Merge pull request #432 from coreos-inc/oauthcheck
Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior
This commit is contained in:
josephschorr
commit
9889ca268a
3 changed files with 12 additions and 4 deletions
5
app.py
5
app.py
|
|
@ -2,6 +2,7 @@ import logging
|
||||||
import os
|
import os
|
||||||
import json
|
import json
|
||||||
|
|
||||||
|
from functools import partial
|
||||||
from flask import Flask, request, Request, _request_ctx_stack
|
from flask import Flask, request, Request, _request_ctx_stack
|
||||||
from flask.ext.principal import Principal
|
from flask.ext.principal import Principal
|
||||||
from flask.ext.login import LoginManager, UserMixin
|
from flask.ext.login import LoginManager, UserMixin
|
||||||
|
|
@ -21,6 +22,7 @@ from data.buildlogs import BuildLogs
|
||||||
from data.archivedlogs import LogArchive
|
from data.archivedlogs import LogArchive
|
||||||
from data.userevent import UserEventsBuilderModule
|
from data.userevent import UserEventsBuilderModule
|
||||||
from data.queue import WorkQueue, MetricQueueReporter
|
from data.queue import WorkQueue, MetricQueueReporter
|
||||||
|
from util import get_app_url
|
||||||
from util.saas.analytics import Analytics
|
from util.saas.analytics import Analytics
|
||||||
from util.saas.exceptionlog import Sentry
|
from util.saas.exceptionlog import Sentry
|
||||||
from util.names import urn_generator
|
from util.names import urn_generator
|
||||||
|
|
@ -174,5 +176,4 @@ class LoginWrappedDBUser(UserMixin):
|
||||||
def get_id(self):
|
def get_id(self):
|
||||||
return unicode(self._uuid)
|
return unicode(self._uuid)
|
||||||
|
|
||||||
def get_app_url():
|
get_app_url = partial(get_app_url, app.config)
|
||||||
return '%s://%s' % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
|
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,9 @@ from oauth2lib import utils
|
||||||
|
|
||||||
from data.database import (OAuthApplication, OAuthAuthorizationCode, OAuthAccessToken, User,
|
from data.database import (OAuthApplication, OAuthAuthorizationCode, OAuthAccessToken, User,
|
||||||
AccessToken, random_string_generator)
|
AccessToken, random_string_generator)
|
||||||
from data.model import user
|
from data.model import user, config
|
||||||
from auth import scopes
|
from auth import scopes
|
||||||
|
from util import get_app_url
|
||||||
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
@ -45,7 +46,10 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def validate_redirect_uri(self, client_id, redirect_uri):
|
def validate_redirect_uri(self, client_id, redirect_uri):
|
||||||
if redirect_uri == url_for('web.oauth_local_handler', _external=True):
|
internal_redirect_url = '%s%s' % (get_app_url(config.app_config),
|
||||||
|
url_for('web.oauth_local_handler'))
|
||||||
|
|
||||||
|
if redirect_uri == internal_redirect_url:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
def get_app_url(config):
|
||||||
|
""" Returns the application's URL, based on the given config. """
|
||||||
|
return '%s://%s' % (config['PREFERRED_URL_SCHEME'], config['SERVER_HOSTNAME'])
|
||||||
Reference in a new issue