X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/2633e1ad9f69bd056dd75e3af8ccf58104272585..40377c9b3b045814857e1190047ef83334c1131f:/src/api/piston_patch.py

diff --git a/src/api/piston_patch.py b/src/api/piston_patch.py
index 3c7e50f4f..6a80e15cd 100644
--- a/src/api/piston_patch.py
+++ b/src/api/piston_patch.py
@@ -2,10 +2,10 @@
 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
 # Copyright Â© Fundacja Nowoczesna Polska. See NOTICE for more information.
 #
-from oauthlib.oauth1 import AuthorizationEndpoint
+from oauthlib.oauth1 import AuthorizationEndpoint, OAuth1Error
 from django.contrib.auth.decorators import login_required
 from django import forms
-from django.http import HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import render
 from .request_validator import PistonRequestValidator
 from .utils import oauthlib_request, oauthlib_response
@@ -21,15 +21,26 @@ class OAuthAuthenticationForm(forms.Form):
     # removed authorize_access - redundant
 
 
+class OAuth1AuthorizationEndpoint(AuthorizationEndpoint):
+    def create_verifier(self, request, credentials):
+        verifier = super(OAuth1AuthorizationEndpoint, self).create_verifier(request, credentials)
+        return {
+            'oauth_token': verifier['oauth_token'],
+        }
+
+
 @login_required
 def oauth_user_auth(request):
-    endpoint = AuthorizationEndpoint(PistonRequestValidator())
+    endpoint = OAuth1AuthorizationEndpoint(PistonRequestValidator())
 
     if request.method == "GET":
         # Why not just get oauth_token here?
         # This is fairly straightforward, in't?
-        realms, credentials = endpoint.get_realms_and_credentials(
-            **oauthlib_request(request))
+        try:
+            realms, credentials = endpoint.get_realms_and_credentials(
+                **oauthlib_request(request))
+        except OAuth1Error as e:
+            return HttpResponse(e.message, status=400)
         callback = request.GET.get('oauth_callback')
 
         form = OAuthAuthenticationForm(initial={
@@ -40,11 +51,14 @@ def oauth_user_auth(request):
         return render(request, 'piston/authorize_token.html', {'form': form})
 
     elif request.method == "POST":
-        response = oauthlib_response(
-            endpoint.create_authorization_response(
-                credentials={"user": request.user},
-                **oauthlib_request(request)
+        try:
+            response = oauthlib_response(
+                endpoint.create_authorization_response(
+                    credentials={"user": request.user},
+                    **oauthlib_request(request)
+                )
             )
-        )
-
-        return response
+        except OAuth1Error as e:
+            return HttpResponse(e.message, status=400)
+        else:
+            return response