From 6cb425baaed8d36afae49f091ac2cba8bf047d06 Mon Sep 17 00:00:00 2001 From: Ankush Menat Date: Sat, 2 Dec 2023 20:02:24 +0530 Subject: [PATCH] Revert "refactor: OAuth flow without breaking routing convention" This reverts commit e96ecab00e17ef4aeee5efdb1bc3c23791fe9da0. --- .../doctype/connected_app/connected_app.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/frappe/integrations/doctype/connected_app/connected_app.py b/frappe/integrations/doctype/connected_app/connected_app.py index d6b173d040..d571b2ba00 100644 --- a/frappe/integrations/doctype/connected_app/connected_app.py +++ b/frappe/integrations/doctype/connected_app/connected_app.py @@ -48,8 +48,7 @@ class ConnectedApp(Document): def validate(self): base_url = frappe.utils.get_url() callback_path = ( - "/api/method/frappe.integrations.doctype.connected_app.connected_app.callback" - + f"?app={self.name}" + "/api/method/frappe.integrations.doctype.connected_app.connected_app.callback/" + self.name ) self.redirect_uri = urljoin(base_url, callback_path) @@ -149,7 +148,7 @@ class ConnectedApp(Document): @frappe.whitelist(methods=["GET"], allow_guest=True) -def callback(code=None, state=None, app=None): +def callback(code=None, state=None): """Handle client's code. Called during the oauthorization flow by the remote oAuth2 server to @@ -162,7 +161,11 @@ def callback(code=None, state=None, app=None): frappe.local.response["location"] = "/login?" + urlencode({"redirect-to": frappe.request.url}) return - connected_app = frappe.get_doc("Connected App", app) + path = frappe.request.path[1:].split("/") + if len(path) != 4 or not path[3]: + frappe.throw(_("Invalid Parameters.")) + + connected_app = frappe.get_doc("Connected App", path[3]) token_cache = frappe.get_doc("Token Cache", connected_app.name + "-" + frappe.session.user) if state != token_cache.state: