Fix callback handling
This commit is contained in:
parent
7aa1c33c4b
commit
89b111d40c
|
@ -5,6 +5,7 @@ import typing
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
|
import itsdangerous
|
||||||
import werkzeug
|
import werkzeug
|
||||||
from itsdangerous.url_safe import URLSafeTimedSerializer
|
from itsdangerous.url_safe import URLSafeTimedSerializer
|
||||||
|
|
||||||
|
@ -29,7 +30,7 @@ def verify_secure_token(token: str, salt: str, max_age: int) -> str | None:
|
||||||
serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
|
serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
|
||||||
try:
|
try:
|
||||||
data = serializer.loads(token, salt=salt, max_age=max_age)
|
data = serializer.loads(token, salt=salt, max_age=max_age)
|
||||||
except Exception:
|
except itsdangerous.exc.BadTimeSignature:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
assert isinstance(data, str)
|
assert isinstance(data, str)
|
||||||
|
@ -53,6 +54,9 @@ def require_authentication() -> werkzeug.Response | None:
|
||||||
if not flask.current_app.config.get("REQUIRE_AUTH"):
|
if not flask.current_app.config.get("REQUIRE_AUTH"):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
if flask.request.endpoint == "auth_callback":
|
||||||
|
return None
|
||||||
|
|
||||||
token = flask.request.cookies.get("auth_token")
|
token = flask.request.cookies.get("auth_token")
|
||||||
if token and verify_auth_token(token):
|
if token and verify_auth_token(token):
|
||||||
return None
|
return None
|
||||||
|
@ -77,9 +81,11 @@ def auth_callback() -> tuple[str, int] | werkzeug.Response:
|
||||||
] # The original token passed to UniAuth
|
] # The original token passed to UniAuth
|
||||||
expire_date = datetime.now() + timedelta(days=180)
|
expire_date = datetime.now() + timedelta(days=180)
|
||||||
|
|
||||||
original_url = verify_secure_token(token, salt="secure-redirect", max_age=600)
|
token_payload = verify_secure_token(token, salt="secure-redirect", max_age=600)
|
||||||
if not original_url:
|
if not token_payload:
|
||||||
return "Invalid or expired token", 400
|
return "Invalid or expired token", 400
|
||||||
|
original_url = json.loads(token_payload)["original_url"]
|
||||||
|
|
||||||
# Proceed with setting the auth_token cookie and redirecting to the original_url
|
# Proceed with setting the auth_token cookie and redirecting to the original_url
|
||||||
# This is where you set the auth_token received from UniAuth in the client's cookies
|
# This is where you set the auth_token received from UniAuth in the client's cookies
|
||||||
response = flask.make_response(flask.redirect(original_url))
|
response = flask.make_response(flask.redirect(original_url))
|
||||||
|
|
Loading…
Reference in a new issue