From 23228610daf520042ca897363389b18e430c7083 Mon Sep 17 00:00:00 2001 From: inji-hanbin Date: Sun, 11 Sep 2022 18:04:40 +0800 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20=E5=8E=BB=E6=8E=89cs?= =?UTF-8?q?rftoken=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2_provider/views/base.py | 1 + 1 file changed, 1 insertion(+) diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py index 48fb8ea16..4545dddab 100644 --- a/oauth2_provider/views/base.py +++ b/oauth2_provider/views/base.py @@ -352,6 +352,7 @@ def form_valid(self, form): log.debug("Success url for the request: {0}".format(self.success_url)) return self.redirect(self.success_url, application) + @csrf_exempt def post(self, request, *args, **kwargs): if 'credentials' in request.session and request.session['credentials']: credentials = request.session.get("credentials") From 97285a1645880e13a269de2c8a00af97d4d607dc Mon Sep 17 00:00:00 2001 From: inji-hanbin Date: Sun, 11 Sep 2022 18:40:48 +0800 Subject: [PATCH 2/2] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E6=9B=BF=E6=8D=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- arkid/core/extension/app_protocol.py | 3 +++ oauth2_provider/views/base.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arkid/core/extension/app_protocol.py b/arkid/core/extension/app_protocol.py index d899120b2..da6aadc72 100644 --- a/arkid/core/extension/app_protocol.py +++ b/arkid/core/extension/app_protocol.py @@ -7,6 +7,8 @@ from arkid.core.extension import Extension from arkid.core.translation import gettext_default as _ from arkid.core import api as core_api, event as core_event +from django.utils.decorators import method_decorator +from django.views.decorators.csrf import csrf_exempt import urllib.parse @@ -90,6 +92,7 @@ def register_enter_view(self, view:View, path:str, url_name:str, type:list, tena response: 函数执行结果 ''' # 入口函数 + @method_decorator(csrf_exempt, name="dispatch") class EnterView(View): def get(self, request, **kwargs): diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py index 4545dddab..52bf3e62a 100644 --- a/oauth2_provider/views/base.py +++ b/oauth2_provider/views/base.py @@ -352,7 +352,6 @@ def form_valid(self, form): log.debug("Success url for the request: {0}".format(self.success_url)) return self.redirect(self.success_url, application) - @csrf_exempt def post(self, request, *args, **kwargs): if 'credentials' in request.session and request.session['credentials']: credentials = request.session.get("credentials") @@ -376,6 +375,7 @@ def post(self, request, *args, **kwargs): else: return super().post(request, *args, **kwargs) + def get(self, request, *args, **kwargs): try: scopes, credentials = self.validate_authorization_request(request)