Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho)

This commit is contained in:
Danielle McLean 2017-10-29 17:07:36 +11:00
parent 8b4a14ffa3
commit acce72e90e
Signed by untrusted user: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
4 changed files with 47 additions and 1 deletions

View file

@ -30,6 +30,7 @@ django-push = "*"
pyyaml = "*"
django-annoying = "*"
django-shorturls = "*"
accept-types = "*"
[dev-packages]

8
Pipfile.lock generated
View file

@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "3f9a75dcd0609cd38fc01d23b8f2e198e494f5ab7120e5bb8af08b909a16ea52"
"sha256": "c9835b77b96ade2202ff84521a2cda6a3c04679d448cc434a49f3ce07d6befcf"
},
"host-environment-markers": {
"implementation_name": "cpython",
@ -27,6 +27,12 @@
]
},
"default": {
"accept-types": {
"hashes": [
"sha256:9ae86512bf3a3eaad6a2793617a34eb15b384593e6c28697bef9b15ac237017a"
],
"version": "==0.3.0"
},
"beautifulsoup4": {
"hashes": [
"sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11",

View file

@ -3,9 +3,11 @@ import mf2py
from annoying.decorators import render_to
from django.contrib.auth.decorators import login_required
from django.http import HttpResponseForbidden, HttpResponseBadRequest
from django.http import JsonResponse
from django.shortcuts import redirect
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_POST
from lemoncurry import breadcrumbs, utils
from urllib.parse import urlencode, urljoin, urlunparse, urlparse
@ -26,6 +28,7 @@ def canonical(url):
return urlunparse((scheme, loc, path, params, q, fragment))
@method_decorator(csrf_exempt, name='dispatch')
class IndieView(TemplateView):
template_name = 'lemonauth/indie.html'
required_params = ('me', 'client_id', 'redirect_uri')
@ -68,6 +71,25 @@ class IndieView(TemplateView):
return {'app': app, 'me': me, 'params': params, 'title': 'indieauth'}
def post(self, request):
post = request.POST.dict()
try:
code = IndieAuthCode.objects.get(
code=post['code'],
client_id=post['client_id'],
redirect_uri=post['redirect_uri']
)
except IndieAuthCode.DoesNotExist:
return HttpResponseForbidden(
'invalid auth code {0}'.format(post['code']),
content_type='text/plain'
)
code.delete()
return utils.choose_type(request, {'me': code.me}, {
'application/json': JsonResponse,
'application/x-www-form-urlencoded': utils.form_encoded_response,
})
@login_required
@require_POST

View file

@ -1,7 +1,10 @@
import json
from accept_types import get_best_match
from django.conf import settings
from django.http import HttpResponse
from os.path import join
from types import SimpleNamespace
from urllib.parse import urlencode
cache = SimpleNamespace(package_json=None)
@ -20,3 +23,17 @@ def origin(request):
def uri(request):
return origin(request) + request.path
def choose_type(request, content, reps):
type = get_best_match(request.META.get('HTTP_ACCEPT'), reps.keys())
if type:
return reps[type](content)
return HttpResponse(status=406)
def form_encoded_response(content):
return HttpResponse(
urlencode(content),
content_type='application/x-www-form-urlencoded'
)