0005-oidc-check-if-user-is-authorized-through-the-client.patch
| src/authentic2_idp_oidc/views.py | ||
|---|---|---|
| 71 | 71 |
def authorize(request, *args, **kwargs): |
| 72 | 72 |
logger = logging.getLogger(__name__) |
| 73 | 73 |
start = now() |
| 74 | ||
| 75 | 74 |
try: |
| 76 | 75 |
client_id = request.GET['client_id'] |
| 77 | 76 |
redirect_uri = request.GET['redirect_uri'] |
| ... | ... | |
| 159 | 158 |
fragment=fragment) |
| 160 | 159 |
return login_require(request, params={'nonce': nonce})
|
| 161 | 160 | |
| 161 |
# is user authorized through this client |
|
| 162 |
if not client.authorize(request): |
|
| 163 |
logger.info(u'user %s unauthorized on service %s', request.user.username, client.name) |
|
| 164 |
return authorization_error(request, redirect_uri, 'access_denied', |
|
| 165 |
error_description='user not authorized through this client', |
|
| 166 |
state=state, fragment=fragment) |
|
| 167 | ||
| 162 | 168 |
last_auth = last_authentication_event(request.session) |
| 163 | 169 |
if max_age is not None and time.time() - last_auth['when'] >= max_age: |
| 164 | 170 |
if 'none' in prompt: |
| 165 |
- |
|