From acce72e90e52226d2a92435c0c5e13d461b4ed02 Mon Sep 17 00:00:00 2001 From: Danielle McLean Date: Sun, 29 Oct 2017 17:07:36 +1100 Subject: [PATCH] Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho) --- Pipfile | 1 + Pipfile.lock | 8 +++++++- lemonauth/views/indie.py | 22 ++++++++++++++++++++++ lemoncurry/utils.py | 17 +++++++++++++++++ 4 files changed, 47 insertions(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 0981ea0..331f775 100644 --- a/Pipfile +++ b/Pipfile @@ -30,6 +30,7 @@ django-push = "*" pyyaml = "*" django-annoying = "*" django-shorturls = "*" +accept-types = "*" [dev-packages] diff --git a/Pipfile.lock b/Pipfile.lock index bc1d7db..2dc8003 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "3f9a75dcd0609cd38fc01d23b8f2e198e494f5ab7120e5bb8af08b909a16ea52" + "sha256": "c9835b77b96ade2202ff84521a2cda6a3c04679d448cc434a49f3ce07d6befcf" }, "host-environment-markers": { "implementation_name": "cpython", @@ -27,6 +27,12 @@ ] }, "default": { + "accept-types": { + "hashes": [ + "sha256:9ae86512bf3a3eaad6a2793617a34eb15b384593e6c28697bef9b15ac237017a" + ], + "version": "==0.3.0" + }, "beautifulsoup4": { "hashes": [ "sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11", diff --git a/lemonauth/views/indie.py b/lemonauth/views/indie.py index d899a67..2dff96d 100644 --- a/lemonauth/views/indie.py +++ b/lemonauth/views/indie.py @@ -3,9 +3,11 @@ import mf2py from annoying.decorators import render_to from django.contrib.auth.decorators import login_required from django.http import HttpResponseForbidden, HttpResponseBadRequest +from django.http import JsonResponse from django.shortcuts import redirect from django.utils.decorators import method_decorator from django.views.generic import TemplateView +from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_POST from lemoncurry import breadcrumbs, utils from urllib.parse import urlencode, urljoin, urlunparse, urlparse @@ -26,6 +28,7 @@ def canonical(url): return urlunparse((scheme, loc, path, params, q, fragment)) +@method_decorator(csrf_exempt, name='dispatch') class IndieView(TemplateView): template_name = 'lemonauth/indie.html' required_params = ('me', 'client_id', 'redirect_uri') @@ -68,6 +71,25 @@ class IndieView(TemplateView): return {'app': app, 'me': me, 'params': params, 'title': 'indieauth'} + def post(self, request): + post = request.POST.dict() + try: + code = IndieAuthCode.objects.get( + code=post['code'], + client_id=post['client_id'], + redirect_uri=post['redirect_uri'] + ) + except IndieAuthCode.DoesNotExist: + return HttpResponseForbidden( + 'invalid auth code {0}'.format(post['code']), + content_type='text/plain' + ) + code.delete() + return utils.choose_type(request, {'me': code.me}, { + 'application/json': JsonResponse, + 'application/x-www-form-urlencoded': utils.form_encoded_response, + }) + @login_required @require_POST diff --git a/lemoncurry/utils.py b/lemoncurry/utils.py index 59a3d73..eb96b29 100644 --- a/lemoncurry/utils.py +++ b/lemoncurry/utils.py @@ -1,7 +1,10 @@ import json +from accept_types import get_best_match from django.conf import settings +from django.http import HttpResponse from os.path import join from types import SimpleNamespace +from urllib.parse import urlencode cache = SimpleNamespace(package_json=None) @@ -20,3 +23,17 @@ def origin(request): def uri(request): return origin(request) + request.path + + +def choose_type(request, content, reps): + type = get_best_match(request.META.get('HTTP_ACCEPT'), reps.keys()) + if type: + return reps[type](content) + return HttpResponse(status=406) + + +def form_encoded_response(content): + return HttpResponse( + urlencode(content), + content_type='application/x-www-form-urlencoded' + )