Commits

Michał Jaworski committed 5858f80

some callback hack'n'fixes + non-http callback urls supported only when OAUTH_UNSAFE_REDIRECTS set to true

Comments (0)

Files changed (5)

oauth_provider/compat.py

             super(UnsafeRedirect, self).__init__(*args, status=302, **kwargs)
             self["Location"] = url
 else:
-    from django.http import HttpResponse as UnsafeRedirect
+    from django.http import HttpResponseRedirect as UnsafeRedirect

oauth_provider/models.py

                 query = '%s&oauth_verifier=%s' % (query, self.verifier)
             else:
                 query = 'oauth_verifier=%s' % self.verifier
+
+            # workaround for non-http scheme urlparse problem in py2.6 (issue #2)
+            if "?" in path:
+                query = "%s&%s" % (path.split("?")[-1], query)
+                path = "?".join(path[:-1])
+
             if args is not None:
                 query += "&%s" % urllib.urlencode(args)
             return urlparse.urlunparse((scheme, netloc, path, params,

oauth_provider/runtests/settings.py

     }
 }
 
-#DATABASE_ENGINE = 'sqlite3'
-#DATABASE_NAME = os.path.join(ROOT_PATH, 'testdb.sqlite')
-DATABASE_ENGINE = 'postgresql_psycopg2'
-DATABASE_NAME = 'oauthprovider'
 
 TIME_ZONE = 'America/Chicago'
 LANGUAGE_CODE = 'en-us'
     'oauth_provider.tests'
 )
 
+OAUTH_UNSAFE_REDIRECTS = True
+
 import django
 if django.VERSION >= (1, 5):
     # custom user model for tests issue #22

oauth_provider/tests/issues.py

     def test_non_http_url_callback_scheme(self):
 
         # @vmihailenco callback example
-        self.request_token_parameters['oauth_callback'] = 'chrome-extension://fnaffgdfmcfbjiifjkhbfbnjljaabiaj.com/chrome_ex_oauth.html?q=1'
+        self.request_token_parameters['oauth_callback'] = 'ftp://fnaffgdfmcfbjiifjkhbfbnjljaabiaj.com/chrome_ex_oauth.html?q=1'
         self._request_token()
 
         self.c.login(username=self.username, password=self.password)
         self.assertEqual(response.status_code, 302)
 
         # assert query part of url is not malformed
-        assert "?q=1&" in response["location"]
+        assert "?q=1&" in response["Location"]

oauth_provider/views.py

 import oauth2 as oauth
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
-from django.http import HttpResponse, HttpResponseBadRequest
+from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseRedirect
 from django.views.decorators.csrf import csrf_exempt
 from django.utils.translation import ugettext as _
 from django.core.urlresolvers import get_callable
 INVALID_PARAMS_RESPONSE = send_oauth_error(oauth.Error(
                                             _('Invalid request parameters.')))
 
+UNSAFE_REDIRECTS = getattr(settings, "OAUTH_UNSAFE_REDIRECTS", False)
+
 @csrf_exempt
 def request_token(request):
     oauth_request = get_oauth_request(request)
             else:
                 args = { 'error': _('Access not granted by user.') }
             if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
-                response = UnsafeRedirect(request_token.get_callback_url(args))
+                callback_url = request_token.get_callback_url(args)
+                if UNSAFE_REDIRECTS:
+                    response = UnsafeRedirect(callback_url)
+                else:
+                    response = HttpResponseRedirect(callback_url)
             else:
                 # try to get custom callback view
                 callback_view_str = getattr(settings, OAUTH_CALLBACK_VIEW,
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.