vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(oauth provider): parse cookies correctly (#11066)

Browse source
This commit is contained in:
Raffael Meyer 2020-07-29 17:48:39 +02:00 committed by GitHub
parent 219fbc8e88
commit 8d18fb4323
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
frappe/oauth.py
View file

@ -4,6 +4,7 @@ import pytz
from frappe import _
from frappe.auth import LoginManager
from http import cookies
from oauthlib.oauth2.rfc6749.tokens import BearerToken
from oauthlib.oauth2.rfc6749.grant_types import AuthorizationCodeGrant, ImplicitGrant, ResourceOwnerPasswordCredentialsGrant, ClientCredentialsGrant, RefreshTokenGrant
from oauthlib.oauth2 import RequestValidator
@ -130,15 +131,12 @@ class OAuthWebRequestValidator(RequestValidator):
oac.scopes = get_url_delimiter().join(request.scopes)
oac.redirect_uri_bound_to_authorization_code = request.redirect_uri
oac.client = client_id
oac.user = unquote(cookie_dict['user_id'])
oac.user = unquote(cookie_dict['user_id'].value)
oac.authorization_code = code['code']
oac.save(ignore_permissions=True)
frappe.db.commit()
def authenticate_client(self, request, *args, **kwargs):
cookie_dict = get_cookie_dict_from_headers(request)
#Get ClientID in URL
if request.client_id:
oc = frappe.get_doc("OAuth Client", request.client_id)
@ -155,7 +153,9 @@ class OAuthWebRequestValidator(RequestValidator):
except Exception as e:
print("Failed body authentication: Application %s does not exist".format(cid=request.client_id))
return frappe.session.user == unquote(cookie_dict.get('user_id', "Guest"))
cookie_dict = get_cookie_dict_from_headers(request)
user_id = unquote(cookie_dict['user_id']) if 'user_id' in cookie_dict else "Guest"
return frappe.session.user == user_id
def authenticate_client_id(self, client_id, request, *args, **kwargs):
cli_id = frappe.db.get_value('OAuth Client', client_id, 'name')
@ -400,13 +400,10 @@ class OAuthWebRequestValidator(RequestValidator):
return True
def get_cookie_dict_from_headers(r):
cookie = cookies.BaseCookie()
if r.headers.get('Cookie'):
cookie = r.headers.get('Cookie')
cookie = cookie.split("; ")
cookie_dict = {k:v for k,v in (x.split('=') for x in cookie)}
return cookie_dict
else:
return {}
cookie.load(r.headers.get('Cookie'))
return cookie
def calculate_at_hash(access_token, hash_alg):
"""Helper method for calculating an access token