vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix OAuth redirect for denial action when generating for internal tokens

Browse source
This commit is contained in:
Joseph Schorr 2015-06-01 13:43:38 -04:00
parent dd28a845db
commit 5516911de9
5 changed files with 56 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

15
endpoints/web.py
View file

@ -414,6 +414,19 @@ def authorize_application():
return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
@web.route(app.config['LOCAL_OAUTH_HANDLER'], methods=['GET'])
def oauth_local_handler():
if not current_user.is_authenticated():
abort(401)
return
if not request.args.get('scope'):
return render_page_template("message.html", message="Authorization canceled")
else:
return render_page_template("generatedtoken.html")
@web.route('/oauth/denyapp', methods=['POST'])
@csrf_protect
def deny_application():
@ -444,7 +457,7 @@ def request_authorization_code():
if (not current_user.is_authenticated() or
not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)):
if redirect_uri != 'display' and not provider.validate_redirect_uri(client_id, redirect_uri):
if not provider.validate_redirect_uri(client_id, redirect_uri):
current_app = provider.get_application_for_client_id(client_id)
if not current_app:
abort(404)