mirrors/takahe
1
1
Fork 0
mirror of https://github.com/jointakahe/takahe.git synced 2024-11-29 02:31:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

Ensure OAuth views are provided expected inputs (#246)

Browse source 
Thanks for the report Jochen!
This commit is contained in:
Michael Manfre 2022-12-23 23:17:13 -05:00 committed by GitHub
parent fd87a7cf08
commit c969ffc0d6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
api/views/oauth.py
View file

@ -79,7 +79,13 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):
class TokenView(View): class TokenView(View):
def post(self, request): def post(self, request):
post_data = FormOrJsonParser().parse_body(request) post_data = FormOrJsonParser().parse_body(request)
grant_type = post_data["grant_type"]
grant_type = post_data.get("grant_type")
if grant_type not in (
"authorization_code",
"client_credentials",
):
return JsonResponse({"error": "invalid_grant_type"}, status=400)
try: try:
application = Application.objects.get(client_id=post_data["client_id"]) application = Application.objects.get(client_id=post_data["client_id"])
@ -89,7 +95,9 @@ class TokenView(View):
if grant_type == "client_credentials": if grant_type == "client_credentials":
return JsonResponse({"error": "invalid_grant_type"}, status=400) return JsonResponse({"error": "invalid_grant_type"}, status=400)
elif grant_type == "authorization_code": elif grant_type == "authorization_code":
code = post_data["code"] code = post_data.get("code")
if not code:
return JsonResponse({"error": "invalid_code"}, status=400)
# Retrieve the token by code # Retrieve the token by code
# TODO: Check code expiry based on created date # TODO: Check code expiry based on created date
try: try: