Elaborated on error messages for the OAuth redirect endpoint

2017-09-22 16:13:45 -04:00 · 2017-09-22 16:13:45 -04:00 · 49e508f4ad
parent ad5552c37a
commit 49e508f4ad
1 changed files with 10 additions and 1 deletions
--- a/LandingPage/views.py
+++ b/LandingPage/views.py
@ -12,6 +12,13 @@ import json
 class LoginRedirect(View):
    def get(self, req):
        
+        # Check request has correct arguments
+        request_valid = 'state' in req.GET and 'code' in req.GET
+        if not request_valid:
+            r = HttpResponse('<h1>Error</h1><p>There was an error in your request.  Please <a href=/login>try again</a></p>')
+            r.status = 400
+            return r
+
        # Check state
        userstate = generateState(req)
        if userstate == req.GET['state']:
@ -30,7 +37,9 @@ class LoginRedirect(View):
            )
            resp_json = resp.json()
            if 'error' in resp_json:
-                return HttpResponse('<h1>OAuth Error</h1><pre>%s</pre>'%json.dumps(resp_json))
+                r = HttpResponse('<h1>OAuth Error</h1><pre>%s</pre>'%json.dumps(resp_json))
+                r.status = 500
+                return r
            else:
                req.session['token'] = resp_json['access_token']
                return HttpResponseRedirect('/')