diff --git a/oauth/views.py b/oauth/views.py index ebe1fb7..05ee0c7 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -25,17 +25,23 @@ def register(_): def register_callback(req: HttpRequest): code = req.GET['code'] + csrftoken = req.COOKIES.get('csrftoken') + print(csrftoken) response = requests.post(settings.OAUTH["AUTHORIZE_URI"], data={'code': code, 'grant_type': 'authorization_code', 'client_id': settings.OAUTH["CLIENT_ID"], 'client_secret': settings.OAUTH["CLIENT_SECRET"], - 'redirect_uri': settings.OAUTH["REDIRECT_URI"]}) + 'redirect_uri': settings.OAUTH["REDIRECT_URI"]}, + cookies=None, + headers={'Referer': f'{settings.SERVER_URL}/login/zeus/register'}) try: if response.status_code == 200: json: dict = response.json() + csrftoken = response.cookies['csrftoken'] + print(response.cookies) # TODO: maybe later do something with the refresh token. - user: dict = user_info(json['access_token']) + user: dict = user_info(json['access_token'], csrftoken) if 'username' not in user.keys() or 'id' not in user.keys(): raise OAuthException(f'username and id are expected values: {user}') else: @@ -44,11 +50,12 @@ def register_callback(req: HttpRequest): login(req, validated_user) redirect('/') else: - raise OAuthException(f'Status code not 200, response: {response.json()}') + print(response.request) + raise OAuthException(f'Status code not 200, response: {response}') except OAuthException as e: logger.error(e) - return register('') + return redirect('/') def validate_user(zeus_id, username) -> CustomUser: @@ -60,6 +67,10 @@ def validate_user(zeus_id, username) -> CustomUser: return user -def user_info(access_token): - r = requests.get(settings.OAUTH["USER_API_URI"], headers={'Authorization': f'Bearer {access_token}'}) +def user_info(access_token, csrftoken): + r = requests.get( + settings.OAUTH["USER_API_URI"], + headers={'Authorization': f'Bearer {access_token}'}, + cookies={'csrftoken': csrftoken} + ) return r.json()