fix: don't send callback request if data has been modified

This commit is contained in:
imperosol
2026-07-03 12:12:56 +02:00
parent 90adb9eb08
commit c6815f8b71
+5 -5
View File
@@ -39,8 +39,8 @@ class ThirdPartyAuthView(AccessMixin, FormView):
# the given parameters and their signature are checked during both # the given parameters and their signature are checked during both
# POST (for obvious reasons) and GET (in order not to make # POST (for obvious reasons) and GET (in order not to make
# the user fill a form just to get an error he won't understand) # the user fill a form just to get an error he won't understand)
params = self.request.GET or self.request.POST params = self.request.GET if self.request.method == "GET" else self.request.POST
params = {key: unquote(val) for key, val in params.items()} params = {key: unquote(val) for key, val in params.dict().items()}
try: try:
params = ThirdPartyAuthParamsSchema(**params) params = ThirdPartyAuthParamsSchema(**params)
except pydantic.ValidationError: except pydantic.ValidationError:
@@ -48,7 +48,7 @@ class ThirdPartyAuthView(AccessMixin, FormView):
self.request, _("The data provided for authentication is incorrect") self.request, _("The data provided for authentication is incorrect")
) )
return None return None
client: ApiClient = get_object_or_none(ApiClient, id=params.client_id) client: ApiClient | None = get_object_or_none(ApiClient, id=params.client_id)
if not client: if not client:
messages.error( messages.error(
self.request, _("The data provided for authentication is incorrect") self.request, _("The data provided for authentication is incorrect")
@@ -71,11 +71,11 @@ class ThirdPartyAuthView(AccessMixin, FormView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated: if not request.user.is_authenticated:
return self.handle_no_permission() return self.handle_no_permission()
self.params = self.parse_params() if (params := self.parse_params()) is None:
if not self.params:
# if parameters parsing failed, shortcut the operation and display # if parameters parsing failed, shortcut the operation and display
# an empty page with just the error messages. # an empty page with just the error messages.
return render(request, "core/base.jinja") return render(request, "core/base.jinja")
self.params = params
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
def get(self, *args, **kwargs): def get(self, *args, **kwargs):