Revision 698016f7
| b/snf-astakos-app/astakos/oa2/models.py | ||
|---|---|---|
| 32 | 32 |
# or implied, of GRNET S.A. |
| 33 | 33 |
|
| 34 | 34 |
import datetime |
| 35 |
import urlparse |
|
| 36 | 35 |
|
| 37 | 36 |
from django.db import models |
| 38 | 37 |
from django.utils.translation import ugettext_lazy as _ |
| ... | ... | |
| 87 | 86 |
return self.redirecturl_set.get().url |
| 88 | 87 |
|
| 89 | 88 |
def redirect_uri_is_valid(self, uri): |
| 90 |
# ignore user specific uri part |
|
| 91 |
parts = list(urlparse.urlsplit(uri)) |
|
| 92 |
path = parts[2] |
|
| 93 |
pieces = path.rsplit('/', 3)
|
|
| 94 |
parts[2] = '/'.join(pieces[:-3]) if len(pieces) > 3 else path |
|
| 95 |
uri = urlparse.urlunsplit(parts) |
|
| 96 |
|
|
| 97 |
# TODO: handle trailing slashes |
|
| 98 |
return self.redirecturl_set.filter(url=uri).count() > 0 |
|
| 89 |
for redirect_uri in self.redirecturl_set.values_list('url', flat=True):
|
|
| 90 |
if uri == redirect_uri: |
|
| 91 |
return True |
|
| 92 |
elif uri.startswith(redirect_uri.rstrip('/') + '/'):
|
|
| 93 |
return True |
|
| 94 |
return False |
|
| 99 | 95 |
|
| 100 | 96 |
def get_id(self): |
| 101 | 97 |
return self.identifier |
| b/snf-astakos-app/astakos/oa2/tests/djangobackend.py | ||
|---|---|---|
| 377 | 377 |
self.assertEqual(code4.state, 'csrfstate') |
| 378 | 378 |
self.assertEqual(code4.redirect_uri, self.client3_redirect_uri) |
| 379 | 379 |
|
| 380 |
params['redirect_uri'] = '%s/more' % self.client3_redirect_uri |
|
| 381 |
self.client.set_credentials('client3', 'secret')
|
|
| 382 |
r = self.client.authorize_code('client3', urlparams=params)
|
|
| 383 |
self.assertEqual(r.status_code, 302) |
|
| 384 |
self.assertCount(AuthorizationCode, 5) |
|
| 385 |
|
|
| 386 |
# redirect is valid |
|
| 387 |
redirect5 = self.get_redirect_url(r) |
|
| 388 |
self.assertParam(redirect5, "code") |
|
| 389 |
self.assertParamEqual(redirect5, "state", 'csrfstate') |
|
| 390 |
self.assertNoParam(redirect5, "extra_param") |
|
| 391 |
self.assertHost(redirect5, "server3.com") |
|
| 392 |
self.assertPath(redirect5, "/handle_code/more") |
|
| 393 |
|
|
| 394 |
code4 = AuthorizationCode.objects.get(code=redirect5.params['code'][0]) |
|
| 395 |
self.assertEqual(code4.state, 'csrfstate') |
|
| 396 |
self.assertEqual(code4.redirect_uri, |
|
| 397 |
'%s/more' % self.client3_redirect_uri) |
|
| 398 |
|
|
| 380 | 399 |
def test_get_token(self): |
| 381 | 400 |
# invalid method |
| 382 | 401 |
r = self.client.get(self.client.token_url) |
Also available in: Unified diff