From bd053af72034261982bbabc5bf3345c488b1dcb1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Mat=C3=ADas=20Aguirre?= Date: Mon, 24 Jan 2011 11:34:20 -0200 Subject: [PATCH] Check request method to access it's data --- social_auth/backends/__init__.py | 14 +++++++------- social_auth/backends/facebook.py | 4 ++-- social_auth/views.py | 5 +++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/social_auth/backends/__init__.py b/social_auth/backends/__init__.py index a0e1b90..add4e86 100644 --- a/social_auth/backends/__init__.py +++ b/social_auth/backends/__init__.py @@ -253,6 +253,7 @@ class BaseAuth(object): and implement needed methods""" def __init__(self, request, redirect): self.request = request + self.data = request.POST if request.method == 'POST' else request.GET self.redirect = redirect def auth_url(self): @@ -304,7 +305,7 @@ class OpenIdAuth(BaseAuth): form_tag_attrs=form_tag) def auth_complete(self, *args, **kwargs): - response = self.consumer().complete(dict(self.request.REQUEST.items()), + response = self.consumer().complete(dict(self.data.items()), self.request.build_absolute_uri()) if not response: raise ValueError('This is an OpenID relying party endpoint') @@ -368,10 +369,9 @@ class OpenIdAuth(BaseAuth): """Return service provider URL. This base class is generic accepting a POST parameter that specifies provider URL.""" - if self.request.method != 'POST' or \ - OPENID_ID_FIELD not in self.request.POST: + if OPENID_ID_FIELD not in self.data: raise ValueError('Missing openid identifier') - return self.request.POST[OPENID_ID_FIELD] + return self.data[OPENID_ID_FIELD] class BaseOAuth(BaseAuth): @@ -416,7 +416,7 @@ class ConsumerBasedOAuth(BaseOAuth): raise ValueError('Missing unauthorized token') token = OAuthToken.from_string(unauthed_token) - if token.key != self.request.GET.get('oauth_token', 'no-token'): + if token.key != self.data.get('oauth_token', 'no-token'): raise ValueError('Incorrect tokens') access_token = self.access_token(token) @@ -439,8 +439,8 @@ class ConsumerBasedOAuth(BaseOAuth): if extra_params: params.update(extra_params) - if 'oauth_verifier' in self.request.GET: - params['oauth_verifier'] = self.request.GET['oauth_verifier'] + if 'oauth_verifier' in self.data: + params['oauth_verifier'] = self.data['oauth_verifier'] request = OAuthRequest.from_consumer_and_token(self.consumer, token=token, http_url=url, diff --git a/social_auth/backends/facebook.py b/social_auth/backends/facebook.py index 1731ab6..5d779a6 100644 --- a/social_auth/backends/facebook.py +++ b/social_auth/backends/facebook.py @@ -50,12 +50,12 @@ class FacebookAuth(BaseOAuth): def auth_complete(self, *args, **kwargs): """Returns user, might be logged in""" - if 'code' in self.request.GET: + if 'code' in self.data: url = FACEBOOK_ACCESS_TOKEN_URL + '?' + \ urllib.urlencode({'client_id': settings.FACEBOOK_APP_ID, 'redirect_uri': self.redirect_uri, 'client_secret': settings.FACEBOOK_API_SECRET, - 'code': self.request.GET['code']}) + 'code': self.data['code']}) response = cgi.parse_qs(urllib.urlopen(url).read()) access_token = response['access_token'][0] diff --git a/social_auth/views.py b/social_auth/views.py index ed35db7..ef62728 100644 --- a/social_auth/views.py +++ b/social_auth/views.py @@ -59,8 +59,9 @@ def auth_process(request, backend, complete_url_name, default_final_url): backend = get_backend(backend, request, redirect) if not backend: return HttpResponseServerError('Incorrect authentication service') - request.session[REDIRECT_FIELD_NAME] = request.GET.get(REDIRECT_FIELD_NAME, - default_final_url) + data = request.GET if request.method == 'GET' else request.POST + request.session[REDIRECT_FIELD_NAME] = data.get(REDIRECT_FIELD_NAME, + default_final_url) if backend.uses_redirect: return HttpResponseRedirect(backend.auth_url()) else: -- 2.39.5