Commits

Michał Jaworski  committed 5e771c7

issue #2 finally fixed

  • Participants
  • Parent commits 3047b30

Comments (0)

Files changed (2)

File oauth_provider/compat.py

 import django
 
 # location of patterns, url, include changes in 1.4 onwards
+
 try:
     from django.conf.urls import patterns, url, include
 except ImportError:
     import random
     # fallback for older versions of django (<=1.3). You shouldn't use them
     get_random_string = lambda length: ''.join([random.choice('abcdefghijklmnopqrstuvwxyz'
-                                    'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(length)])
+                                    'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(length)])
+
+if django.VERSION >= (1,4):
+    from django.http import HttpResponse
+    class UnsafeRedirect(HttpResponse):
+        def __init__(self, url, *args, **kwargs):
+            super(UnsafeRedirect, self).__init__(*args, status=302, **kwargs)
+            self["Location"] = url
+else:
+    from django.http import HttpResponse as UnsafeRedirect

File oauth_provider/views.py

 import oauth2 as oauth
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
-from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseBadRequest
 from django.views.decorators.csrf import csrf_exempt
 from django.utils.translation import ugettext as _
 from django.core.urlresolvers import get_callable
 
 from decorators import oauth_required
 from forms import AuthorizeRequestTokenForm
+from oauth_provider.compat import UnsafeRedirect
 from store import store, InvalidConsumerError, InvalidTokenError
 from utils import verify_oauth_request, get_oauth_request, require_params, send_oauth_error
 from utils import is_xauth_request, verify_xauth_request
             else:
                 args = { 'error': _('Access not granted by user.') }
             if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
-                response = HttpResponseRedirect(request_token.get_callback_url(args))
+                response = UnsafeRedirect(request_token.get_callback_url(args))
             else:
                 # try to get custom callback view
                 callback_view_str = getattr(settings, OAUTH_CALLBACK_VIEW,