Use 400 and 401 error codes as OAuth2 documents, accept 400 as webfinger error code (#597)

This commit is contained in:
Osma Ahvenlampi 2023-07-10 19:19:20 +03:00 committed by GitHub
parent 91cf2f3a30
commit 1cc9c16b8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions

View File

@ -73,6 +73,7 @@ class AuthorizationView(LoginRequiredMixin, View):
request,
"api/oauth_error.html",
{"error": f"Invalid response type '{response_type}'"},
status=400,
)
application = Application.objects.filter(
@ -81,7 +82,10 @@ class AuthorizationView(LoginRequiredMixin, View):
if application is None:
return render(
request, "api/oauth_error.html", {"error": "Invalid client_id"}
request,
"api/oauth_error.html",
{"error": "Invalid client_id"},
status=400,
)
if application.redirect_uris and redirect_uri not in application.redirect_uris:
@ -89,6 +93,7 @@ class AuthorizationView(LoginRequiredMixin, View):
request,
"api/oauth_error.html",
{"error": "Invalid application redirect URI"},
status=401,
)
context = {

View File

@ -697,7 +697,7 @@ class Identity(StatorModel):
if (
response
and response.status_code < 500
and response.status_code not in [401, 403, 404, 406, 410]
and response.status_code not in [400, 401, 403, 404, 406, 410]
):
raise ValueError(
f"Client error fetching webfinger: {response.status_code}",