From 564dd29d27ee7b57ccab3c8c41a9838e491e08d3 Mon Sep 17 00:00:00 2001
From: juanifioren <juanifioren@gmail.com>
Date: Thu, 29 Jan 2015 14:03:17 -0300
Subject: [PATCH] Clean authorize template. Separate hidden inputs.

---
 .../templates/openid_provider/authorize.html      |  8 +-------
 .../templates/openid_provider/hidden_inputs.html  |  5 +++++
 openid_provider/views.py                          | 15 ++++++++++++---
 3 files changed, 18 insertions(+), 10 deletions(-)
 create mode 100644 openid_provider/templates/openid_provider/hidden_inputs.html

diff --git a/openid_provider/templates/openid_provider/authorize.html b/openid_provider/templates/openid_provider/authorize.html
index d404d10..a6264bc 100644
--- a/openid_provider/templates/openid_provider/authorize.html
+++ b/openid_provider/templates/openid_provider/authorize.html
@@ -6,17 +6,11 @@
     
     {% csrf_token %}
 
-    <input name="client_id" type="hidden" value="{{ params.client_id }}" />
-    <input name="redirect_uri" type="hidden" value="{{ params.redirect_uri }}" />
-    <input name="response_type" type="hidden" value="{{ params.response_type }}" />
-    <input name="scope" type="hidden" value="{{ params.scope_str }}" />
-    <input name="state" type="hidden" value="{{ params.state }}" />
+    {{ hidden_inputs }}
 
     <ul>
     {% for scope in params.scope %}
-        {% if scope != 'openid' %}
         <li>{{ scope | capfirst }}</li>
-        {% endif %}
     {% endfor %}
     </ul>
 
diff --git a/openid_provider/templates/openid_provider/hidden_inputs.html b/openid_provider/templates/openid_provider/hidden_inputs.html
new file mode 100644
index 0000000..286a188
--- /dev/null
+++ b/openid_provider/templates/openid_provider/hidden_inputs.html
@@ -0,0 +1,5 @@
+<input name="client_id" type="hidden" value="{{ params.client_id }}" />
+<input name="redirect_uri" type="hidden" value="{{ params.redirect_uri }}" />
+<input name="response_type" type="hidden" value="{{ params.response_type }}" />
+<input name="scope" type="hidden" value="{{ params.scope | join:' ' }}" />
+<input name="state" type="hidden" value="{{ params.state }}" />
\ No newline at end of file
diff --git a/openid_provider/views.py b/openid_provider/views.py
index dfa3cbd..a80cde0 100644
--- a/openid_provider/views.py
+++ b/openid_provider/views.py
@@ -3,6 +3,7 @@ from django.contrib.auth.views import redirect_to_login
 from django.core.urlresolvers import reverse
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import render
+from django.template.loader import render_to_string
 from django.views.decorators.http import require_http_methods
 from django.views.generic import View
 from openid_provider.lib.errors import *
@@ -23,12 +24,20 @@ class AuthorizeView(View):
 
             if request.user.is_authenticated():
 
-                # This is for printing scopes in form.
-                authorize.params.scope_str = ' '.join(authorize.params.scope)
-
+                # Generate hidden inputs for the form.
                 context = {
                     'params': authorize.params,
+                }
+                hidden_inputs = render_to_string(
+                    'openid_provider/hidden_inputs.html', context)
+
+                # Remove openid from scope list since we don't need to print it.
+                authorize.params.scope.remove('openid')
+
+                context = {
                     'client': authorize.client,
+                    'hidden_inputs': hidden_inputs,
+                    'params': authorize.params,
                 }
 
                 return render(request, 'openid_provider/authorize.html', context)