forked from 00dani/lemoncurry
48 lines
1.5 KiB
Python
48 lines
1.5 KiB
Python
from django.views import View
|
|
from django.utils.decorators import method_decorator
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
|
from .. import tokens
|
|
from ..models import IndieAuthCode
|
|
from lemoncurry import utils
|
|
|
|
|
|
@method_decorator(csrf_exempt, name="dispatch")
|
|
class TokenView(View):
|
|
def get(self, req):
|
|
token = tokens.auth(req)
|
|
res = {
|
|
"me": token.me,
|
|
"client_id": token.client_id,
|
|
"scope": token.scope,
|
|
}
|
|
return utils.choose_type(req, res)
|
|
|
|
def post(self, req):
|
|
post = req.POST
|
|
try:
|
|
code = IndieAuthCode.objects.get(pk=post.get("code"))
|
|
except IndieAuthCode.DoesNotExist:
|
|
return utils.forbid("invalid auth code")
|
|
code.delete()
|
|
if code.expired:
|
|
return utils.forbid("invalid auth code")
|
|
|
|
if code.response_type != "code":
|
|
return utils.bad_req("this endpoint only supports response_type=code")
|
|
if "client_id" in post and code.client_id != post["client_id"]:
|
|
return utils.forbid("client id did not match")
|
|
if code.redirect_uri != post.get("redirect_uri"):
|
|
return utils.forbid("redirect uri did not match")
|
|
|
|
if "me" in post and code.me != post["me"]:
|
|
return utils.forbid("me did not match")
|
|
|
|
return utils.choose_type(
|
|
req,
|
|
{
|
|
"access_token": tokens.gen_token(code),
|
|
"me": code.me,
|
|
"scope": code.scope,
|
|
},
|
|
)
|