0001-auth_oidc-compare-token_type-case-insensitively-fixe.patch
src/authentic2_auth_oidc/views.py | ||
---|---|---|
166 | 166 |
'request_id': request.request_id, |
167 | 167 |
}) |
168 | 168 |
return self.continue_to_next_url() |
169 |
if ('access_token' not in result or 'token_type' not in result or |
|
170 |
result['token_type'] != 'Bearer' or 'id_token' not in result): |
|
169 |
# token_type is case insensitive, https://tools.ietf.org/html/rfc6749#section-4.2.2 |
|
170 |
if ('access_token' not in result |
|
171 |
or 'token_type' not in result |
|
172 |
or result['token_type'].lower() != 'bearer' |
|
173 |
or 'id_token' not in result): |
|
171 | 174 |
logger.warning(u'auth_oidc: invalid token endpoint response from %s: %r' % ( |
172 | 175 |
provider.token_endpoint, result)) |
173 | 176 |
messages.warning(request, _('Provider %(name)s is down, report %(request_id)s to ' |
tests/test_auth_oidc.py | ||
---|---|---|
4 | 4 |
import pytest |
5 | 5 |
import json |
6 | 6 |
import time |
7 |
import random |
|
7 | 8 | |
8 | 9 |
from jwcrypto.jwk import JWKSet, JWK |
9 | 10 |
from jwcrypto.jwt import JWT |
... | ... | |
199 | 200 | |
200 | 201 |
content = { |
201 | 202 |
'access_token': '1234', |
202 |
'token_type': 'Bearer', |
|
203 |
# check token_type is case insensitive |
|
204 |
'token_type': random.choice(['B', 'b']) + 'earer', |
|
203 | 205 |
'id_token': jwt.serialize(), |
204 | 206 |
} |
205 | 207 |
return { |
206 |
- |