Revision 8c7e1398 snf-pithos-app/pithos/api/util.py
b/snf-pithos-app/pithos/api/util.py | ||
---|---|---|
34 | 34 |
from functools import wraps |
35 | 35 |
from datetime import datetime |
36 | 36 |
from urllib import quote, unquote, urlencode |
37 |
from urlparse import urlunsplit, urlsplit, parse_qsl |
|
37 | 38 |
|
38 | 39 |
from django.http import (HttpResponse, Http404, HttpResponseRedirect, |
39 | 40 |
HttpResponseNotAllowed) |
... | ... | |
1196 | 1197 |
client_id, client_secret = OAUTH2_CLIENT_CREDENTIALS |
1197 | 1198 |
# TODO: check if client credentials are not set |
1198 | 1199 |
authorization_code = request.GET.get('code') |
1200 |
redirect_uri = unquote(request.build_absolute_uri( |
|
1201 |
request.get_full_path())) |
|
1199 | 1202 |
if authorization_code is None: |
1200 | 1203 |
# request authorization code |
1201 | 1204 |
params = {'response_type': 'code', |
1202 | 1205 |
'client_id': client_id, |
1203 |
'redirect_uri': |
|
1204 |
request.build_absolute_uri(request.path), |
|
1206 |
'redirect_uri': redirect_uri, |
|
1205 | 1207 |
'state': '', # TODO include state for security |
1206 | 1208 |
'scope': requested_resource} |
1207 | 1209 |
return HttpResponseRedirect('%s?%s' % |
... | ... | |
1210 | 1212 |
urlencode(params))) |
1211 | 1213 |
else: |
1212 | 1214 |
# request short-term access token |
1213 |
redirect_uri = request.build_absolute_uri(request.path) |
|
1215 |
parts = list(urlsplit(redirect_uri)) |
|
1216 |
params = dict(parse_qsl(parts[3], keep_blank_values=True)) |
|
1217 |
if 'code' in params: # always True |
|
1218 |
del params['code'] |
|
1219 |
if 'state' in params: |
|
1220 |
del params['state'] |
|
1221 |
parts[3] = urlencode(params) |
|
1222 |
redirect_uri = urlunsplit(parts) |
|
1214 | 1223 |
data = astakos.get_token('authorization_code', |
1215 | 1224 |
*OAUTH2_CLIENT_CREDENTIALS, |
1216 | 1225 |
redirect_uri=redirect_uri, |
1217 | 1226 |
scope=requested_resource, |
1218 | 1227 |
code=authorization_code) |
1219 |
params = {'access_token': data.get('access_token', '')} |
|
1220 |
return HttpResponseRedirect('%s?%s' % (redirect_uri, |
|
1221 |
urlencode(params))) |
|
1228 |
params['access_token'] = data.get('access_token', '') |
|
1229 |
parts[3] = urlencode(params) |
|
1230 |
redirect_uri = urlunsplit(parts) |
|
1231 |
return HttpResponseRedirect(redirect_uri) |
|
1222 | 1232 |
except AstakosClientException, err: |
1223 | 1233 |
logger.exception(err) |
1224 | 1234 |
raise PermissionDenied |
Also available in: Unified diff