Add fallback for auth if callback-url is missing

joschobart · Jul 16, 2024 · 35318a3 · 35318a3
1 parent 29dacbb
commit 35318a3
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 9 deletions.
diff --git a/fun_with_flags/api.py b/fun_with_flags/api.py
@@ -325,7 +325,7 @@ def oauth_get_access_token(pin):
     return access_token_key, access_token_secret
 
 
-def oauth_get_url(oauth_url="oop", scope="manage_challenges"):
+def oauth_get_url(oauth_url="oob", scope="manage_challenges"):
     """
 
     :param scope: Default value = "manage_challenges")

diff --git a/fun_with_flags/auth.py b/fun_with_flags/auth.py
@@ -9,14 +9,31 @@
 bp_a = Blueprint("auth", __name__, url_prefix="/auth")
 
 
-@bp_a.route("/authorize")
+@bp_a.route("/authorize", methods=("GET", "POST"))
 def authorize():
     """ """
     _protocol = request.args.get("protocol")
     _url = request.args.get("url")
 
-    if _protocol and _url:
-        g.authorize_url = api.oauth_get_url(oauth_url=f"{_protocol}//{_url}/auth/callback")
+    if request.method == "GET":
+        if _protocol and _url:
+            g.authorize_url = api.oauth_get_url(oauth_url=f"{_protocol}//{_url}/auth/callback")
+            g.oob = False
+        else:
+            g.authorize_url = api.oauth_get_url()
+            g.oob = True
+
+    if request.method == "POST":
+        g.pin = request.form["pin"]
+        try:
+            access_token_key, access_token_secret = api.oauth_get_access_token(g.pin)
+        except Exception as e:
+            error = f"{e}: Pin {g.pin} was not accepted."
+            flash(error)
+        else:
+            creds = f"{access_token_key} {access_token_secret}"
+            session["encrypted_access_token"] = helperf.crypto_string(creds, "encrypt")
+            return redirect(url_for("auth.login"))
 
     return render_template("auth/authorize.html")
 
@@ -35,9 +52,7 @@ def callback():
 
     else:
         creds = f"{access_token_key} {access_token_secret}"
-
         session["encrypted_access_token"] = helperf.crypto_string(creds, "encrypt")
-
         return redirect(url_for("auth.login"))
 
     return render_template("auth/authorize.html")

diff --git a/fun_with_flags/static/ht_auth_screenshot.png b/fun_with_flags/static/ht_auth_screenshot.png
diff --git a/fun_with_flags/templates/auth/authorize.html b/fun_with_flags/templates/auth/authorize.html
@@ -1,12 +1,27 @@
 {% extends 'base.html' %}
 
 {% block header %}
-  <h2>{% block title %}Register{% endblock %}</h2>
+  <h2>{% block title %}Authorize{% endblock %}</h2>
 {% endblock %}
 
 {% block content %}
-  <p>Click the button to open the hattrick CHPP authorization page and allow Fun with flags.</p>
+  {% if g.oob %}
+    <p>1. Click the button to open a new tab for the hattrick-authorization.</p>
+    <p><img src="{{ url_for('static', filename='ht_auth_screenshot.png') }}" alt="HT auth" title="HT auth"></p>
+      <a href="{{ g.authorize_url }}" target="_blank">
+        <input type="button" class="button" value="Hattrick-Authorization" />
+      </a>
+    <p>2. Come back here after the authorization and enter the received token in the box below</p>
+    <form method="post">
+      <label for="pin">Token</label>
+      <input type="text" name="pin" id="pin" required placeholder="Token e.g.: ZzJuAjDgZNDmis8l">
+      <input type="submit" value="Start Session">
+    </form>
+  {% else %}
+    <p>Click the button to open the hattrick CHPP authorization page and allow Fun with flags.</p>
+    <p><img src="{{ url_for('static', filename='ht_auth_screenshot.png') }}" alt="HT auth" title="HT auth"></p>
     <a href="{{ g.authorize_url }}">
       <input type="button" class="button" value="Hattrick-Authorization" />
     </a>
+  {% endif %}
 {% endblock %}
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "hattrick-fwf"
-version = "0.3.0"
+version = "0.3.1"
 description = "Hattrick Fun with Flags"
 authors = [
     { name = "joe", email = "github@schicker.guru" }