happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

⬆ Upgrade Swagger UI copy of `oauth2-redirect.html` to include fixes for flavors of authorization code flows in Swagger UI (#3439) 

Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
This commit is contained in:
Teo Koon Peng 2022-08-23 21:57:25 +08:00 committed by GitHub
parent 09acce4b2c
commit ec072d75fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
fastapi/openapi/docs.py
View File

@ -115,12 +115,14 @@ def get_redoc_html(
def get_swagger_ui_oauth2_redirect_html() -> HTMLResponse: def get_swagger_ui_oauth2_redirect_html() -> HTMLResponse:
# copied from https://github.com/swagger-api/swagger-ui/blob/v4.14.0/dist/oauth2-redirect.html
html = """ html = """
<!DOCTYPE html> <!doctype html>
<html lang="en-US"> <html lang="en-US">
<body onload="run()"> <head>
</body> <title>Swagger UI: OAuth2 Redirect</title>
</html> </head>
<body>
<script> <script>
'use strict'; 'use strict';
function run () { function run () {
@ -130,31 +132,32 @@ def get_swagger_ui_oauth2_redirect_html() -> HTMLResponse:
var isValid, qp, arr; var isValid, qp, arr;
if (/code|token|error/.test(window.location.hash)) { if (/code|token|error/.test(window.location.hash)) {
qp = window.location.hash.substring(1); qp = window.location.hash.substring(1).replace('?', '&');
} else { } else {
qp = location.search.substring(1); qp = location.search.substring(1);
} }
arr = qp.split("&") arr = qp.split("&");
arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';}) arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
qp = qp ? JSON.parse('{' + arr.join() + '}', qp = qp ? JSON.parse('{' + arr.join() + '}',
function (key, value) { function (key, value) {
return key === "" ? value : decodeURIComponent(value) return key === "" ? value : decodeURIComponent(value);
} }
) : {} ) : {};
isValid = qp.state === sentState isValid = qp.state === sentState;
if (( if ((
oauth2.auth.schema.get("flow") === "accessCode"|| oauth2.auth.schema.get("flow") === "accessCode" ||
oauth2.auth.schema.get("flow") === "authorizationCode" oauth2.auth.schema.get("flow") === "authorizationCode" ||
oauth2.auth.schema.get("flow") === "authorization_code"
) && !oauth2.auth.code) { ) && !oauth2.auth.code) {
if (!isValid) { if (!isValid) {
oauth2.errCb({ oauth2.errCb({
authId: oauth2.auth.name, authId: oauth2.auth.name,
source: "auth", source: "auth",
level: "warning", level: "warning",
message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server" message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
}); });
} }
@ -163,7 +166,7 @@ def get_swagger_ui_oauth2_redirect_html() -> HTMLResponse:
oauth2.auth.code = qp.code; oauth2.auth.code = qp.code;
oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl}); oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
} else { } else {
let oauthErrorMsg let oauthErrorMsg;
if (qp.error) { if (qp.error) {
oauthErrorMsg = "["+qp.error+"]: " + oauthErrorMsg = "["+qp.error+"]: " +
(qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") + (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
@ -174,7 +177,7 @@ def get_swagger_ui_oauth2_redirect_html() -> HTMLResponse:
authId: oauth2.auth.name, authId: oauth2.auth.name,
source: "auth", source: "auth",
level: "error", level: "error",
message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server" message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
}); });
} }
} else { } else {
@ -182,6 +185,16 @@ def get_swagger_ui_oauth2_redirect_html() -> HTMLResponse:
} }
window.close(); window.close();
} }
if (document.readyState !== 'loading') {
run();
} else {
document.addEventListener('DOMContentLoaded', function () {
run();
});
}
</script> </script>
</body>
</html>
""" """
return HTMLResponse(content=html) return HTMLResponse(content=html)