bbangert · dobesv · Nov 1, 2014 · Nov 5, 2014
diff --git a/setup.py b/setup.py
@@ -38,7 +38,7 @@
     README = CHANGES = ''
 
 setup(name='velruse',
-      version='1.1.1',
+      version='1.1.1.1',
       description=(
           'Simplifying third-party authentication for web applications.'),
       long_description=README + '\n\n' + CHANGES,

diff --git a/velruse/providers/google_oauth2.py b/velruse/providers/google_oauth2.py
@@ -119,29 +119,40 @@ def login(self, request):
 
     def callback(self, request):
         """Process the google redirect"""
-        sess_state = request.session.pop('velruse.state', None)
-        req_state = request.GET.get('state')
-        if not sess_state or sess_state != req_state:
-            raise CSRFError(
-                'CSRF Validation check failed. Request state {req_state} is '
-                'not the same as session state {sess_state}'.format(
-                    req_state=req_state,
-                    sess_state=sess_state
+        # If the client already did login client-side, we can use a provided code for a one-step login
+        if request.method == 'POST':
+            code = request.POST.get('code')
+            if not code:
+                return AuthenticationDenied(reason='Missing authentication code',
+                                            provider_name=self.name,
+                                            provider_type=self.type)
+            redirect_uri = 'postmessage'
+        else:
+            sess_state = request.session.pop('velruse.state', None)
+            req_state = request.GET.get('state')
+            if not sess_state or sess_state != req_state:
+                raise CSRFError(
+                    'CSRF Validation check failed. Request state {req_state} is '
+                    'not the same as session state {sess_state}'.format(
+                        req_state=req_state,
+                        sess_state=sess_state
+                    )
                 )
-            )
-        code = request.GET.get('code')
-        if not code:
-            reason = request.GET.get('error', 'No reason provided.')
-            return AuthenticationDenied(reason=reason,
-                                        provider_name=self.name,
-                                        provider_type=self.type)
+
+            code = request.GET.get('code')
+            if not code:
+                reason = request.GET.get('error', 'No reason provided.')
+                return AuthenticationDenied(reason=reason,
+                                            provider_name=self.name,
+                                            provider_type=self.type)
+            redirect_uri = request.route_url(self.callback_route)
 
         # Now retrieve the access token with the code
         r = requests.post(
             '%s://%s/o/oauth2/token' % (self.protocol, self.domain),
             dict(client_id=self.consumer_key,
                  client_secret=self.consumer_secret,
-                 redirect_uri=request.route_url(self.callback_route),
+                 redirect_uri=redirect_uri,
                  code=code,
                  grant_type='authorization_code'),
         )