Skip to content

Feature/add list of urls without auth #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

Feature/add list of urls without auth #88

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c663aa1
Basic implementation
TomNaessens Dec 11, 2013
7e26c50
Hardcoded list
TomNaessens Dec 11, 2013
9a85a67
Moved the no-auth uris to the oauthsettings
TomNaessens Dec 11, 2013
e14ddb8
Removed test data
TomNaessens Dec 11, 2013
eabb347
Better settings integration for allowed uris
TomNaessens Dec 18, 2013
f2d027c
Lets be consistent
TomNaessens Dec 18, 2013
4c8cbe3
Added an extra check
TomNaessens Apr 6, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions oauth2_provider/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,10 @@
'OAUTH2_VALIDATOR_CLASS',
)

# List of callback urls that don't need to be authenticated
URIS_WITHOUT_AUTH = (
)


def perform_import(val, setting_name):
"""
Expand Down Expand Up @@ -90,11 +94,12 @@ class OAuth2ProviderSettings(object):
and return the class, rather than the string literal.
"""

def __init__(self, user_settings=None, defaults=None, import_strings=None, mandatory=None):
def __init__(self, user_settings=None, defaults=None, import_strings=None, mandatory=None, uris_without_auth=None):
self.user_settings = user_settings or {}
self.defaults = defaults or {}
self.import_strings = import_strings or ()
self.mandatory = mandatory or ()
self.uris_without_auth = uris_without_auth or ()

def __getattr__(self, attr):
if attr not in self.defaults.keys():
Expand Down Expand Up @@ -126,4 +131,4 @@ def validate_setting(self, attr, val):
raise AttributeError("OAuth2Provider setting: '%s' is mandatory" % attr)


oauth2_settings = OAuth2ProviderSettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS, MANDATORY)
oauth2_settings = OAuth2ProviderSettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS, MANDATORY, URIS_WITHOUT_AUTH)
9 changes: 9 additions & 0 deletions oauth2_provider/views/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,15 @@ def form_valid(self, form):
def get(self, request, *args, **kwargs):
try:
scopes, credentials = self.validate_authorization_request(request)

# If the callback URI does not require authorization; immediately return a response
if request.GET['redirect_uri'] in oauth2_settings.uris_without_auth:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change this to if 'redirect_uri' in request.GET and request.GET['redirect_uri'] in oauth2_settings.uris_without_auth:

uri, headers, body, status = self.create_authorization_response(
request=self.request, scopes=" ".join(scopes),
credentials=credentials, allow=True)
self.success_url = uri
return HttpResponseRedirect(self.success_url)

kwargs['scopes_descriptions'] = [oauth2_settings.SCOPES[scope] for scope in scopes]
kwargs['scopes'] = scopes
# at this point we know an Application instance with such client_id exists in the database
Expand Down