FormOrJsonParser api.views.oauth

pull/163/head
Michael Manfre 2022-12-13 22:03:06 -05:00 zatwierdzone przez Andrew Godwin
rodzic 5bc9ff39ac
commit 3404b155de
1 zmienionych plików z 11 dodań i 9 usunięć

Wyświetl plik

@ -8,6 +8,7 @@ from django.views.decorators.csrf import csrf_exempt
from django.views.generic import TemplateView, View from django.views.generic import TemplateView, View
from api.models import Application, Token from api.models import Application, Token
from api.parser import FormOrJsonParser
class OauthRedirect(HttpResponseRedirect): class OauthRedirect(HttpResponseRedirect):
@ -43,12 +44,13 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):
} }
def post(self, request): def post(self, request):
post_data = FormOrJsonParser().parse_body(request)
# Grab the application and other details again # Grab the application and other details again
redirect_uri = self.request.POST["redirect_uri"] redirect_uri = post_data["redirect_uri"]
scope = self.request.POST["scope"] scope = post_data["scope"]
application = Application.objects.get(client_id=self.request.POST["client_id"]) application = Application.objects.get(client_id=post_data["client_id"])
# Get the identity # Get the identity
identity = self.request.user.identities.get(pk=self.request.POST["identity"]) identity = self.request.user.identities.get(pk=post_data["identity"])
# Make a token # Make a token
token = Token.objects.create( token = Token.objects.create(
application=application, application=application,
@ -65,18 +67,18 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):
@method_decorator(csrf_exempt, name="dispatch") @method_decorator(csrf_exempt, name="dispatch")
class TokenView(View): class TokenView(View):
def post(self, request): def post(self, request):
grant_type = request.POST["grant_type"] post_data = FormOrJsonParser().parse_body(request)
grant_type = post_data["grant_type"]
try: try:
application = Application.objects.get( application = Application.objects.get(client_id=post_data["client_id"])
client_id=self.request.POST["client_id"]
)
except (Application.DoesNotExist, KeyError): except (Application.DoesNotExist, KeyError):
return JsonResponse({"error": "invalid_client_id"}, status=400) return JsonResponse({"error": "invalid_client_id"}, status=400)
# TODO: Implement client credentials flow # TODO: Implement client credentials flow
if grant_type == "client_credentials": if grant_type == "client_credentials":
return JsonResponse({"error": "invalid_grant_type"}, status=400) return JsonResponse({"error": "invalid_grant_type"}, status=400)
elif grant_type == "authorization_code": elif grant_type == "authorization_code":
code = request.POST["code"] code = post_data["code"]
# Retrieve the token by code # Retrieve the token by code
# TODO: Check code expiry based on created date # TODO: Check code expiry based on created date
try: try: