From b3b26ad44ddb440679efa4e3cd1ac45a0d460395 Mon Sep 17 00:00:00 2001 From: Maciej Wawro <36930951+maciekwawro@users.noreply.github.com> Date: Mon, 11 Mar 2019 22:04:55 +0100 Subject: [PATCH] [openid_connect] Fix CORS c.d. --- galicea_openid_connect/api.py | 23 +++++++++++++++++++--- galicea_openid_connect/controllers/main.py | 20 ++++++++++++++++--- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/galicea_openid_connect/api.py b/galicea_openid_connect/api.py index 633d5d9..bf19be2 100644 --- a/galicea_openid_connect/api.py +++ b/galicea_openid_connect/api.py @@ -20,9 +20,20 @@ def resource(path, method, auth='user'): assert auth in ['user', 'client'] def endpoint_decorator(func): - @http.route(path, auth='public', type='http', methods=[method, 'OPTIONS'], csrf=False, cors='*') + @http.route(path, auth='public', type='http', methods=[method, 'OPTIONS'], csrf=False) @wraps(func) def func_wrapper(self, req, **query): + cors_headers = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode, Authorization', + 'Access-Control-Max-Age': 60 * 60 * 24, + } + if req.httprequest.method == 'OPTIONS': + return http.Response( + status=200, + headers=cors_headers + ) + try: access_token = None if 'Authorization' in req.httprequest.headers: @@ -62,11 +73,16 @@ def resource(path, method, auth='user'): req.context = ctx response = func(self, req, **query) - return json.dumps(response) + return werkzeug.Response( + response=json.dumps(response), + headers=cors_headers, + status=200 + ) except ApiException as e: return werkzeug.Response( response=json.dumps({'error': e.code, 'error_message': e.message}), status=400, + headers=cors_headers ) except: _logger.exception('Unexpected exception while processing API request') @@ -75,7 +91,8 @@ def resource(path, method, auth='user'): 'error': 'server_error', 'error_message': 'Unexpected server error', }), - status=500, + headers=cors_headers, + status=500 ) return func_wrapper diff --git a/galicea_openid_connect/controllers/main.py b/galicea_openid_connect/controllers/main.py index be21622..2fafaf2 100644 --- a/galicea_openid_connect/controllers/main.py +++ b/galicea_openid_connect/controllers/main.py @@ -246,8 +246,19 @@ class Main(http.Controller): return self.__redirect(redirect_uri, response_params, response_mode) - @http.route('/oauth/token', auth='public', type='http', methods=['POST', 'OPTIONS'], csrf=False, cors='*') + @http.route('/oauth/token', auth='public', type='http', methods=['POST', 'OPTIONS'], csrf=False) def token(self, req, **query): + cors_headers = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode, Authorization', + 'Access-Control-Max-Age': 60 * 60 * 24, + } + if req.httprequest.method == 'OPTIONS': + return http.Response( + status=200, + headers=cors_headers + ) + try: if 'grant_type' not in query: raise OAuthException( @@ -259,7 +270,10 @@ class Main(http.Controller): elif query['grant_type'] == 'client_credentials': return json.dumps(self.__handle_grant_type_client_credentials(req, **query)) elif query['grant_type'] == 'password': - return json.dumps(self.__handle_grant_type_password(req, **query)) + return werkzeug.Response( + response=json.dumps(self.__handle_grant_type_password(req, **query)), + headers=cors_headers + ) else: raise OAuthException( 'Unsupported grant_type param: \'{}\''.format(query['grant_type']), @@ -267,7 +281,7 @@ class Main(http.Controller): ) except OAuthException as e: body = json.dumps({'error': e.type, 'error_description': e.message}) - return werkzeug.Response(response=body, status=400) + return werkzeug.Response(response=body, status=400, headers=cors_headers) def __handle_grant_type_authorization_code(self, req, **query): client = self.__validate_client(req, **query)