csrf
This commit is contained in:
parent
e066cf2c03
commit
2b0bd411a0
1 changed files with 17 additions and 6 deletions
|
@ -25,17 +25,23 @@ def register(_):
|
|||
|
||||
def register_callback(req: HttpRequest):
|
||||
code = req.GET['code']
|
||||
csrftoken = req.COOKIES.get('csrftoken')
|
||||
print(csrftoken)
|
||||
response = requests.post(settings.OAUTH["AUTHORIZE_URI"],
|
||||
data={'code': code,
|
||||
'grant_type': 'authorization_code',
|
||||
'client_id': settings.OAUTH["CLIENT_ID"],
|
||||
'client_secret': settings.OAUTH["CLIENT_SECRET"],
|
||||
'redirect_uri': settings.OAUTH["REDIRECT_URI"]})
|
||||
'redirect_uri': settings.OAUTH["REDIRECT_URI"]},
|
||||
cookies=None,
|
||||
headers={'Referer': f'{settings.SERVER_URL}/login/zeus/register'})
|
||||
try:
|
||||
if response.status_code == 200:
|
||||
json: dict = response.json()
|
||||
csrftoken = response.cookies['csrftoken']
|
||||
print(response.cookies)
|
||||
# TODO: maybe later do something with the refresh token.
|
||||
user: dict = user_info(json['access_token'])
|
||||
user: dict = user_info(json['access_token'], csrftoken)
|
||||
if 'username' not in user.keys() or 'id' not in user.keys():
|
||||
raise OAuthException(f'username and id are expected values: {user}')
|
||||
else:
|
||||
|
@ -44,11 +50,12 @@ def register_callback(req: HttpRequest):
|
|||
login(req, validated_user)
|
||||
redirect('/')
|
||||
else:
|
||||
raise OAuthException(f'Status code not 200, response: {response.json()}')
|
||||
print(response.request)
|
||||
raise OAuthException(f'Status code not 200, response: {response}')
|
||||
except OAuthException as e:
|
||||
logger.error(e)
|
||||
|
||||
return register('')
|
||||
return redirect('/')
|
||||
|
||||
|
||||
def validate_user(zeus_id, username) -> CustomUser:
|
||||
|
@ -60,6 +67,10 @@ def validate_user(zeus_id, username) -> CustomUser:
|
|||
return user
|
||||
|
||||
|
||||
def user_info(access_token):
|
||||
r = requests.get(settings.OAUTH["USER_API_URI"], headers={'Authorization': f'Bearer {access_token}'})
|
||||
def user_info(access_token, csrftoken):
|
||||
r = requests.get(
|
||||
settings.OAUTH["USER_API_URI"],
|
||||
headers={'Authorization': f'Bearer {access_token}'},
|
||||
cookies={'csrftoken': csrftoken}
|
||||
)
|
||||
return r.json()
|
||||
|
|
Loading…
Reference in a new issue