,6 +28,7 @@ def canonical(url):
    return urlunparse((scheme, loc, path, params, q, fragment))


+@method_decorator(csrf_exempt, name='dispatch')
 class IndieView(TemplateView):
    template_name = 'lemonauth/indie.html'
    required_params = ('me', 'client_id', 'redirect_uri')
@ -68,6 +71,25 @@ class IndieView(TemplateView):

        return {'app': app, 'me': me, 'params': params, 'title': 'indieauth'}

+    def post(self, request):
+        post = request.POST.dict()
+        try:
+            code = IndieAuthCode.objects.get(
+                code=post['code'],
+                client_id=post['client_id'],
+                redirect_uri=post['redirect_uri']
+            )
+        except IndieAuthCode.DoesNotExist:
+            return HttpResponseForbidden(
+                'invalid auth code {0}'.format(post['code']),
+                content_type='text/plain'
+            )
+        code.delete()
+        return utils.choose_type(request, {'me': code.me}, {
+            'application/json': JsonResponse,
+            'application/x-www-form-urlencoded': utils.form_encoded_response,
+        })
+

@login_required
@require_POST
--- a/lemoncurry/utils.py
+++ b/lemoncurry/utils.py
@ -1,7 +1,10 @@
 import json
+from accept_types import get_best_match
 from django.conf import settings
+from django.http import HttpResponse
 from os.path import join
 from types import SimpleNamespace
+from urllib.parse import urlencode

 cache = SimpleNamespace(package_json=None)

@ -20,3 +23,17 @@ def origin(request):

 def uri(request):
    return origin(request) + request.path
+
+
+def choose_type(request, content, reps):
+    type = get_best_match(request.META.get('HTTP_ACCEPT'), reps.keys())
+    if type:
+        return reps[type](content)
+    return HttpResponse(status=406)
+
+
+def form_encoded_response(content):
+    return HttpResponse(
+        urlencode(content),
+        content_type='application/x-www-form-urlencoded'
+    )