0001-idp_oidc-fix-synchronization-API-calls-when-OIDC-cli.patch

Benjamin Dauvergne, 10 juillet 2018 13:13

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp_oidc: fix synchronization API calls when OIDC client use
 UUID identifier policy (fixes #25182)

 src/authentic2_idp_oidc/apps.py |  7 +++++--
 tests/test_idp_oidc.py          | 29 ++++++++++++++++++++++++++++-
 2 files changed, 33 insertions(+), 3 deletions(-)

                     return
                 if method_name != 'synchronization':
                     return
                 uuid_map = getattr(request, 'uuid_map', {})
                 if not hasattr(request, 'uuid_map'):
                     return
                 uuid_map = request.uuid_map
                 unknown_uuids = data['unknown_uuids']
                 new_unknown_uuids = []
                 for u in unknown_uuids:
     	        new_unknown_uuids.append(uuid_map[u])
                     new_unknown_uuids.append(uuid_map[u])
                 new_unknown_uuids.extend(request.unknown_uuids)
                 data['unknown_uuids'] = new_unknown_uuids

     from django.core.urlresolvers import reverse
     from django.utils.timezone import now
     from django.contrib.auth import get_user_model
     from authentic2_idp_oidc.models import OIDCClient, OIDCAuthorization, OIDCCode, OIDCAccessToken, OIDCClaim
     User = get_user_model()
     from authentic2_idp_oidc.models import OIDCClient, OIDCAuthorization, OIDCCode
     from authentic2_idp_oidc.utils import make_sub
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.utils import make_url
-...
             'frontchannel_logout_uri': 'https://example.com/southpark/logout/',
             'frontchannel_timeout': 3000,
         },
+        {
             'identifier_policy': OIDCClient.POLICY_PAIRWISE_REVERSIBLE,
         },
+    ]
-...
         executor.loader.build_graph()
         client = OIDCClient.objects.first()
         assert OIDCClaim.objects.filter(client=client.id).count() == 5
     def test_api_synchronization(app, oidc_client):
         oidc_client.has_api_access = True
         oidc_client.save()
         users = [User.objects.create(username='user-%s' % i) for i in range(10)]
         for user in users[5:]:
             user.delete()
         deleted_subs = set(make_sub(oidc_client, user) for user in users[5:])
         app.authorization = ('Basic', (oidc_client.client_id, oidc_client.client_secret))
         status = 200
         if oidc_client.identifier_policy not in (OIDCClient.POLICY_PAIRWISE_REVERSIBLE, OIDCClient.POLICY_UUID):
             status = 401
         response = app.post_json('/api/users/synchronization/',
                                  params={
                                      'known_uuids': [make_sub(oidc_client, user) for user in users]},
                                  status=status)
         if status == 200:
             assert response.json['result'] == 1
             assert set(response.json['unknown_uuids']) == deleted_subs
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp_oidc-fix-synchronization-API-calls-when-OIDC-cli.patch