forked from 00dani/lemoncurry
47 lines
1.5 KiB
Python
47 lines
1.5 KiB
Python
from django.views import View
|
|
from django.utils.decorators import method_decorator
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
|
from .. import tokens
|
|
from ..models import IndieAuthCode
|
|
from lemoncurry import utils
|
|
|
|
|
|
@method_decorator(csrf_exempt, name='dispatch')
|
|
class TokenView(View):
|
|
def get(self, req):
|
|
token = tokens.auth(req)
|
|
res = {
|
|
'me': token.me,
|
|
'client_id': token.client_id,
|
|
'scope': token.scope,
|
|
}
|
|
return utils.choose_type(req, res)
|
|
|
|
def post(self, req):
|
|
post = req.POST
|
|
try:
|
|
code = IndieAuthCode.objects.get(pk=post.get('code'))
|
|
except IndieAuthCode.DoesNotExist:
|
|
return utils.forbid('invalid auth code')
|
|
code.delete()
|
|
if code.expired:
|
|
return utils.forbid('invalid auth code')
|
|
|
|
if code.response_type != 'code':
|
|
return utils.bad_req(
|
|
'this endpoint only supports response_type=code'
|
|
)
|
|
if 'client_id' in post and code.client_id != post['client_id']:
|
|
return utils.forbid('client id did not match')
|
|
if code.redirect_uri != post.get('redirect_uri'):
|
|
return utils.forbid('redirect uri did not match')
|
|
|
|
if 'me' in post and code.me != post['me']:
|
|
return utils.forbid('me did not match')
|
|
|
|
return utils.choose_type(req, {
|
|
'access_token': tokens.gen_token(code),
|
|
'me': code.me,
|
|
'scope': code.scope,
|
|
})
|