Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/djm/django-social-auth in…
Browse files Browse the repository at this point in the history 
…to djm-master
  • Loading branch information
@omab
omab committed Mar 6, 2011
2 parents 0c2d347 + 32a67fa commit a0f9d29
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 15 deletions.
18 changes: 18 additions & 0 deletions social_auth/utils.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
import urlparse

def sanitize_redirect(host, redirect_to):
"""
Given the hostname and an untrusted URL to redirect to,
this method tests it to make sure it isn't garbage/harmful
and returns it, else returns None.
See http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/views.py#L36
"""
# Quick sanity check.
if not redirect_to:
return None
netloc = urlparse.urlparse(redirect_to)[1]
# Heavier security check -- don't allow redirection to a different host.
if netloc and netloc != host:
return None
return redirect_to
30 changes: 15 additions & 15 deletions social_auth/views.py
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,23 @@
"""Views"""
from django.conf import settings
from django.http import HttpResponseRedirect, HttpResponse, \
HttpResponseServerError
from django.http import HttpResponseRedirect, HttpResponse, HttpResponseServerError
from django.core.urlresolvers import reverse
from django.db import transaction
from django.contrib.auth import login, REDIRECT_FIELD_NAME
from django.contrib.auth.decorators import login_required

from social_auth.backends import get_backend
from social_auth.utils import sanitize_redirect


DEFAULT_REDIRECT = getattr(settings, 'LOGIN_REDIRECT_URL', '')


def auth(request, backend):
"""Start authentication process"""
complete_url = getattr(settings, 'SOCIAL_AUTH_COMPLETE_URL_NAME',
'complete')
redirect = getattr(settings, 'LOGIN_REDIRECT_URL', '')
return auth_process(request, backend, complete_url, redirect)
return auth_process(request, backend, complete_url)


@transaction.commit_on_success
Expand Down Expand Up @@ -47,8 +49,7 @@ def complete_process(request, backend):
social_user = user.social_auth.get(provider=backend_name)
if social_user.expiration_delta():
request.session.set_expiry(social_user.expiration_delta())
url = request.session.pop(REDIRECT_FIELD_NAME, '') or \
getattr(settings, 'LOGIN_REDIRECT_URL', '')
url = request.session.pop(REDIRECT_FIELD_NAME, '') or DEFAULT_REDIRECT
else:
url = getattr(settings, 'LOGIN_ERROR_URL', settings.LOGIN_URL)
return HttpResponseRedirect(url)
Expand All @@ -59,8 +60,7 @@ def associate(request, backend):
"""Authentication starting process"""
complete_url = getattr(settings, 'SOCIAL_AUTH_ASSOCIATE_URL_NAME',
'associate_complete')
redirect = getattr(settings, 'LOGIN_REDIRECT_URL', '')
return auth_process(request, backend, complete_url, redirect)
return auth_process(request, backend, complete_url)


@login_required
Expand All @@ -70,8 +70,7 @@ def associate_complete(request, backend):
if not backend:
return HttpResponseServerError('Incorrect authentication service')
backend.auth_complete(user=request.user)
url = request.session.pop(REDIRECT_FIELD_NAME, '') or \
getattr(settings, 'LOGIN_REDIRECT_URL', '')
url = request.session.pop(REDIRECT_FIELD_NAME, '') or DEFAULT_REDIRECT
return HttpResponseRedirect(url)


Expand All @@ -82,20 +81,21 @@ def disconnect(request, backend):
if not backend:
return HttpResponseServerError('Incorrect authentication service')
backend.disconnect(request.user)
url = request.REQUEST.get(REDIRECT_FIELD_NAME, '') or \
getattr(settings, 'LOGIN_REDIRECT_URL', '')
url = request.REQUEST.get(REDIRECT_FIELD_NAME, '') or DEFAULT_REDIRECT
return HttpResponseRedirect(url)


def auth_process(request, backend, complete_url_name, default_final_url):
def auth_process(request, backend, complete_url_name,
default_redirect=DEFAULT_REDIRECT):
"""Authenticate using social backend"""
redirect = reverse(complete_url_name, args=(backend,))
backend = get_backend(backend, request, redirect)
if not backend:
return HttpResponseServerError('Incorrect authentication service')
data = request.REQUEST
request.session[REDIRECT_FIELD_NAME] = data.get(REDIRECT_FIELD_NAME,
default_final_url)
# Check and sanitize a user-defined GET/POST redirect_to field value.
redirect = sanitize_redirect(request.get_host(), data.get(REDIRECT_FIELD_NAME))
request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT
if backend.uses_redirect:
return HttpResponseRedirect(backend.auth_url())
else:
Expand Down

0 comments on commit a0f9d29

Please sign in to comment.