Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not
This commit is contained in:
parent
5690e4bfab
commit
e2e21f4afa
1 changed files with 8 additions and 7 deletions
|
@ -5,7 +5,8 @@ from django.http import HttpResponseForbidden, HttpResponseBadRequest
|
||||||
from django.shortcuts import render
|
from django.shortcuts import render
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
from django.views.generic import TemplateView
|
from django.views.generic import TemplateView
|
||||||
from lemoncurry import breadcrumbs
|
from lemoncurry import breadcrumbs, utils
|
||||||
|
from urllib.parse import urljoin
|
||||||
|
|
||||||
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
|
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
|
||||||
|
|
||||||
|
@ -25,12 +26,12 @@ class IndieView(TemplateView):
|
||||||
)
|
)
|
||||||
|
|
||||||
me = params['me']
|
me = params['me']
|
||||||
user = '{0}://{1}{2}'.format(
|
if me[-1] == '/':
|
||||||
request.scheme,
|
me = me[:-1]
|
||||||
request.META['HTTP_HOST'],
|
|
||||||
request.user.url
|
origin = utils.origin(request)
|
||||||
)
|
user = urljoin(origin, request.user.url)
|
||||||
if me != user:
|
if user not in (me, me + '/'):
|
||||||
return HttpResponseForbidden(
|
return HttpResponseForbidden(
|
||||||
'you are logged in but not as {0}'.format(me),
|
'you are logged in but not as {0}'.format(me),
|
||||||
content_type='text/plain',
|
content_type='text/plain',
|
||||||
|
|
Loading…
Reference in a new issue