forked from 00dani/lemoncurry
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for
This commit is contained in:
parent
40810d6310
commit
43a56e865e
2 changed files with 7 additions and 8 deletions
|
@ -12,14 +12,16 @@ def decode(token):
|
|||
return jwt.decode(token, settings.SECRET_KEY, algorithms=('HS256',))
|
||||
|
||||
|
||||
def gen_auth_code(post):
|
||||
def gen_auth_code(req):
|
||||
post = req.POST
|
||||
params = {'me': post['me']}
|
||||
if 'state' in post:
|
||||
params['state'] = post['state']
|
||||
|
||||
code = {
|
||||
'me': post['me'],
|
||||
'id': post['client_id'],
|
||||
'uid': req.user.id,
|
||||
'cid': post['client_id'],
|
||||
'uri': post['redirect_uri'],
|
||||
'typ': post.get('response_type', 'id'),
|
||||
'iat': datetime.utcnow(),
|
||||
|
@ -29,7 +31,7 @@ def gen_auth_code(post):
|
|||
code['sco'] = ' '.join(post.getlist('scope'))
|
||||
|
||||
params['code'] = encode(code)
|
||||
return params
|
||||
return (post['redirect_uri'], params)
|
||||
|
||||
|
||||
def verify_auth_code(c):
|
||||
|
|
|
@ -101,7 +101,7 @@ class IndieView(TemplateView):
|
|||
return utils.bad_req(
|
||||
'this endpoint only supports response_type=id'
|
||||
)
|
||||
if code['id'] != post.get('client_id'):
|
||||
if code['cid'] != post.get('client_id'):
|
||||
return utils.forbid('client id did not match')
|
||||
if code['uri'] != post.get('redirect_uri'):
|
||||
return utils.forbid('redirect uri did not match')
|
||||
|
@ -116,9 +116,6 @@ class IndieView(TemplateView):
|
|||
@login_required
|
||||
@require_POST
|
||||
def approve(request):
|
||||
post = request.POST
|
||||
params = tokens.gen_auth_code(post)
|
||||
|
||||
uri = post['redirect_uri']
|
||||
uri, params = tokens.gen_auth_code(request)
|
||||
sep = '&' if '?' in uri else '?'
|
||||
return redirect(uri + sep + urlencode(params))
|
||||
|
|
Loading…
Reference in a new issue