PyPI - girder-oauth - Versions diffs - 3.2.2.dev4__tar.gz → 3.2.3__tar.gz - Mend

girder-oauth 3.2.2.dev4tar.gz → 3.2.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

{girder-oauth-3.2.2.dev4 → girder-oauth-3.2.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: girder-oauth
-Version: 3.2.2.dev4
+Version: 3.2.3
 Summary: Allow users to login via supported OAuth2 providers.
 Home-page: http://girder.readthedocs.io/en/latest/plugins.html#oauth-login
 Author: Kitware, Inc.

{girder-oauth-3.2.2.dev4 → girder-oauth-3.2.3}/girder_oauth/rest.py RENAMED Viewed

@@ -1,5 +1,6 @@
 import cherrypy
 import datetime
+from urllib.parse import urlparse, parse_qs, urlencode, urlunparse
 from girder import events
 from girder.constants import AccessType
@@ -134,10 +135,20 @@ class OAuth(Resource):
         if event.defaultPrevented:
             raise cherrypy.HTTPRedirect(redirect)
-        girderToken = self.sendAuthTokenCookie(user)
-        try:
-            redirect = redirect.format(girderToken=str(girderToken['_id']))
-        except KeyError:
-            pass  # in case there's another {} that's not handled by format
-        raise cherrypy.HTTPRedirect(redirect)
+        token = str(Token().createToken(user)['_id'])
+        # Set `girderToken` in the query params of the redirect URL
+        parsed = urlparse(redirect)
+        query_params = parse_qs(parsed.query)
+        query_params['girderToken'] = token
+        encoded_query_params = urlencode(query_params)
+        updated_redirect = urlunparse((
+            parsed.scheme,
+            parsed.netloc,
+            parsed.path,
+            parsed.params,
+            encoded_query_params,
+            parsed.fragment,
+        ))
+        raise cherrypy.HTTPRedirect(updated_redirect)

girder-oauth-3.2.3/girder_oauth/web_client/main.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { setCurrentToken } from '@girder/core/auth';
+import './routes';
+// Extends and overrides API
+import './views/LoginView';
+import './views/RegisterView';
+// If the current URL contains a `girderToken` query parameter, set the current token to its value
+const girderToken = new URLSearchParams(window.location.search).get('girderToken');
+if (girderToken) {
+    // This means we have been redirected from a successful OAuth login.
+    // Save the token, and delete the query parameter from the URL.
+    window.localStorage.setItem('girderToken', girderToken);
+    setCurrentToken(girderToken);
+    const queryParams = new URLSearchParams(window.location.search);
+    queryParams.delete('girderToken');
+    window.location.search = queryParams.toString();
+}

{girder-oauth-3.2.2.dev4 → girder-oauth-3.2.3}/girder_oauth.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: girder-oauth
-Version: 3.2.2.dev4
+Version: 3.2.3
 Summary: Allow users to login via supported OAuth2 providers.
 Home-page: http://girder.readthedocs.io/en/latest/plugins.html#oauth-login
 Author: Kitware, Inc.

{girder-oauth-3.2.2.dev4 → girder-oauth-3.2.3}/plugin_tests/oauth_test.py RENAMED Viewed

@@ -135,7 +135,7 @@ class OauthTest(base.TestCase):
             }
             return callbackParams
-        redirect = 'http://localhost/#foo/bar?token={girderToken}'
+        redirect = 'http://localhost/#foo/bar'
         class EventHandler:
             def __init__(self):
@@ -167,7 +167,7 @@ class OauthTest(base.TestCase):
             resp = self.request(
                 '/oauth/%s/callback' % providerInfo['id'], params=params, isJson=False)
             self.assertStatus(resp, 303)
-            self.assertTrue('girderToken' not in resp.cookie)
+            self.assertTrue('girderToken' not in resp.headers['Location'])
             self.assertEqual(event_handler.state, 'been in "before"')
         params = _getCallbackParams(providerInfo, redirect)
@@ -183,51 +183,9 @@ class OauthTest(base.TestCase):
             resp = self.request(
                 '/oauth/%s/callback' % providerInfo['id'], params=params, isJson=False)
             self.assertStatus(resp, 303)
-            self.assertTrue('girderToken' not in resp.cookie)
+            self.assertTrue('girderToken' not in resp.headers['Location'])
             self.assertEqual(event_handler.state, 'been in "after"')
-    def _testOauthTokenAsParam(self, providerInfo):
-        self.accountType = 'existing'
-        def _getCallbackParams(providerInfo, redirect):
-            resp = self.request('/oauth/provider', params={
-                'redirect': redirect,
-                'list': True
-            })
-            self.assertStatusOk(resp)
-            providerResp = resp.json[0]
-            resp = requests.get(providerResp['url'], allow_redirects=False)
-            self.assertEqual(resp.status_code, 302)
-            callbackLoc = urllib.parse.urlparse(resp.headers['location'])
-            self.assertEqual(
-                callbackLoc.path, r'/api/v1/oauth/%s/callback' % providerInfo['id'])
-            callbackLocQuery = urllib.parse.parse_qs(callbackLoc.query)
-            self.assertNotHasKeys(callbackLocQuery, ('error',))
-            callbackParams = {
-                key: val[0] for key, val in callbackLocQuery.items()
-            }
-            return callbackParams
-        redirect = 'http://localhost/#foo/bar?token={girderToken}'
-        params = _getCallbackParams(providerInfo, redirect)
-        resp = self.request(
-            '/oauth/%s/callback' % providerInfo['id'], params=params, isJson=False)
-        self.assertStatus(resp, 303)
-        self.assertTrue('girderToken' in resp.cookie)
-        self.assertEqual(
-            resp.headers['Location'],
-            redirect.format(girderToken=resp.cookie['girderToken'].value))
-        redirect = 'http://localhost/#foo/bar?token={foobar}'
-        params = _getCallbackParams(providerInfo, redirect)
-        resp = self.request(
-            '/oauth/%s/callback' % providerInfo['id'], params=params, isJson=False)
-        self.assertStatus(resp, 303)
-        self.assertTrue('girderToken' in resp.cookie)
-        self.assertEqual(resp.headers['Location'], redirect)
     def _testOauth(self, providerInfo):
         # Close registration to start off, and simulate a new user
         self._testSettings(providerInfo)
@@ -349,10 +307,11 @@ class OauthTest(base.TestCase):
             resp = self.request(
                 '/oauth/%s/callback' % providerInfo['id'], params=params, isJson=False)
             self.assertStatus(resp, 303)
-            self.assertEqual(resp.headers['Location'], 'http://localhost/#foo/bar')
-            self.assertTrue('girderToken' in resp.cookie)
+            expr = re.compile(r'^http://localhost/\?girderToken=(\w+)#foo/bar$')
+            self.assertRegex(resp.headers['Location'], expr)
-            resp = self.request('/user/me', token=resp.cookie['girderToken'].value)
+            girderToken = expr.match(resp.headers['Location']).group(1)
+            resp = self.request('/user/me', token=girderToken)
             user = resp.json
             self.assertStatusOk(resp)
             self.assertEqual(
@@ -1001,7 +960,6 @@ class OauthTest(base.TestCase):
             self.mockOtherRequest
         ):
             self._testOauth(providerInfo)
-            self._testOauthTokenAsParam(providerInfo)
             self._testOauthEventHandling(providerInfo)
     def testLinkedinOauth(self):  # noqa