Explicitly list the authorization routes that use a query parameter

While a bit more verbose it's more explicit and more "grep-able" while looking for code related to one particular route.
hypothesis · May 9, 2024 · 749c827 · 749c827
1 parent 3905b57
commit 749c827
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lms/security.py b/lms/security.py
@@ -127,7 +127,12 @@ def get_policy(request: Request):
             # LTIUser serialized in the state param for the oauth flow
             return OAuthCallbackLTIUserPolicy()
 
-        if (path.startswith("/api") and path.endswith("authorize")) or path in {
+        if path in {
+            # LTUser serialized as query param for authorization failures
+            "/api/d2l/oauth/authorize",
+            "/api/blackboard/oauth/authorize",
+            "/api/canvas/oauth/authorize",
+            "/api/canvas_studio/oauth/authorize",
             # To fetch pages content from LMSes' APIs
             "/api/canvas/pages/proxy",
             "/api/moodle/pages/proxy",