0001-idp_oidc-make-OIDCCode.-nonce-state-nullable-fixes-1.patch

Benjamin Dauvergne, 24 mars 2017 14:39

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp_oidc: make OIDCCode.{nonce,state} nullable (fixes #15612)

Those fields are optional so we need to differentiate their presence or their
absence.

 .../migrations/0003_auto_20170324_1426.py          | 24 +++++++++++++++++++
 src/authentic2_idp_oidc/models.py                  |  4 ++--
 src/authentic2_idp_oidc/views.py                   | 28 +++++++++++++---------
 3 files changed, 43 insertions(+), 13 deletions(-)
 create mode 100644 src/authentic2_idp_oidc/migrations/0003_auto_20170324_1426.py

     # -*- coding: utf-8 -*-
     from __future__ import unicode_literals
     from django.db import migrations, models
     class Migration(migrations.Migration):
         dependencies = [
             ('authentic2_idp_oidc', '0002_auto_20170121_2346'),
+        ]
         operations = [
             migrations.AlterField(
                 model_name='oidccode',
                 name='nonce',
                 field=models.TextField(null=True, verbose_name='nonce'),
             ),
             migrations.AlterField(
                 model_name='oidccode',
                 name='state',
                 field=models.TextField(null=True, verbose_name='state'),
             ),
+        ]

         scopes = models.TextField(
             verbose_name=_('scopes'))
         state = models.TextField(
             default='',
             null=True,
             verbose_name=_('state'))
         nonce = models.TextField(
             default='',
             null=True,
             verbose_name=_('nonce'))
         redirect_uri = models.URLField(
             verbose_name=_('redirect URI'))

             params['error_description'] = error_description
         if error_uri:
             params['error_uri'] = error_uri
         if state:
         if state is not None:
             params['state'] = state
         if fragment:
             return redirect(request, redirect_uri + '#%s' % urlencode(params), resolve=False)
-...
             return HttpResponseBadRequest('invalid request: unknown client_id')
         fragment = client.authorization_flow == client.FLOW_IMPLICIT
         state = request.GET.get('state', '')
         state = request.GET.get('state')
         try:
             response_type = request.GET['response_type']
-...
                                        fragment=fragment)
         prompt = set(filter(None, request.GET.get('prompt', '').split()))
         nonce = request.GET.get('nonce', '')
         nonce = request.GET.get('nonce')
         scopes = utils.scope_set(scope)
         max_age = request.GET.get('max_age')
-...
                                            error_description='login is required but prompt is none',
                                            state=state,
                                            fragment=fragment)
             return login_require(request, params={'nonce': nonce})
             params = {}
             if nonce is not None:
                 params['nonce'] = nonce
             return login_require(request, params=params)
         last_auth = last_authentication_event(request.session)
         if max_age is not None and time.time() - last_auth['when'] >= max_age:
-...
                                            error_description='login is required but prompt is none',
                                            state=state,
                                            fragment=fragment)
             return login_require(request, params={'nonce': nonce})
             params = {}
             if nonce is not None:
                 params['nonce'] = nonce
             return login_require(request, params=params)
         qs = models.OIDCAuthorization.objects.filter(client=client, user=request.user)
         if 'consent' in prompt:
-...
             params = {
                 'code': unicode(code.uuid),
+            }
             if state:
             if state is not None:
                 params['state'] = state
             return redirect(request, redirect_uri, params=params, resolve=False)
         else:
-...
                     session_key=request.session.session_key,
                     expired=start + datetime.timedelta(seconds=expires_in))
             acr = 0
             if nonce and last_auth.get('nonce') == nonce:
             if nonce is not None and last_auth.get('nonce') == nonce:
                 acr = 1
             id_token = {
                 'iss': request.build_absolute_uri('/'),
-...
                 'auth_time': last_auth['when'],
                 'acr': acr,
+            }
             if nonce:
             if nonce is not None:
                 id_token['nonce'] = nonce
             params = {
                 'id_token': utils.make_idtoken(client, id_token),
+            }
             if state:
             if state is not None:
                 params['state'] = state
             if need_access_token:
                 params.update({
-...
             expired=oidc_code.created + datetime.timedelta(seconds=expires_in))
         start = now()
         acr = 0
         if (oidc_code.nonce and last_authentication_event(oidc_code.session).get('nonce') ==
         if (oidc_code.nonce is not None and last_authentication_event(oidc_code.session).get('nonce') ==
                 oidc_code.nonce):
             acr = 1
         id_token = {
-...
             'auth_time': timestamp_from_datetime(oidc_code.auth_time),
             'acr': acr,
+        }
         if oidc_code.nonce:
         if oidc_code.nonce is not None:
             id_token['nonce'] = oidc_code.nonce
         response = HttpResponse(json.dumps({
             'access_token': unicode(access_token.uuid),
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp_oidc-make-OIDCCode.-nonce-state-nullable-fixes-1.patch