Commit 8e9d22a8 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

pithos: Retain query parameters during view authorization code grant.

Include view query parameters in the Redirection Endpoint
parent 1f27676a
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
from functools import wraps from functools import wraps
from datetime import datetime from datetime import datetime
from urllib import quote, unquote, urlencode from urllib import quote, unquote, urlencode
from urlparse import urlunsplit, urlsplit, parse_qsl
from django.http import (HttpResponse, Http404, HttpResponseRedirect, from django.http import (HttpResponse, Http404, HttpResponseRedirect,
HttpResponseNotAllowed) HttpResponseNotAllowed)
...@@ -1196,12 +1197,13 @@ def view_method(): ...@@ -1196,12 +1197,13 @@ def view_method():
client_id, client_secret = OAUTH2_CLIENT_CREDENTIALS client_id, client_secret = OAUTH2_CLIENT_CREDENTIALS
# TODO: check if client credentials are not set # TODO: check if client credentials are not set
authorization_code = request.GET.get('code') authorization_code = request.GET.get('code')
redirect_uri = unquote(request.build_absolute_uri(
request.get_full_path()))
if authorization_code is None: if authorization_code is None:
# request authorization code # request authorization code
params = {'response_type': 'code', params = {'response_type': 'code',
'client_id': client_id, 'client_id': client_id,
'redirect_uri': 'redirect_uri': redirect_uri,
request.build_absolute_uri(request.path),
'state': '', # TODO include state for security 'state': '', # TODO include state for security
'scope': requested_resource} 'scope': requested_resource}
return HttpResponseRedirect('%s?%s' % return HttpResponseRedirect('%s?%s' %
...@@ -1210,15 +1212,23 @@ def view_method(): ...@@ -1210,15 +1212,23 @@ def view_method():
urlencode(params))) urlencode(params)))
else: else:
# request short-term access token # request short-term access token
redirect_uri = request.build_absolute_uri(request.path) parts = list(urlsplit(redirect_uri))
params = dict(parse_qsl(parts[3], keep_blank_values=True))
if 'code' in params: # always True
del params['code']
if 'state' in params:
del params['state']
parts[3] = urlencode(params)
redirect_uri = urlunsplit(parts)
data = astakos.get_token('authorization_code', data = astakos.get_token('authorization_code',
*OAUTH2_CLIENT_CREDENTIALS, *OAUTH2_CLIENT_CREDENTIALS,
redirect_uri=redirect_uri, redirect_uri=redirect_uri,
scope=requested_resource, scope=requested_resource,
code=authorization_code) code=authorization_code)
params = {'access_token': data.get('access_token', '')} params['access_token'] = data.get('access_token', '')
return HttpResponseRedirect('%s?%s' % (redirect_uri, parts[3] = urlencode(params)
urlencode(params))) redirect_uri = urlunsplit(parts)
return HttpResponseRedirect(redirect_uri)
except AstakosClientException, err: except AstakosClientException, err:
logger.exception(err) logger.exception(err)
raise PermissionDenied raise PermissionDenied
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment