diff options
author | Michael Manfre | 2022-12-13 22:03:06 -0500 |
---|---|---|
committer | Andrew Godwin | 2022-12-13 20:47:27 -0700 |
commit | 3404b155de0c804fd957fd23ded4e241fe885288 (patch) | |
tree | 795e242133dbd13b6b3fb9c462f2adf6059ec732 | |
parent | 5bc9ff39ac4f4a4b0d43066bce9cfde0397f3388 (diff) | |
download | takahe-3404b155de0c804fd957fd23ded4e241fe885288.tar.gz takahe-3404b155de0c804fd957fd23ded4e241fe885288.tar.bz2 takahe-3404b155de0c804fd957fd23ded4e241fe885288.zip |
FormOrJsonParser api.views.oauth
-rw-r--r-- | api/views/oauth.py | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/api/views/oauth.py b/api/views/oauth.py index b97ce5a..6be573f 100644 --- a/api/views/oauth.py +++ b/api/views/oauth.py @@ -8,6 +8,7 @@ from django.views.decorators.csrf import csrf_exempt from django.views.generic import TemplateView, View from api.models import Application, Token +from api.parser import FormOrJsonParser class OauthRedirect(HttpResponseRedirect): @@ -43,12 +44,13 @@ class AuthorizationView(LoginRequiredMixin, TemplateView): } def post(self, request): + post_data = FormOrJsonParser().parse_body(request) # Grab the application and other details again - redirect_uri = self.request.POST["redirect_uri"] - scope = self.request.POST["scope"] - application = Application.objects.get(client_id=self.request.POST["client_id"]) + redirect_uri = post_data["redirect_uri"] + scope = post_data["scope"] + application = Application.objects.get(client_id=post_data["client_id"]) # Get the identity - identity = self.request.user.identities.get(pk=self.request.POST["identity"]) + identity = self.request.user.identities.get(pk=post_data["identity"]) # Make a token token = Token.objects.create( application=application, @@ -65,18 +67,18 @@ class AuthorizationView(LoginRequiredMixin, TemplateView): @method_decorator(csrf_exempt, name="dispatch") class TokenView(View): def post(self, request): - grant_type = request.POST["grant_type"] + post_data = FormOrJsonParser().parse_body(request) + grant_type = post_data["grant_type"] + try: - application = Application.objects.get( - client_id=self.request.POST["client_id"] - ) + application = Application.objects.get(client_id=post_data["client_id"]) except (Application.DoesNotExist, KeyError): return JsonResponse({"error": "invalid_client_id"}, status=400) # TODO: Implement client credentials flow if grant_type == "client_credentials": return JsonResponse({"error": "invalid_grant_type"}, status=400) elif grant_type == "authorization_code": - code = request.POST["code"] + code = post_data["code"] # Retrieve the token by code # TODO: Check code expiry based on created date try: |