Skip to content

Django 1.7 compatibility and SchemedHttpResponseRedirect #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
zopieux wants to merge 12 commits into from
Closed

Django 1.7 compatibility and SchemedHttpResponseRedirect #186

zopieux wants to merge 12 commits into from

Conversation

@zopieux
Copy link
Contributor

@zopieux zopieux commented Jan 13, 2015

This PR fixes two things:

  • With Django 1.7 it becomes impossible to have root-level functions that return a model class, as they're not yet loaded. Thus, the code below will fail. As a temporary workaround, I used monkey-patching within the application registry to make it work. This is quite hacky but I don't see any other way. See: get_application_model incompatible with Django 1.7 #151
class MyForm(ModelForm):
  class Meta:
    model = some_func()
  • HttpResponseRedirect has a very restrictive list of allowed schemes (http, https, ftp) and fails with HTTP 400 for everything else. This prevents mobile (eg. Android) OAuth applications to use custom handlers eg. my-app-callback://oauth/. This PR adds a SchemedHttpResponseRedirect that allows all the schemes extracted from redirect_uris. As such, it remains safe.

The code has been live-tested but there are no unit tests yet.

Feel free to make comments I you want me to change things.

zopieux and others added 12 commits January 13, 2015 17:03
@zopieux
Added Django >=1.7 AppConfig and updated get_application_model()
205d3be 
accordingly
@zopieux
Trying to use monkey-patching for get_application_model()
7640255
@zopieux
Fixed Application monkey-patching in oauth2_validators
7f8c599
@zopieux
Added Application.redirect_uri_schemes
ae5591c 
List of the schemes used by the Application `redirect_uris`
@zopieux
Using CustomSchemesHttpResponseRedirect
ce2d282 
HttpResponseRedirect is very restrictive on the "safe" schemes: HTTP, HTTPS, FTP. As such, it does not allow redirections to custom schemes such as mobile callback handlers eg. `my-app://oauth/callback/`
It was replaced with CustomSchemesHttpResponseRedirect that takes a list of allowed schemes.
@zopieux
Moved CustomSchemesHttpResponseRedirect in views/util.py
8e220ba
@zopieux
Refactored SchemedHttpResponseRedirect
6832ba0
@zopieux
Fixed http.response import
e159263
@zopieux
Forgot redirect_to argument
9f61225
@zopieux
Fixed wrong super() class
ba29644
@zopieux
Added the SchemedHttpResponseRedirect trick to form_valid()
df5e147
@zopieux
Sanitazied the monkey-patching with FIXMEs and moved get_model to compat
bec4875
@zopieux
Copy link
Contributor Author

zopieux commented Jan 13, 2015

Do not merge! The monkey patching is completely broken for tests. I'll update this PR ASAP to address the issue.

Well, I did not notice there were two other PR and one issue for the "redirect" issue.

@zopieux
Copy link
Contributor Author

zopieux commented Jan 13, 2015

Okay let's do this the proper way.

@zopieux zopieux closed this Jan 13, 2015
@firm1 firm1 mentioned this pull request Feb 9, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zopieux