diff options
| author | Magnus Hagander | 2025-01-16 19:49:49 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2025-01-16 19:49:49 +0000 |
| commit | 89b9b526a23759a292a16da258b151ae4d5f2afc (patch) | |
| tree | 5c59ec339ae628bfbfec6741f2ddeb0409f5b83c /postgresqleu/util/views.py | |
| parent | fbaf3e059349c4faaffd4a48a1389df2f0fb8be8 (diff) | |
Change linkedin provider to use a shared oauth_return URL
Since Linkedin doesn't support wildcards, having the providerid in the
URL required whitelisting individual URLs which was very annoying.
Instead overload it into the state field and use a shared URL.
In passing, fix the redirect after attaching linkedin to a shared news
provider. The attachment worked fine but the redirect went to the wrong
page.
Diffstat (limited to 'postgresqleu/util/views.py')
| -rw-r--r-- | postgresqleu/util/views.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/postgresqleu/util/views.py b/postgresqleu/util/views.py index 11b5b821..92666c61 100644 --- a/postgresqleu/util/views.py +++ b/postgresqleu/util/views.py @@ -27,10 +27,19 @@ def markdown_preview(request): @csrf_exempt -def oauth_return(request, providerid): +def oauth_return(request, providerid=None): if 'code' not in request.GET: raise Http404('Code missing') + if providerid is None: + # If it's none, we expect it in the state, followed by an underscore + if '_' not in request.GET.get('state', ''): + raise Http404('State is missing or invalid') + statepid, rest = request.GET['state'].split('_', 1) + providerid = int(statepid) + else: + providerid = providerid.rstrip('/') + provider = get_object_or_404(MessagingProvider, id=providerid) impl = get_messaging(provider) if hasattr(impl, 'oauth_return'): @@ -45,7 +54,7 @@ def oauth_return(request, providerid): provider.id, )) else: - return HttpResponseRedirect('{}/events/admin/news/messagingproviders/{}/'.format( + return HttpResponseRedirect('{}/admin/news/messagingproviders/{}/'.format( settings.SITEBASE, provider.id, )) |