1 files changed, 9 insertions, 12 deletions

diff --git a/oauth2client/contrib/django_util/views.py b/oauth2client/contrib/django_util/views.py
index 1835208..4d8ae03 100644
--- a/oauth2client/contrib/django_util/views.py
+++ b/oauth2client/contrib/django_util/views.py
@@ -22,14 +22,13 @@ in the configured storage."""
 import hashlib
 import json
 import os
+import pickle
 
 from django import http
 from django import shortcuts
 from django.conf import settings
 from django.core import urlresolvers
 from django.shortcuts import redirect
-from django.utils import html
-import jsonpickle
 from six.moves.urllib import parse
 
 from oauth2client import client
@@ -72,7 +71,7 @@ def _make_flow(request, scopes, return_url=None):
             urlresolvers.reverse("google_oauth:callback")))
 
     flow_key = _FLOW_KEY.format(csrf_token)
-    request.session[flow_key] = jsonpickle.encode(flow)
+    request.session[flow_key] = pickle.dumps(flow)
     return flow
 
 
@@ -90,7 +89,7 @@ def _get_flow_for_token(csrf_token, request):
         CSRF token.
     """
     flow_pickle = request.session.get(_FLOW_KEY.format(csrf_token), None)
-    return None if flow_pickle is None else jsonpickle.decode(flow_pickle)
+    return None if flow_pickle is None else pickle.loads(flow_pickle)
 
 
 def oauth2_callback(request):
@@ -110,7 +109,6 @@ def oauth2_callback(request):
     if 'error' in request.GET:
         reason = request.GET.get(
             'error_description', request.GET.get('error', ''))
-        reason = html.escape(reason)
         return http.HttpResponseBadRequest(
             'Authorization failed {0}'.format(reason))
 
@@ -172,10 +170,7 @@ def oauth2_authorize(request):
          A redirect to Google OAuth2 Authorization.
     """
     return_url = request.GET.get('return_url', None)
-    if not return_url:
-        return_url = request.META.get('HTTP_REFERER', '/')
 
-    scopes = request.GET.getlist('scopes', django_util.oauth2_settings.scopes)
     # Model storage (but not session storage) requires a logged in user
     if django_util.oauth2_settings.storage_model:
         if not request.user.is_authenticated():
@@ -183,11 +178,13 @@ def oauth2_authorize(request):
                 settings.LOGIN_URL, parse.quote(request.get_full_path())))
         # This checks for the case where we ended up here because of a logged
         # out user but we had credentials for it in the first place
-        else:
-            user_oauth = django_util.UserOAuth2(request, scopes, return_url)
-            if user_oauth.has_credentials():
-                return redirect(return_url)
+        elif get_storage(request).get() is not None:
+            return redirect(return_url)
 
+    scopes = request.GET.getlist('scopes', django_util.oauth2_settings.scopes)
+
+    if not return_url:
+        return_url = request.META.get('HTTP_REFERER', '/')
     flow = _make_flow(request=request, scopes=scopes, return_url=return_url)
     auth_url = flow.step1_get_authorize_url()
     return shortcuts.redirect(auth_url)