Merge pull request #84 from wojtek-fliposports/v0.3.x
Fixing missing verification of client response type and encoding the client secret.
This commit is contained in:
commit
a2809307cf
|
@ -33,7 +33,7 @@ class ClientForm(ModelForm):
|
||||||
if instance and instance.pk:
|
if instance and instance.pk:
|
||||||
return instance.client_secret
|
return instance.client_secret
|
||||||
else:
|
else:
|
||||||
return md5(str(uuid4())).hexdigest()
|
return md5(uuid4().hex.encode()).hexdigest()
|
||||||
|
|
||||||
|
|
||||||
@admin.register(Client)
|
@admin.register(Client)
|
||||||
|
|
|
@ -76,6 +76,10 @@ class AuthorizeEndpoint(object):
|
||||||
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
|
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
|
||||||
self.grant_type)
|
self.grant_type)
|
||||||
|
|
||||||
|
if self.is_authentication and self.params.response_type != self.client.response_type:
|
||||||
|
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
|
||||||
|
self.grant_type)
|
||||||
|
|
||||||
clean_redirect_uri = urlsplit(self.params.redirect_uri)
|
clean_redirect_uri = urlsplit(self.params.redirect_uri)
|
||||||
clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query=''))
|
clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query=''))
|
||||||
if not (clean_redirect_uri in self.client.redirect_uris):
|
if not (clean_redirect_uri in self.client.redirect_uris):
|
||||||
|
|
Loading…
Reference in a new issue