Browse Source

[openid_connect] Fix CORS c.d.

v12_initial_fix
Maciej Wawro 6 years ago
parent
commit
b3b26ad44d
  1. 23
      galicea_openid_connect/api.py
  2. 20
      galicea_openid_connect/controllers/main.py

23
galicea_openid_connect/api.py

@ -20,9 +20,20 @@ def resource(path, method, auth='user'):
assert auth in ['user', 'client'] assert auth in ['user', 'client']
def endpoint_decorator(func): def endpoint_decorator(func):
@http.route(path, auth='public', type='http', methods=[method, 'OPTIONS'], csrf=False, cors='*')
@http.route(path, auth='public', type='http', methods=[method, 'OPTIONS'], csrf=False)
@wraps(func) @wraps(func)
def func_wrapper(self, req, **query): def func_wrapper(self, req, **query):
cors_headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode, Authorization',
'Access-Control-Max-Age': 60 * 60 * 24,
}
if req.httprequest.method == 'OPTIONS':
return http.Response(
status=200,
headers=cors_headers
)
try: try:
access_token = None access_token = None
if 'Authorization' in req.httprequest.headers: if 'Authorization' in req.httprequest.headers:
@ -62,11 +73,16 @@ def resource(path, method, auth='user'):
req.context = ctx req.context = ctx
response = func(self, req, **query) response = func(self, req, **query)
return json.dumps(response)
return werkzeug.Response(
response=json.dumps(response),
headers=cors_headers,
status=200
)
except ApiException as e: except ApiException as e:
return werkzeug.Response( return werkzeug.Response(
response=json.dumps({'error': e.code, 'error_message': e.message}), response=json.dumps({'error': e.code, 'error_message': e.message}),
status=400, status=400,
headers=cors_headers
) )
except: except:
_logger.exception('Unexpected exception while processing API request') _logger.exception('Unexpected exception while processing API request')
@ -75,7 +91,8 @@ def resource(path, method, auth='user'):
'error': 'server_error', 'error': 'server_error',
'error_message': 'Unexpected server error', 'error_message': 'Unexpected server error',
}), }),
status=500,
headers=cors_headers,
status=500
) )
return func_wrapper return func_wrapper

20
galicea_openid_connect/controllers/main.py

@ -246,8 +246,19 @@ class Main(http.Controller):
return self.__redirect(redirect_uri, response_params, response_mode) return self.__redirect(redirect_uri, response_params, response_mode)
@http.route('/oauth/token', auth='public', type='http', methods=['POST', 'OPTIONS'], csrf=False, cors='*')
@http.route('/oauth/token', auth='public', type='http', methods=['POST', 'OPTIONS'], csrf=False)
def token(self, req, **query): def token(self, req, **query):
cors_headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode, Authorization',
'Access-Control-Max-Age': 60 * 60 * 24,
}
if req.httprequest.method == 'OPTIONS':
return http.Response(
status=200,
headers=cors_headers
)
try: try:
if 'grant_type' not in query: if 'grant_type' not in query:
raise OAuthException( raise OAuthException(
@ -259,7 +270,10 @@ class Main(http.Controller):
elif query['grant_type'] == 'client_credentials': elif query['grant_type'] == 'client_credentials':
return json.dumps(self.__handle_grant_type_client_credentials(req, **query)) return json.dumps(self.__handle_grant_type_client_credentials(req, **query))
elif query['grant_type'] == 'password': elif query['grant_type'] == 'password':
return json.dumps(self.__handle_grant_type_password(req, **query))
return werkzeug.Response(
response=json.dumps(self.__handle_grant_type_password(req, **query)),
headers=cors_headers
)
else: else:
raise OAuthException( raise OAuthException(
'Unsupported grant_type param: \'{}\''.format(query['grant_type']), 'Unsupported grant_type param: \'{}\''.format(query['grant_type']),
@ -267,7 +281,7 @@ class Main(http.Controller):
) )
except OAuthException as e: except OAuthException as e:
body = json.dumps({'error': e.type, 'error_description': e.message}) body = json.dumps({'error': e.type, 'error_description': e.message})
return werkzeug.Response(response=body, status=400)
return werkzeug.Response(response=body, status=400, headers=cors_headers)
def __handle_grant_type_authorization_code(self, req, **query): def __handle_grant_type_authorization_code(self, req, **query):
client = self.__validate_client(req, **query) client = self.__validate_client(req, **query)

Loading…
Cancel
Save