Commits

Éric Araujo  committed 9e051c8

* Also strip out "code" when authorizing the app

  • Participants
  • Parent commits e35fbf0

Comments (0)

Files changed (2)

File pyramid_facebook/canvas.py

     """
     settings = request.registry.settings
     path = request.route_path('facebook_canvas_oauth')
+    query_string = request.GET.copy()
+    query_string.pop('code', None)
     redirect_uri = urllib.quote_plus("%s://apps.facebook.com%s?%s" % (
         request.scheme,
         path,
-        request.query_string,
+        urllib.urlencode(query_string),
         ))
     url = "%s/dialog/oauth/?client_id=%s&redirect_uri=%s&scope=%s" % (
         "https://www.facebook.com",

File pyramid_facebook/tests/unittests/test_canvas.py

 
         config.scan.assert_called_once_with(package='pyramid_facebook.canvas')
 
-
     def test_prompt_authorize(self):
         from pyramid_facebook.canvas import prompt_authorize
 
 
         request = mock.MagicMock()
         request.scheme = 'http'
-        request.query_string = 'fetchez=la%20vache'
+        request.GET = {'fetchez': 'la vache', 'code': '342435634blab'}
         request.route_path.return_value = '/facebook/oauth'
         request.registry.settings = settings
 
 
         expected = """200 OK
 Content-Type: text/html; charset=UTF-8
-Content-Length: 246
+Content-Length: 244
 
 <html>
   <body>
     <script>
-      window.top.location = "https://www.facebook.com/dialog/oauth/?client_id=1234567890&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Ffacebook%2Foauth%3Ffetchez%3Dla%2520vache&scope=";
+      window.top.location = "https://www.facebook.com/dialog/oauth/?client_id=1234567890&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Ffacebook%2Foauth%3Ffetchez%3Dla%2Bvache&scope=";
     </script>
   </body>
 </html>"""