automatically add response_type if not given in OAuth Request

This commit is contained in:
Jens Langhammer 2019-04-17 14:25:51 +02:00
parent 2fa57d064e
commit 9072b836c6
1 changed files with 10 additions and 0 deletions

View File

@ -36,6 +36,13 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
_application = None _application = None
def _inject_response_type(self):
"""Inject response_type into querystring if not set"""
LOGGER.debug("response_type not set, defaulting to 'code'")
querystring = urlencode(self.request.GET)
querystring += '&response_type=code'
return redirect(reverse('passbook_oauth_provider:oauth2-ok-authorize') + '?' + querystring)
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
"""Update OAuth2Provider's skip_authorization state""" """Update OAuth2Provider's skip_authorization state"""
# Get client_id to get provider, so we can update skip_authorization field # Get client_id to get provider, so we can update skip_authorization field
@ -55,6 +62,9 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
for policy_meaage in policy_meaages: for policy_meaage in policy_meaages:
messages.error(request, policy_meaage) messages.error(request, policy_meaage)
return redirect('passbook_oauth_provider:oauth2-permission-denied') return redirect('passbook_oauth_provider:oauth2-permission-denied')
# Some clients don't pass response_type, so we default to code
if 'response_type' not in request.GET:
return self._inject_response_type()
actual_response = super().dispatch(request, *args, **kwargs) actual_response = super().dispatch(request, *args, **kwargs)
if actual_response.status_code == 400: if actual_response.status_code == 400:
LOGGER.debug(request.GET.get('redirect_uri')) LOGGER.debug(request.GET.get('redirect_uri'))