diff options
author | Omer Katz <omer.drow@gmail.com> | 2018-12-17 15:03:00 +0200 |
---|---|---|
committer | Omer Katz <omer.drow@gmail.com> | 2018-12-17 15:03:00 +0200 |
commit | baeb737f60f848a58f247a6ca8cf8b44445efcc0 (patch) | |
tree | e0d39fceafdbabda88684d79fca2b755c690dc26 /oauthlib/oauth2/rfc6749/grant_types/base.py | |
parent | 9faf472795c49008cc9b727b865b3a13d72ede50 (diff) | |
download | oauthlib-baeb737f60f848a58f247a6ca8cf8b44445efcc0.tar.gz |
Extract redirect handling to a common method.
Diffstat (limited to 'oauthlib/oauth2/rfc6749/grant_types/base.py')
-rw-r--r-- | oauthlib/oauth2/rfc6749/grant_types/base.py | 83 |
1 files changed, 55 insertions, 28 deletions
diff --git a/oauthlib/oauth2/rfc6749/grant_types/base.py b/oauthlib/oauth2/rfc6749/grant_types/base.py index 6ca8f65..f0772e2 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/base.py +++ b/oauthlib/oauth2/rfc6749/grant_types/base.py @@ -9,51 +9,53 @@ import logging from itertools import chain from oauthlib.common import add_params_to_uri +from oauthlib.uri_validate import is_absolute_uri from oauthlib.oauth2.rfc6749 import errors, utils from ..request_validator import RequestValidator log = logging.getLogger(__name__) + class ValidatorsContainer(object): """ - Container object for holding custom validator callables to be invoked - as part of the grant type `validate_authorization_request()` or - `validate_authorization_request()` methods on the various grant types. + Container object for holding custom validator callables to be invoked + as part of the grant type `validate_authorization_request()` or + `validate_authorization_request()` methods on the various grant types. - Authorization validators must be callables that take a request object and - return a dict, which may contain items to be added to the `request_info` - returned from the grant_type after validation. + Authorization validators must be callables that take a request object and + return a dict, which may contain items to be added to the `request_info` + returned from the grant_type after validation. - Token validators must be callables that take a request object and - return None. + Token validators must be callables that take a request object and + return None. - Both authorization validators and token validators may raise OAuth2 - exceptions if validation conditions fail. + Both authorization validators and token validators may raise OAuth2 + exceptions if validation conditions fail. - Authorization validators added to `pre_auth` will be run BEFORE - the standard validations (but after the critical ones that raise - fatal errors) as part of `validate_authorization_request()` + Authorization validators added to `pre_auth` will be run BEFORE + the standard validations (but after the critical ones that raise + fatal errors) as part of `validate_authorization_request()` - Authorization validators added to `post_auth` will be run AFTER - the standard validations as part of `validate_authorization_request()` + Authorization validators added to `post_auth` will be run AFTER + the standard validations as part of `validate_authorization_request()` - Token validators added to `pre_token` will be run BEFORE - the standard validations as part of `validate_token_request()` + Token validators added to `pre_token` will be run BEFORE + the standard validations as part of `validate_token_request()` - Token validators added to `post_token` will be run AFTER - the standard validations as part of `validate_token_request()` + Token validators added to `post_token` will be run AFTER + the standard validations as part of `validate_token_request()` - For example: + For example: - >>> def my_auth_validator(request): - ... return {'myval': True} - >>> auth_code_grant = AuthorizationCodeGrant(request_validator) - >>> auth_code_grant.custom_validators.pre_auth.append(my_auth_validator) - >>> def my_token_validator(request): - ... if not request.everything_okay: - ... raise errors.OAuth2Error("uh-oh") - >>> auth_code_grant.custom_validators.post_token.append(my_token_validator) + >>> def my_auth_validator(request): + ... return {'myval': True} + >>> auth_code_grant = AuthorizationCodeGrant(request_validator) + >>> auth_code_grant.custom_validators.pre_auth.append(my_auth_validator) + >>> def my_token_validator(request): + ... if not request.everything_okay: + ... raise errors.OAuth2Error("uh-oh") + >>> auth_code_grant.custom_validators.post_token.append(my_token_validator) """ def __init__(self, post_auth, post_token, @@ -224,3 +226,28 @@ class GrantTypeBase(object): 'Cache-Control': 'no-store', 'Pragma': 'no-cache', } + + def _handle_redirects(self, request): + if request.redirect_uri is not None: + request.using_default_redirect_uri = False + log.debug('Using provided redirect_uri %s', request.redirect_uri) + if not is_absolute_uri(request.redirect_uri): + raise errors.InvalidRedirectURIError(request=request) + + # The authorization server MUST verify that the redirection URI + # to which it will redirect the access token matches a + # redirection URI registered by the client as described in + # Section 3.1.2. + # https://tools.ietf.org/html/rfc6749#section-3.1.2 + if not self.request_validator.validate_redirect_uri( + request.client_id, request.redirect_uri, request): + raise errors.MismatchingRedirectURIError(request=request) + else: + request.redirect_uri = self.request_validator.get_default_redirect_uri( + request.client_id, request) + request.using_default_redirect_uri = True + log.debug('Using default redirect_uri %s.', request.redirect_uri) + if not request.redirect_uri: + raise errors.MissingRedirectURIError(request=request) + if not is_absolute_uri(request.redirect_uri): + raise errors.InvalidRedirectURIError(request=request) |