Serves the authentication callback page, which captures the tokens from the URL hash and forwards them to our auth_session endpoint. This view just serves the HTML page, which is a simple JavaScript app that captures the tokens from the URL hash and forwards them to our auth_sessio
(request: Request)
| 255 | |
| 256 | @public_route |
| 257 | async def auth_callback(request: Request) -> HTMLResponse: |
| 258 | """ |
| 259 | Serves the authentication callback page, which captures the tokens from the URL hash |
| 260 | and forwards them to our auth_session endpoint. |
| 261 | |
| 262 | This view just serves the HTML page, which is a simple JavaScript app that |
| 263 | captures the tokens from the URL hash and forwards them to our auth_session endpoint. |
| 264 | """ |
| 265 | # Content Security Policy headers prevent any scripts from running on the page, |
| 266 | # except those with the correct nonce |
| 267 | nonce = base64.b64encode(os.urandom(32)).decode('utf-8') |
| 268 | headers = { |
| 269 | 'Content-Security-Policy': f"script-src 'nonce-{nonce}'", |
| 270 | 'Referrer-Policy': 'no-referrer', |
| 271 | } |
| 272 | |
| 273 | # Check if there's a redirect_to parameter in the query string |
| 274 | redirect_to = request.query_params.get('redirect_to') |
| 275 | |
| 276 | # If no explicit redirect_to, check for invite parameter to construct the redirect |
| 277 | if not redirect_to: |
| 278 | invite_org_id = request.query_params.get('invite') |
| 279 | if invite_org_id: |
| 280 | redirect_to = f"{APP_URL}/settings/organization?invite={invite_org_id}" |
| 281 | else: |
| 282 | redirect_to = DASHBOARD_URL |
| 283 | |
| 284 | # Ensure the redirect URL is to our app domain for security |
| 285 | if not redirect_to.startswith(APP_URL): |
| 286 | redirect_to = DASHBOARD_URL |
| 287 | |
| 288 | template = templates.get_template('auth_callback.html') |
| 289 | content = template.render( |
| 290 | nonce=nonce, auth_session_url=reverse_path('auth_session'), dashboard_url=redirect_to |
| 291 | ) |
| 292 | |
| 293 | return HTMLResponse(content=content, headers=headers) |
| 294 | |
| 295 | |
| 296 | def _create_session_for_response(response: Response, access_token: str) -> Response: |
nothing calls this directly
no test coverage detected
searching dependent graphs…