- Notifications
You must be signed in to change notification settings - Fork823
Add AuthorizationViewMixin to simplify overriding the AuthorizationView#1306
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:master
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
codecovbot commentedAug 12, 2023 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Codecov Report
@@ Coverage Diff @@## master #1306 +/- ##======================================= Coverage 97.37% 97.38% ======================================= Files 32 32 Lines 2022 2028 +6 =======================================+ Hits 1969 1975 +6 Misses 53 53
📣 We’re building smart automated test selection to slash your CI/CD build times.Learn more |
…ango-oauth-toolkit into issue-1305-json-auth-endpoint
…ango-oauth-toolkit into issue-1305-json-auth-endpoint
| elifrequire_approval=="auto": | ||
| tokens= ( | ||
| get_access_token_model() | ||
| .objects.filter( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
you could potentially avoid iteration by filtering by your desired scopes (assuming thescopes var here is the required scopes of the view)
| .objects.filter( | |
| scopes_filter= {'scopes__icontains':scopeforscopeinscopes } | |
| .objects.filter( | |
| user=request.user, | |
| application=kwargs["application"], | |
| expires__gt=timezone.now(), | |
| **scopes_filter | |
| ).first() |
dopry commentedOct 9, 2024
@jhnbyrn can you rebase this.. i'm open to using a mixin here if it enables you use case and doesn't break existing functionality. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR refactors theAuthorizationView.get() method by extracting its core authorization logic into a newAuthorizationMixin.get_context() method, enabling code reuse across multiple authorization views.
- Introduces
AuthorizationMixinclass withget_context()method containing the extracted authorization logic - Simplifies
AuthorizationView.get()to callget_context()and handle the response type - Removes a blank line in
form_valid()method
💡Add Copilot custom instructions for smarter, more guided reviews.Learn how to get started.
| classAuthorizationView(BaseAuthorizationView,FormView): | ||
| classAuthorizationMixin: | ||
| defget_context(self,request,*args,**kwargs): |
CopilotAINov 3, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Theget_context method lacks a docstring. This method performs complex authorization logic and has multiple return types (dict or HttpResponse). Add a docstring explaining its purpose, parameters, return values (including the dual return type behavior), and any exceptions that may be raised.
| defget_context(self,request,*args,**kwargs): | |
| defget_context(self,request,*args,**kwargs): | |
| """ | |
| ProcesstheOAuth2authorizationrequestandbuildthecontextfortheauthorizationview. | |
| Thismethodperformscomplexauthorizationlogic,includingvalidatingtheauthorizationrequest, | |
| handlingspecialpromptparameters,checkingforprioruserconsent,andpreparingcontextdata | |
| fortheauthorizationform. | |
| Parameters: | |
| request (HttpRequest):ThecurrentHTTPrequestobject. | |
| *args:Additionalpositionalarguments. | |
| **kwargs:Additionalkeywordargumentsusedtobuildthecontext. | |
| Returns: | |
| dict:Acontextdictionarycontainingauthorizationdataforrenderingtheauthorizationform, | |
| ifuserconsentisrequired. | |
| HttpResponse:AnHTTPresponse (suchasaredirectorerrorresponse)iftheauthorization | |
| requestisinvalid,orifuserconsentcanbeskipped. | |
| SideEffects: | |
| Setsself.oauth2_datatothecontextdictionaryifconsentisrequired. | |
| Exceptions: | |
| OAuthToolkitError:Raisediftheauthorizationrequestisinvalid.Inthiscase,anerror | |
| responseisreturned. | |
| """ |
| context=self.get_context(request,*args,**kwargs) | ||
| ifisinstance(context,dict): | ||
| form=self.get_form(self.get_form_class()) | ||
| context["form"]=form | ||
| returnself.render_to_response(self.get_context_data(**context)) | ||
| else: | ||
| returncontext |
CopilotAINov 3, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[nitpick] The dual return type pattern (dict vs HttpResponse) fromget_context() creates implicit behavior that's difficult to follow. Consider using a more explicit pattern, such as a tuple(should_render, data) or separate methods for validation vs. context preparation to make the control flow clearer.
| context=self.get_context(request,*args,**kwargs) | |
| ifisinstance(context,dict): | |
| form=self.get_form(self.get_form_class()) | |
| context["form"]=form | |
| returnself.render_to_response(self.get_context_data(**context)) | |
| else: | |
| returncontext | |
| should_render,data=self.get_context(request,*args,**kwargs) | |
| ifshould_render: | |
| form=self.get_form(self.get_form_class()) | |
| data["form"]=form | |
| returnself.render_to_response(self.get_context_data(**data)) | |
| else: | |
| returndata |
| try: | ||
| # If skip_authorization field is True, skip the authorization screen even | ||
| # if this is the first use of the application and there was no previous authorization. | ||
| # This is useful for in-house applications-> assume an in-house applications |
CopilotAINov 3, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Grammar error: 'an in-house applications' should be 'in-house applications' (remove 'an'). Also, there's a missing space after the arrow: 'applications->' should be 'applications ->'.
| # This is useful for in-house applications-> assume an in-house applications | |
| # This is useful for in-house applications-> assume in-house applications |
| classAuthorizationView(BaseAuthorizationView,FormView): | ||
| classAuthorizationMixin: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Rename AuthorizationMixin to AuthorizationViewMixin.
| ) | ||
| returnself.redirect(uri,application) | ||
| exceptOAuthToolkitErroraserror: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Having the function return the context or response is awkard. It should just return the context.
let the exception throw and hoist the try/except to theget method, so the get method is returning the error_response
Uh oh!
There was an error while loading.Please reload this page.
…/HTML form
Fixes#1305
Description of the Change
For single page applications it would be handy to be able to get the data for the authorization page as JSON and then render the authorization page on the client side, and similarly post the results as JSON rather than as a HTML form.
Checklist
CHANGELOG.mdupdated (only for user relevant changes)AUTHORS