Add support for POST requests to /v1/openid/authorize_return

Some OpenID providers make a POST request to the `return_to` URL if the query string would be too long. This commit adds support for POST requests to this endpoint. The change in notification_hook.py is to stop attempting to parse the empty string as JSON when receiving this POST request. Change-Id: I34d7032d795a5d36799bffc51864e63e585c6eb1
2019-10-25 21:43:55 +01:00 · 2019-10-25 21:43:55 +01:00 · 8c7604ffe0
parent 4c1c7c0cfc
commit 8c7604ffe0
2 changed files with 3 additions and 3 deletions
--- a/storyboard/api/v1/auth.py
+++ b/storyboard/api/v1/auth.py
@ -37,7 +37,7 @@ class AuthController(rest.RestController):

    _custom_actions = {
        "authorize": ["GET"],
-        "authorize_return": ["GET"],
+        "authorize_return": ["GET", "POST"],
        "token": ["POST"],
    }

--- a/storyboard/notifications/notification_hook.py
+++ b/storyboard/notifications/notification_hook.py
@ -88,8 +88,8 @@ class NotificationHook(hooks.PecanHook):
        # On a POST method, the server has assigned an ID to the resource,
        # so we should be getting it from the resource rather than the URL.
        if state.request.method == 'POST':
-            response_body = json.loads(response.body)
-            if response_body:
+            if response.body:
+                response_body = json.loads(response.body)
                if not subresource:
                    resource_id = response_body.get('id')
                elif subresource == 'comment':