BenLubar/lemoncurry
1
0
Fork 0
forked from 00dani/lemoncurry
Code Issues Pull requests Releases Wiki Activity

Put the shortcuts for returning 40* responses into lemoncurry.utils

Browse source
This commit is contained in:
Danielle McLean 2017-11-02 16:16:04 +11:00
parent 1e56d5a09a
commit 41d490ea80
Signed by untrusted user: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
2 changed files with 23 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
lemonauth/views/indie.py
View file

@ -2,7 +2,6 @@ import mf2py
from annoying.decorators import render_to from annoying.decorators import render_to
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.http import HttpResponseForbidden, HttpResponseBadRequest
from django.http import JsonResponse from django.http import JsonResponse
from django.shortcuts import redirect from django.shortcuts import redirect
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
@ -17,14 +16,6 @@ from ..models import IndieAuthCode
breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index') breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
def bad_req(message):
return HttpResponseBadRequest(message, content_type='text/plain')
def forbid(message):
return HttpResponseForbidden(message, content_type='text/plain')
def canonical(url): def canonical(url):
(scheme, loc, path, params, q, fragment) = urlparse(url) (scheme, loc, path, params, q, fragment) = urlparse(url)
if not path: if not path:
@ -49,32 +40,28 @@ class IndieView(TemplateView):
for param in self.required_params: for param in self.required_params:
if param not in params: if param not in params:
return HttpResponseBadRequest( return utils.bad_req(
'parameter {0} is required'.format(param), 'parameter {0} is required'.format(param)
content_type='text/plain',
) )
me = canonical(params['me']) me = canonical(params['me'])
user = urljoin(utils.origin(request), request.user.url) user = urljoin(utils.origin(request), request.user.url)
if user != me: if user != me:
return HttpResponseForbidden( return utils.forbid(
'you are logged in but not as {0}'.format(me), 'you are logged in but not as {0}'.format(me)
content_type='text/plain',
) )
type = params['response_type'] type = params['response_type']
if type not in ('id', 'code'): if type not in ('id', 'code'):
return HttpResponseBadRequest( return utils.bad_req(
'unknown response_type: {0}'.format(type), 'unknown response_type: {0}'.format(type)
content_type='text/plain'
) )
scopes = () scopes = ()
if type == 'code': if type == 'code':
if 'scope' not in params: if 'scope' not in params:
return HttpResponseBadRequest( return utils.bad_req(
'scopes required for code type', 'scopes required for code type'
content_type='text/plain',
) )
scopes = params['scope'].split(' ') scopes = params['scope'].split(' ')
@ -103,7 +90,7 @@ class IndieView(TemplateView):
try: try:
code = IndieAuthCode.objects.get(code=post.get('code')) code = IndieAuthCode.objects.get(code=post.get('code'))
except IndieAuthCode.DoesNotExist: except IndieAuthCode.DoesNotExist:
return forbid('invalid auth code') return utils.forbid('invalid auth code')
# We always delete the code immediately to ensure it's only single-use. # We always delete the code immediately to ensure it's only single-use.
# If you pass the right code but the wrong other info, bad luck, you # If you pass the right code but the wrong other info, bad luck, you
@ -113,11 +100,13 @@ class IndieView(TemplateView):
# After deleting the code from the DB, we verify the other parameters # After deleting the code from the DB, we verify the other parameters
# of the request. # of the request.
if code.response_type != 'id': if code.response_type != 'id':
return bad_req('this endpoint only supports response_type=id') return utils.bad_req(
'this endpoint only supports response_type=id'
)
if post.get('client_id') != code.client_id: if post.get('client_id') != code.client_id:
return forbid('client id did not match') return utils.forbid('client id did not match')
if post.get('redirect_uri') != code.redirect_uri: if post.get('redirect_uri') != code.redirect_uri:
return forbid('redirect uri did not match') return utils.forbid('redirect uri did not match')
# If we got here, it's valid! Yay! # If we got here, it's valid! Yay!
return utils.choose_type(request, {'me': code.me}, { return utils.choose_type(request, {'me': code.me}, {

9
lemoncurry/utils.py
View file

@ -2,6 +2,7 @@ import json
from accept_types import get_best_match from accept_types import get_best_match
from django.conf import settings from django.conf import settings
from django.http import HttpResponse from django.http import HttpResponse
from django.http import HttpResponseForbidden, HttpResponseBadRequest
from os.path import join from os.path import join
from shorturls import default_converter as converter from shorturls import default_converter as converter
from shorturls.templatetags.shorturl import ShortURL from shorturls.templatetags.shorturl import ShortURL
@ -48,3 +49,11 @@ def shortlink(obj):
if hasattr(settings, 'SHORT_BASE_URL') and settings.SHORT_BASE_URL: if hasattr(settings, 'SHORT_BASE_URL') and settings.SHORT_BASE_URL:
return urljoin(settings.SHORT_BASE_URL, prefix + tinyid) return urljoin(settings.SHORT_BASE_URL, prefix + tinyid)
return '/' + prefix + tinyid return '/' + prefix + tinyid
def bad_req(message):
return HttpResponseBadRequest(message, content_type='text/plain')
def forbid(message):
return HttpResponseForbidden(message, content_type='text/plain')