diff options
| author | Frederick Muriuki Muriithi | 2024-04-26 10:05:26 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-04-26 10:05:26 +0300 |
| commit | a19ad9852945fe882be1231b727b6687bccd0b37 (patch) | |
| tree | 33812566018a28629ac2e560d38c1912def1bd49 | |
| parent | 118c15bd84c2bccc8419a914b6bf3d84890e4fdb (diff) | |
| download | gn-auth-a19ad9852945fe882be1231b727b6687bccd0b37.tar.gz | |
Pass redirect_uri fields in POST. Use full URL
Pass in the missing redirect_uri value along with login data. Use the full URI (complete with request args) as the form's action. This resolves the error raised when wrong credentials are provided.
| -rw-r--r-- | gn_auth/auth/authentication/oauth2/views.py | 7 | ||||
| -rw-r--r-- | gn_auth/templates/oauth2/authorise-user.html | 7 |
2 files changed, 11 insertions, 3 deletions
diff --git a/gn_auth/auth/authentication/oauth2/views.py b/gn_auth/auth/authentication/oauth2/views.py index 8e2ceef..52f3346 100644 --- a/gn_auth/auth/authentication/oauth2/views.py +++ b/gn_auth/auth/authentication/oauth2/views.py @@ -48,13 +48,16 @@ def authorise(): "oauth2/authorise-user.html", client=client, scope=client.scope, - response_type=request.args["response_type"]) + response_type=request.args["response_type"], + redirect_uri=request.args["redirect_uri"]) form = request.form def __authorise__(conn: db.DbConnection) -> Response: email_passwd_msg = "Email or password is invalid!" redirect_response = redirect(url_for("oauth2.auth.authorise", - client_id=client_id)) + response_type=form["response_type"], + client_id=client_id, + redirect_uri=form["redirect_uri"])) try: email = validate_email( form.get("user:email"), check_deliverability=False) diff --git a/gn_auth/templates/oauth2/authorise-user.html b/gn_auth/templates/oauth2/authorise-user.html index b9284e5..c3842bf 100644 --- a/gn_auth/templates/oauth2/authorise-user.html +++ b/gn_auth/templates/oauth2/authorise-user.html @@ -7,8 +7,13 @@ {%block content%} {{flash_messages()}} -<form method="POST" action="{{url_for('oauth2.auth.authorise')}}"> +<form method="POST" action="{{url_for( + 'oauth2.auth.authorise', + response_type=response_type, + client_id=client.client_id, + redirect_uri=redirect_uri)}}"> <input type="hidden" name="response_type" value="{{response_type}}" /> + <input type="hidden" name="redirect_uri" value="{{redirect_uri}}" /> <input type="hidden" name="scope" value="{{scope | join(' ')}}" /> <input type="hidden" name="client_id" value="{{client.client_id}}" /> <p> |