simple-login/app
1
1
Fork 0
mirror of https://github.com/simple-login/app.git synced 2025-02-25 00:03:03 +08:00
Code Issues Projects Releases Packages Wiki Activity

Only allow authenticated and enabled users to accept a OAuth post request

Browse source
This commit is contained in:
Adrià Casajús 2022-02-17 17:23:38 +01:00
parent be161d0778
commit 3e983e3557
No known key found for this signature in database
GPG key ID: F0033226A5AFC9B9
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/oauth/views/authorize.py
View file

@ -1,7 +1,7 @@
from typing import Dict
from urllib.parse import urlparse
from flask import request, render_template, redirect, flash
from flask import request, render_template, redirect, flash, url_for
from flask_login import current_user
from itsdangerous import SignatureExpired
@ -144,6 +144,12 @@ def authorize():
Scope=Scope,
)
else: # POST - user allows or denies
if not current_user.is_authenticated or not current_user.is_enabled:
LOG.i(
"Attempt to validate a OAUth allow request by an unauthenticated user"
)
return redirect(url_for("auth.login", next=request.url))
if request.form.get("button") == "deny":
LOG.d("User %s denies Client %s", current_user, client)
final_redirect_uri = f"{redirect_uri}?error=deny&state={state}"