MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix oauth to respond with unhashed token on creation

This commit is contained in:
Georg Krause 2022-11-08 19:37:05 +00:00 committed by JuniorJPDJ
parent 59072e5f00
commit 515b502364
3 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/funkwhale_api/users/oauth/serializers.py
View File

@ -32,7 +32,7 @@ class CreateApplicationSerializer(serializers.ModelSerializer):
"updated", "updated",
"redirect_uris", "redirect_uris",
] ]
read_only_fields = ["client_id", "client_secret", "created", "updated"] read_only_fields = ["client_id", "created", "updated"]
def to_representation(self, obj): def to_representation(self, obj):
repr = super().to_representation(obj) repr = super().to_representation(obj)

16
api/funkwhale_api/users/oauth/views.py
View File

@ -1,5 +1,6 @@
import json import json
import urllib.parse import urllib.parse
import secrets
from django import http from django import http
from django.utils import timezone from django.utils import timezone
@ -49,6 +50,21 @@ class ApplicationViewSet(
} }
} }
def create(self, request, *args, **kwargs):
request_data = request.data.copy()
try:
secret = request_data["client_secret"]
except KeyError:
secret = secrets.token_hex(64)
request_data["client_secret"] = secret
serializer = self.get_serializer(data=request_data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
data = serializer.data
data["client_secret"] = secret
return response.Response(data, status=201, headers=headers)
def get_serializer_class(self): def get_serializer_class(self):
if self.request.method.lower() == "post": if self.request.method.lower() == "post":
return serializers.CreateApplicationSerializer return serializers.CreateApplicationSerializer

2
api/tests/users/oauth/test_views.py
View File

@ -19,6 +19,7 @@ def test_apps_post(api_client, db):
assert response.status_code == 201 assert response.status_code == 201
app = models.Application.objects.get(name=data["name"]) app = models.Application.objects.get(name=data["name"])
setattr(app, "client_secret", response.data["client_secret"])
assert app.client_type == models.Application.CLIENT_CONFIDENTIAL assert app.client_type == models.Application.CLIENT_CONFIDENTIAL
assert app.authorization_grant_type == models.Application.GRANT_AUTHORIZATION_CODE assert app.authorization_grant_type == models.Application.GRANT_AUTHORIZATION_CODE
@ -40,6 +41,7 @@ def test_apps_post_logged_in_user(logged_in_api_client, db):
assert response.status_code == 201 assert response.status_code == 201
app = models.Application.objects.get(name=data["name"]) app = models.Application.objects.get(name=data["name"])
setattr(app, "client_secret", response.data["client_secret"])
assert app.client_type == models.Application.CLIENT_CONFIDENTIAL assert app.client_type == models.Application.CLIENT_CONFIDENTIAL
assert app.authorization_grant_type == models.Application.GRANT_AUTHORIZATION_CODE assert app.authorization_grant_type == models.Application.GRANT_AUTHORIZATION_CODE