Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not

This commit is contained in:
Danielle McLean 2017-10-27 22:03:25 +11:00
parent 5690e4bfab
commit e2e21f4afa
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5

View file

@ -5,7 +5,8 @@ from django.http import HttpResponseForbidden, HttpResponseBadRequest
from django.shortcuts import render from django.shortcuts import render
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.views.generic import TemplateView from django.views.generic import TemplateView
from lemoncurry import breadcrumbs from lemoncurry import breadcrumbs, utils
from urllib.parse import urljoin
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index') breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
@ -25,12 +26,12 @@ class IndieView(TemplateView):
) )
me = params['me'] me = params['me']
user = '{0}://{1}{2}'.format( if me[-1] == '/':
request.scheme, me = me[:-1]
request.META['HTTP_HOST'],
request.user.url origin = utils.origin(request)
) user = urljoin(origin, request.user.url)
if me != user: if user not in (me, me + '/'):
return HttpResponseForbidden( return HttpResponseForbidden(
'you are logged in but not as {0}'.format(me), 'you are logged in but not as {0}'.format(me),
content_type='text/plain', content_type='text/plain',