vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Build the OAuth redirect URL ourselves, rather than relying on undocumented Flask behavior

Browse source
This commit is contained in:
Joseph Schorr 2015-09-01 15:03:46 -04:00
parent b410ecd164
commit b7f487da42
3 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
data/model/oauth.py
View file

@ -8,8 +8,9 @@ from oauth2lib import utils
from data.database import (OAuthApplication, OAuthAuthorizationCode, OAuthAccessToken, User,
AccessToken, random_string_generator)
from data.model import user
from data.model import user, config
from auth import scopes
from util import get_app_url
logger = logging.getLogger(__name__)
@ -45,7 +46,10 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
return False
def validate_redirect_uri(self, client_id, redirect_uri):
if redirect_uri == url_for('web.oauth_local_handler', _external=True):
internal_redirect_url = '%s%s' % (get_app_url(config.app_config),
url_for('web.oauth_local_handler'))
if redirect_uri == internal_redirect_url:
return True
try: