From 437684701486f46d147a247a1bef2a6498e9a548 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Mat=C3=ADas=20Aguirre?= <matiasaguirre@gmail.com>
Date: Sun, 15 Apr 2012 22:19:48 -0300
Subject: [PATCH] Force https:// in redirect URIs if setting is defined. Closes
 #281

---
 README.rst                       |  7 +++++++
 doc/configuration.rst            |  6 ++++++
 social_auth/backends/__init__.py | 22 +++++++++++++++-------
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/README.rst b/README.rst
index 90a0c1f..93afa6b 100644
--- a/README.rst
+++ b/README.rst
@@ -368,6 +368,13 @@ Configuration
   It's default value is ``DEBUG``, so you need to set it to ``False`` to avoid
   tracebacks when ``DEBUG = True``.
 
+- When your project is behind a reverse proxy that uses HTTPS the redirect URIs
+  can became with the wrong schema (``http://`` instead of ``https://``), and
+  might cause errors with the auth process, to force HTTPS in the final URIs
+  define this setting::
+
+    SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
+
 
 Some settings can be tweak by backend by adding the backend name prefix (all
 uppercase and replace ``-`` with ``_``), here's the supported settings so far::
diff --git a/doc/configuration.rst b/doc/configuration.rst
index d7db111..fadf215 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -265,6 +265,12 @@ Configuration
   It's default value is ``DEBUG``, so you need to set it to ``False`` to avoid
   tracebacks when ``DEBUG = True``.
 
+- When your project is behind a reverse proxy that uses HTTPS the redirect URIs
+  can became with the wrong schema (``http://`` instead of ``https://``), and
+  might cause errors with the auth process, to force HTTPS in the final URIs
+  define this setting::
+
+    SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
 
 Some settings can be tweak by backend by adding the backend name prefix (all
 uppercase and replace ``-`` with ``_``), here's the supported settings so far::
diff --git a/social_auth/backends/__init__.py b/social_auth/backends/__init__.py
index 1ce28c5..c1d2bae 100644
--- a/social_auth/backends/__init__.py
+++ b/social_auth/backends/__init__.py
@@ -410,6 +410,15 @@ class BaseAuth(object):
         else:
             user.social_auth.filter(provider=self.AUTH_BACKEND.name).delete()
 
+    def build_absolute_uri(self, path=None):
+        """Build absolute URI for given path. Replace http:// schema with
+        https:// if SOCIAL_AUTH_REDIRECT_IS_HTTPS is defined.
+        """
+        uri = self.request.build_absolute_uri(path)
+        if setting('SOCIAL_AUTH_REDIRECT_IS_HTTPS'):
+            uri = uri.replace('http://', 'https://')
+        return uri
+
 
 class OpenIdAuth(BaseAuth):
     """OpenId process handling"""
@@ -419,26 +428,25 @@ class OpenIdAuth(BaseAuth):
         """Return auth URL returned by service"""
         openid_request = self.setup_request(self.auth_extra_arguments())
         # Construct completion URL, including page we should redirect to
-        return_to = self.request.build_absolute_uri(self.redirect)
+        return_to = self.build_absolute_uri(self.redirect)
         return openid_request.redirectURL(self.trust_root(), return_to)
 
     def auth_html(self):
         """Return auth HTML returned by service"""
         openid_request = self.setup_request(self.auth_extra_arguments())
-        return_to = self.request.build_absolute_uri(self.redirect)
+        return_to = self.build_absolute_uri(self.redirect)
         form_tag = {'id': 'openid_message'}
         return openid_request.htmlMarkup(self.trust_root(), return_to,
                                          form_tag_attrs=form_tag)
 
     def trust_root(self):
         """Return trust-root option"""
-        return setting('OPENID_TRUST_ROOT') or \
-               self.request.build_absolute_uri('/')
+        return setting('OPENID_TRUST_ROOT') or self.build_absolute_uri('/')
 
     def continue_pipeline(self, *args, **kwargs):
         """Continue previous halted pipeline"""
         response = self.consumer().complete(dict(self.data.items()),
-                                            self.request.build_absolute_uri())
+                                            self.build_absolute_uri())
         kwargs.update({
             'auth': self,
             'response': response,
@@ -449,7 +457,7 @@ class OpenIdAuth(BaseAuth):
     def auth_complete(self, *args, **kwargs):
         """Complete auth process"""
         response = self.consumer().complete(dict(self.data.items()),
-                                            self.request.build_absolute_uri())
+                                            self.build_absolute_uri())
         if not response:
             raise AuthException(self, 'OpenID relying party endpoint')
         elif response.status == SUCCESS:
@@ -521,7 +529,7 @@ class BaseOAuth(BaseAuth):
     def __init__(self, request, redirect):
         """Init method"""
         super(BaseOAuth, self).__init__(request, redirect)
-        self.redirect_uri = self.request.build_absolute_uri(self.redirect)
+        self.redirect_uri = self.build_absolute_uri(self.redirect)
 
 
 class ConsumerBasedOAuth(BaseOAuth):
-- 
2.39.5