Fix parameter validation in login.

everaldorodrigo · everaldorodrigo · commit dcd1fd960ae1 · 2025-08-05T12:59:00.000-07:00
diff --git a/src/handlers/api.py b/src/handlers/api.py
@@ -55,10 +55,16 @@ def set_cache_header(self, cache_value):
 class UserInfoHandler(AuthHandler):
     """ "Handler for /user_info endpoint."""
 
-    # Override prepare method to bypass parameter validation
+    # Define that no parameters are required for this endpoint
+    kwargs = {
+        "*": {},  # Override any inherited parameter requirements
+        "GET": {}  # Explicitly empty - no parameters expected or required
+    }
+
     def prepare(self):
-        # Skip the BaseAPIHandler parameter validation
-        # and just call the basic RequestHandler prepare
+        """Override prepare to bypass parameter validation issues"""
+        # Skip the BaseAPIHandler parameter validation that's causing issues
+        # and go directly to the parent class's prepare method
         super(BaseAPIHandler, self).prepare()
 
     def get(self):
@@ -79,21 +85,37 @@ def get(self):
 
 
 class LoginHandler(AuthHandler):
-    # Override prepare method to bypass parameter validation
+    # Define expected parameters for login redirect
+    kwargs = {
+        "*": {},  # Override any inherited parameter requirements
+        "GET": {
+            "next": {"type": str, "required": False, "default": "/"}  # Optional redirect URL
+        }
+    }
+    
     def prepare(self):
-        # Skip the BaseAPIHandler parameter validation
-        # and just call the basic RequestHandler prepare
+        """Override prepare to bypass parameter validation issues"""
+        # Skip the BaseAPIHandler parameter validation that's causing issues
+        # and go directly to the parent class's prepare method
         super(BaseAPIHandler, self).prepare()
     
     def get(self):
         self.redirect(self.get_argument("next", "/"))
 
 
 class LogoutHandler(AuthHandler):
-    # Override prepare method to bypass parameter validation
+    # Define expected parameters for logout redirect
+    kwargs = {
+        "*": {},  # Override any inherited parameter requirements
+        "GET": {
+            "next": {"type": str, "required": False, "default": "/"}  # Optional redirect URL
+        }
+    }
+    
     def prepare(self):
-        # Skip the BaseAPIHandler parameter validation
-        # and just call the basic RequestHandler prepare
+        """Override prepare to bypass parameter validation issues"""
+        # Skip the BaseAPIHandler parameter validation that's causing issues
+        # and go directly to the parent class's prepare method
         super(BaseAPIHandler, self).prepare()
     
     def get(self):
diff --git a/src/handlers/oauth.py b/src/handlers/oauth.py
@@ -11,11 +11,21 @@ class GitHubLoginHandler(BaseAPIHandler, GithubOAuth2Mixin):
 
     SCOPES = []
     GITHUB_CALLBACK_PATH = "/oauth"
-    
-    # Override prepare method to bypass parameter validation
+
+    # Define expected parameters properly - override any inherited parameter validation
+    kwargs = {
+        "*": {},  # Override any inherited parameter requirements
+        "GET": {
+            "code": {"type": str, "required": False},  # OAuth callback code
+            "next": {"type": str, "required": False, "default": "/"},  # Redirect URL
+            "state": {"type": str, "required": False},  # OAuth state parameter
+        }
+    }
+
     def prepare(self):
-        # Skip the BaseAPIHandler parameter validation
-        # and just call the basic RequestHandler prepare
+        """Override prepare to bypass parameter validation issues"""
+        # Skip the BaseAPIHandler parameter validation that's causing issues
+        # and go directly to the parent class's prepare method
         super(BaseAPIHandler, self).prepare()
 
     async def get(self):
