From 9ba90323894964f3ae489466b8770b925af9dd46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Tue, 1 Sep 2020 12:07:13 +0300 Subject: [PATCH] Cleaner OAuth redirect_uri generation --- hc/front/urls.py | 8 ++------ hc/front/views.py | 15 +++++---------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/hc/front/urls.py b/hc/front/urls.py index 0d047086..0f06b74d 100644 --- a/hc/front/urls.py +++ b/hc/front/urls.py @@ -24,12 +24,8 @@ check_urls = [ ] channel_urls = [ - path( - "add_pushbullet/", - views.add_pushbullet_complete, - name="hc-add-pushbullet-complete", - ), - path("add_discord/", views.add_discord_complete, name="hc-add-discord-complete"), + path("add_pushbullet/", views.add_pushbullet_complete), + path("add_discord/", views.add_discord_complete), path("add_linenotify/", views.add_linenotify_complete), path("add_pushover/", views.pushover_help, name="hc-pushover-help"), path("telegram/", views.telegram_help, name="hc-telegram-help"), diff --git a/hc/front/views.py b/hc/front/views.py index 2dd82ad1..6a73ada5 100644 --- a/hc/front/views.py +++ b/hc/front/views.py @@ -1206,13 +1206,12 @@ def add_mattermost(request, code): @login_required def add_pushbullet(request, code): project = _get_rw_project_for_user(request, code) - redirect_uri = settings.SITE_ROOT + reverse("hc-add-pushbullet-complete") state = token_urlsafe() authorize_url = "https://www.pushbullet.com/authorize?" + urlencode( { "client_id": settings.PUSHBULLET_CLIENT_ID, - "redirect_uri": redirect_uri, + "redirect_uri": settings.SITE_ROOT + reverse(add_pushbullet_complete), "response_type": "code", "state": state, } @@ -1271,13 +1270,12 @@ def add_pushbullet_complete(request): @login_required def add_discord(request, code): project = _get_rw_project_for_user(request, code) - redirect_uri = settings.SITE_ROOT + reverse("hc-add-discord-complete") state = token_urlsafe() auth_url = "https://discordapp.com/api/oauth2/authorize?" + urlencode( { "client_id": settings.DISCORD_CLIENT_ID, "scope": "webhook.incoming", - "redirect_uri": redirect_uri, + "redirect_uri": settings.SITE_ROOT + reverse(add_discord_complete), "response_type": "code", "state": state, } @@ -1305,7 +1303,6 @@ def add_discord_complete(request): if request.GET.get("state") != state: return HttpResponseForbidden() - redirect_uri = settings.SITE_ROOT + reverse("hc-add-discord-complete") result = requests.post( "https://discordapp.com/api/oauth2/token", { @@ -1313,7 +1310,7 @@ def add_discord_complete(request): "client_secret": settings.DISCORD_CLIENT_SECRET, "code": request.GET.get("code"), "grant_type": "authorization_code", - "redirect_uri": redirect_uri, + "redirect_uri": settings.SITE_ROOT + reverse(add_discord_complete), }, ) @@ -1825,13 +1822,12 @@ def add_spike(request, code): @login_required def add_linenotify(request, code): project = _get_rw_project_for_user(request, code) - redirect_uri = settings.SITE_ROOT + reverse(add_linenotify_complete) state = token_urlsafe() authorize_url = " https://notify-bot.line.me/oauth/authorize?" + urlencode( { "client_id": settings.LINENOTIFY_CLIENT_ID, - "redirect_uri": redirect_uri, + "redirect_uri": settings.SITE_ROOT + reverse(add_linenotify_complete), "response_type": "code", "state": state, "scope": "notify", @@ -1864,13 +1860,12 @@ def add_linenotify_complete(request): return redirect("hc-p-channels", project.code) # Exchange code for access token - redirect_uri = settings.SITE_ROOT + reverse(add_linenotify_complete) result = requests.post( "https://notify-bot.line.me/oauth/token", { "grant_type": "authorization_code", "code": request.GET.get("code"), - "redirect_uri": redirect_uri, + "redirect_uri": settings.SITE_ROOT + reverse(add_linenotify_complete), "client_id": settings.LINENOTIFY_CLIENT_ID, "client_secret": settings.LINENOTIFY_CLIENT_SECRET, },