diff options
author | Frederick Muriuki Muriithi | 2024-04-26 10:05:26 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-04-26 10:05:26 +0300 |
commit | a19ad9852945fe882be1231b727b6687bccd0b37 (patch) | |
tree | 33812566018a28629ac2e560d38c1912def1bd49 /gn_auth | |
parent | 118c15bd84c2bccc8419a914b6bf3d84890e4fdb (diff) | |
download | gn-auth-a19ad9852945fe882be1231b727b6687bccd0b37.tar.gz |
Pass redirect_uri fields in POST. Use full URL
Pass in the missing redirect_uri value along with login data. Use the
full URI (complete with request args) as the form's action.
This resolves the error raised when wrong credentials are provided.
Diffstat (limited to 'gn_auth')
-rw-r--r-- | gn_auth/auth/authentication/oauth2/views.py | 7 | ||||
-rw-r--r-- | gn_auth/templates/oauth2/authorise-user.html | 7 |
2 files changed, 11 insertions, 3 deletions
diff --git a/gn_auth/auth/authentication/oauth2/views.py b/gn_auth/auth/authentication/oauth2/views.py index 8e2ceef..52f3346 100644 --- a/gn_auth/auth/authentication/oauth2/views.py +++ b/gn_auth/auth/authentication/oauth2/views.py @@ -48,13 +48,16 @@ def authorise(): "oauth2/authorise-user.html", client=client, scope=client.scope, - response_type=request.args["response_type"]) + response_type=request.args["response_type"], + redirect_uri=request.args["redirect_uri"]) form = request.form def __authorise__(conn: db.DbConnection) -> Response: email_passwd_msg = "Email or password is invalid!" redirect_response = redirect(url_for("oauth2.auth.authorise", - client_id=client_id)) + response_type=form["response_type"], + client_id=client_id, + redirect_uri=form["redirect_uri"])) try: email = validate_email( form.get("user:email"), check_deliverability=False) diff --git a/gn_auth/templates/oauth2/authorise-user.html b/gn_auth/templates/oauth2/authorise-user.html index b9284e5..c3842bf 100644 --- a/gn_auth/templates/oauth2/authorise-user.html +++ b/gn_auth/templates/oauth2/authorise-user.html @@ -7,8 +7,13 @@ {%block content%} {{flash_messages()}} -<form method="POST" action="{{url_for('oauth2.auth.authorise')}}"> +<form method="POST" action="{{url_for( + 'oauth2.auth.authorise', + response_type=response_type, + client_id=client.client_id, + redirect_uri=redirect_uri)}}"> <input type="hidden" name="response_type" value="{{response_type}}" /> + <input type="hidden" name="redirect_uri" value="{{redirect_uri}}" /> <input type="hidden" name="scope" value="{{scope | join(' ')}}" /> <input type="hidden" name="client_id" value="{{client.client_id}}" /> <p> |