0005-oidc-check-if-user-is-authorized-through-the-client.patch
src/authentic2_idp_oidc/views.py | ||
---|---|---|
71 | 71 |
def authorize(request, *args, **kwargs): |
72 | 72 |
logger = logging.getLogger(__name__) |
73 | 73 |
start = now() |
74 | ||
75 | 74 |
try: |
76 | 75 |
client_id = request.GET['client_id'] |
77 | 76 |
redirect_uri = request.GET['redirect_uri'] |
... | ... | |
159 | 158 |
fragment=fragment) |
160 | 159 |
return login_require(request, params={'nonce': nonce}) |
161 | 160 | |
161 |
# is user authorized through this client |
|
162 |
if not client.authorize(request): |
|
163 |
logger.info(u'user %s unauthorized on service %s', request.user.username, client.name) |
|
164 |
return authorization_error(request, redirect_uri, 'access_denied', |
|
165 |
error_description='user not authorized through this client', |
|
166 |
state=state, fragment=fragment) |
|
167 | ||
162 | 168 |
last_auth = last_authentication_event(request.session) |
163 | 169 |
if max_age is not None and time.time() - last_auth['when'] >= max_age: |
164 | 170 |
if 'none' in prompt: |
165 |
- |