From 3404b155de0c804fd957fd23ded4e241fe885288 Mon Sep 17 00:00:00 2001 From: Michael Manfre Date: Tue, 13 Dec 2022 22:03:06 -0500 Subject: [PATCH] FormOrJsonParser api.views.oauth --- api/views/oauth.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/api/views/oauth.py b/api/views/oauth.py index b97ce5a..6be573f 100644 --- a/api/views/oauth.py +++ b/api/views/oauth.py @@ -8,6 +8,7 @@ from django.views.decorators.csrf import csrf_exempt from django.views.generic import TemplateView, View from api.models import Application, Token +from api.parser import FormOrJsonParser class OauthRedirect(HttpResponseRedirect): @@ -43,12 +44,13 @@ class AuthorizationView(LoginRequiredMixin, TemplateView): } def post(self, request): + post_data = FormOrJsonParser().parse_body(request) # Grab the application and other details again - redirect_uri = self.request.POST["redirect_uri"] - scope = self.request.POST["scope"] - application = Application.objects.get(client_id=self.request.POST["client_id"]) + redirect_uri = post_data["redirect_uri"] + scope = post_data["scope"] + application = Application.objects.get(client_id=post_data["client_id"]) # Get the identity - identity = self.request.user.identities.get(pk=self.request.POST["identity"]) + identity = self.request.user.identities.get(pk=post_data["identity"]) # Make a token token = Token.objects.create( application=application, @@ -65,18 +67,18 @@ class AuthorizationView(LoginRequiredMixin, TemplateView): @method_decorator(csrf_exempt, name="dispatch") class TokenView(View): def post(self, request): - grant_type = request.POST["grant_type"] + post_data = FormOrJsonParser().parse_body(request) + grant_type = post_data["grant_type"] + try: - application = Application.objects.get( - client_id=self.request.POST["client_id"] - ) + application = Application.objects.get(client_id=post_data["client_id"]) except (Application.DoesNotExist, KeyError): return JsonResponse({"error": "invalid_client_id"}, status=400) # TODO: Implement client credentials flow if grant_type == "client_credentials": return JsonResponse({"error": "invalid_grant_type"}, status=400) elif grant_type == "authorization_code": - code = request.POST["code"] + code = post_data["code"] # Retrieve the token by code # TODO: Check code expiry based on created date try: