Commits

Thomas Johansson committed 751cf25

Properly urlencode returns, and improve error messages.

  • Participants
  • Parent commits de2833d

Comments (0)

Files changed (1)

File piston/authentication/oauth/views.py

+from urllib import urlencode
+
 import oauth2 as oauth
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseRedirect
     oauth_request = get_oauth_request(request)
     consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
 
-    # Ensure the client is using 1.0a
     if 'oauth_callback' not in oauth_request:
-        return HttpResponseBadRequest('OAuth 1.0 is not supported, you must use OAuth 1.0a.')
+        return HttpResponseBadRequest('OAuth 1.0a is required.')
 
     if not verify_oauth_request(request, oauth_request, consumer):
-        return HttpResponseBadRequest()
+        return HttpResponseBadRequest('Could not verify OAuth request.')
 
     request_token = store.create_request_token(request, oauth_request, consumer, oauth_request['oauth_callback'])
-    ret = 'oauth_token=%s&oauth_token_secret=%s&callback_confirmed=true' % (request_token.key, request_token.secret)
+
+    ret = urlencode({
+        'oauth_token': request_token.key,
+        'oauth_token_secret': request_token.secret,
+        'oauth_callback_confirmed': 'true'
+    })
     return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
 
 
         if form.is_valid() and form.cleaned_data['authorize_access']:
             request_token = store.authorize_request_token(request, oauth_request, request_token)            
             if request_token.callback is not None and request_token.callback != 'oob':
-                return HttpResponseRedirect('%s&oauth_token=%s' % (request_token.get_callback_url(), request_token.key))
+                return HttpResponseRedirect('%s&%s' % (request_token.get_callback_url(), urlencode({'oauth_token': request_token.key})))
             else:
-                return render_to_response(verification_template_name, {'consumer': consumer, 'verification_code': request_token.verifier}, RequestContext(request))
+                return render_to_response(verification_template_name, { 'consumer': consumer, 'verification_code': request_token.verifier}, RequestContext(request))
     else:
         form = form_class(initial={'oauth_token': request_token.key})
 
     request_token = store.get_request_token(request, oauth_request, oauth_request['oauth_token'])
 
     if not verify_oauth_request(request, oauth_request, consumer, request_token):
-        return HttpResponseBadRequest()
+        return HttpResponseBadRequest('Could not verify OAuth request.')
         
     if oauth_request.get('oauth_verifier', None) != request_token.verifier:
-        return HttpResponseBadRequest()
+        return HttpResponseBadRequest('Invalid OAuth verifier.')
 
     access_token = store.create_access_token(request, oauth_request, consumer, request_token)
-    ret = 'oauth_token=%s&oauth_token_secret=%s' % (access_token.key, access_token.secret)
+
+    ret = urlencode({
+        'oauth_token': access_token.key,
+        'oauth_token_secret': access_token.secret
+    })
     return HttpResponse(ret, content_type='application/x-www-form-urlencoded')