need to clean up some problems with DOMAIN/redirect_uri/hd

duncanmorris · Jun 20, 2014 · 79a608a · 79a608a
1 parent f854454
commit 79a608a
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 20 deletions.
diff --git a/README.rst b/README.rst
@@ -9,13 +9,14 @@ Settings
 
 The following settings should be placed in *settings.py*.
 
-===========================  ==============================================================
+===========================  ================================================================
 Setting                      Value
-===========================  ==============================================================
+===========================  ================================================================
+GOOGLEAUTH_SECURE            callback URL is HTTPS (your side, not Google), default True
 GOOGLEAUTH_CLIENT_ID         client ID from the Google Developer Console
 GOOGLEAUTH_CLIENT_SECRET     client secret from the Google Developer Console
 GOOGLEAUTH_IS_STAFF          sets value of user.is_staff for new users, default False
 GOOGLEAUTH_GROUPS            list of default group names to assign to new users
 GOOGLEAUTH_DOMAIN            the app's domain, used to construct callback URLs
 GOOGLEAUTH_DOMAIN_ONLY       True if only emails from the domain are allowed, default False
-===========================  ==============================================================
+===========================  ================================================================
diff --git a/googleauth/util.py b/googleauth/util.py
diff --git a/googleauth/views.py b/googleauth/views.py
@@ -7,8 +7,6 @@
 from django.contrib.auth.views import logout as django_logout
 from django.http import HttpResponse, HttpResponseRedirect
 
-from .util import generate_csrf_token, generate_redirect_uri
-
 GOOGLE_AUTH_ENDPOINT = 'https://accounts.google.com/o/oauth2/auth'
 GOOGLE_TOKEN_ENDPOINT = 'https://accounts.google.com/o/oauth2/token'
 GOOGLE_USERINFO_ENDPOINT = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect'
@@ -17,7 +15,35 @@
 CLIENT_SECRET = getattr(settings, 'GOOGLEAUTH_CLIENT_SECRET', None)
 DOMAIN = getattr(settings, 'GOOGLEAUTH_DOMAIN', None)
 DOMAIN_ONLY = getattr(settings, 'GOOGLEAUTH_DOMAIN_ONLY', False)
+SECURE = getattr(settings, 'GOOGLEAUTH_SECURE', True)
+
+
+import random
+from django.conf import settings
+from django.core.urlresolvers import reverse
+
+CSRF_CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+
+
+#
+# utility methods
+#
+
+def generate_csrf_token():
+    return ''.join(random.choice(CSRF_CHARACTERS) for x in xrange(32))
+
+
+def generate_redirect_uri():
+    scheme = 'https' if SECURE else 'http'
+    domain = DOMAIN
+    path = reverse('googleauth_callback')
+    return '%s://%s%s' % (scheme, domain, path)
+
+
 
+#
+# the views
+#
 
 def login(request):