Clean authorize template. Separate hidden inputs.

2015-01-29 14:03:17 -03:00 · 2015-01-29 14:03:17 -03:00 · 564dd29d27
parent 8e78e2dc9e
commit 564dd29d27
3 changed files with 18 additions and 10 deletions
--- a/openid_provider/templates/openid_provider/authorize.html
+++ b/openid_provider/templates/openid_provider/authorize.html
@ -6,17 +6,11 @@
    
    {% csrf_token %}

-    <input name="client_id" type="hidden" value="{{ params.client_id }}" />
-    <input name="redirect_uri" type="hidden" value="{{ params.redirect_uri }}" />
-    <input name="response_type" type="hidden" value="{{ params.response_type }}" />
-    <input name="scope" type="hidden" value="{{ params.scope_str }}" />
-    <input name="state" type="hidden" value="{{ params.state }}" />
+    {{ hidden_inputs }}

    <ul>
    {% for scope in params.scope %}
-        {% if scope != 'openid' %}
        <li>{{ scope | capfirst }}</li>
-        {% endif %}
    {% endfor %}
    </ul>

--- a/openid_provider/templates/openid_provider/hidden_inputs.html
+++ b/openid_provider/templates/openid_provider/hidden_inputs.html
@ -0,0 +1,5 @@
+<input name="client_id" type="hidden" value="{{ params.client_id }}" />
+<input name="redirect_uri" type="hidden" value="{{ params.redirect_uri }}" />
+<input name="response_type" type="hidden" value="{{ params.response_type }}" />
+<input name="scope" type="hidden" value="{{ params.scope | join:' ' }}" />
+<input name="state" type="hidden" value="{{ params.state }}" />
--- a/openid_provider/views.py
+++ b/openid_provider/views.py
@ -3,6 +3,7 @@ from django.contrib.auth.views import redirect_to_login
 from django.core.urlresolvers import reverse
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import render
+from django.template.loader import render_to_string
 from django.views.decorators.http import require_http_methods
 from django.views.generic import View
 from openid_provider.lib.errors import *
@ -23,12 +24,20 @@ class AuthorizeView(View):

            if request.user.is_authenticated():

-                # This is for printing scopes in form.
-                authorize.params.scope_str = ' '.join(authorize.params.scope)
-
+                # Generate hidden inputs for the form.
                context = {
                    'params': authorize.params,
+                }
+                hidden_inputs = render_to_string(
+                    'openid_provider/hidden_inputs.html', context)
+
+                # Remove openid from scope list since we don't need to print it.
+                authorize.params.scope.remove('openid')
+
+                context = {
                    'client': authorize.client,
+                    'hidden_inputs': hidden_inputs,
+                    'params': authorize.params,
                }

                return render(request, 'openid_provider/authorize.html', context)