diff options
| author | Michael Manfre | 2022-12-13 22:03:06 -0500 | 
|---|---|---|
| committer | Andrew Godwin | 2022-12-13 20:47:27 -0700 | 
| commit | 3404b155de0c804fd957fd23ded4e241fe885288 (patch) | |
| tree | 795e242133dbd13b6b3fb9c462f2adf6059ec732 /api | |
| parent | 5bc9ff39ac4f4a4b0d43066bce9cfde0397f3388 (diff) | |
| download | takahe-3404b155de0c804fd957fd23ded4e241fe885288.tar.gz takahe-3404b155de0c804fd957fd23ded4e241fe885288.tar.bz2 takahe-3404b155de0c804fd957fd23ded4e241fe885288.zip | |
FormOrJsonParser api.views.oauth
Diffstat (limited to 'api')
| -rw-r--r-- | api/views/oauth.py | 20 | 
1 files changed, 11 insertions, 9 deletions
| diff --git a/api/views/oauth.py b/api/views/oauth.py index b97ce5a..6be573f 100644 --- a/api/views/oauth.py +++ b/api/views/oauth.py @@ -8,6 +8,7 @@ from django.views.decorators.csrf import csrf_exempt  from django.views.generic import TemplateView, View  from api.models import Application, Token +from api.parser import FormOrJsonParser  class OauthRedirect(HttpResponseRedirect): @@ -43,12 +44,13 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):          }      def post(self, request): +        post_data = FormOrJsonParser().parse_body(request)          # Grab the application and other details again -        redirect_uri = self.request.POST["redirect_uri"] -        scope = self.request.POST["scope"] -        application = Application.objects.get(client_id=self.request.POST["client_id"]) +        redirect_uri = post_data["redirect_uri"] +        scope = post_data["scope"] +        application = Application.objects.get(client_id=post_data["client_id"])          # Get the identity -        identity = self.request.user.identities.get(pk=self.request.POST["identity"]) +        identity = self.request.user.identities.get(pk=post_data["identity"])          # Make a token          token = Token.objects.create(              application=application, @@ -65,18 +67,18 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):  @method_decorator(csrf_exempt, name="dispatch")  class TokenView(View):      def post(self, request): -        grant_type = request.POST["grant_type"] +        post_data = FormOrJsonParser().parse_body(request) +        grant_type = post_data["grant_type"] +          try: -            application = Application.objects.get( -                client_id=self.request.POST["client_id"] -            ) +            application = Application.objects.get(client_id=post_data["client_id"])          except (Application.DoesNotExist, KeyError):              return JsonResponse({"error": "invalid_client_id"}, status=400)          # TODO: Implement client credentials flow          if grant_type == "client_credentials":              return JsonResponse({"error": "invalid_grant_type"}, status=400)          elif grant_type == "authorization_code": -            code = request.POST["code"] +            code = post_data["code"]              # Retrieve the token by code              # TODO: Check code expiry based on created date              try: | 
