0001-auth_oidc-compare-token_type-case-insensitively-fixe.patch

Benjamin Dauvergne, 15 avril 2019 11:51

Voir les différences: en ligne côte à côte

Subject: [PATCH] auth_oidc: compare token_type case insensitively (fixes
 #32281)

 src/authentic2_auth_oidc/views.py | 7 +++++--
 tests/test_auth_oidc.py           | 4 +++-
 2 files changed, 8 insertions(+), 3 deletions(-)

                                      'request_id': request.request_id,
                 })
                 return self.continue_to_next_url()
             if ('access_token' not in result or 'token_type' not in result or
                     result['token_type'] != 'Bearer' or 'id_token' not in result):
             # token_type is case insensitive, https://tools.ietf.org/html/rfc6749#section-4.2.2
             if ('access_token' not in result
                     or 'token_type' not in result
                     or result['token_type'].lower() != 'bearer'
                     or 'id_token' not in result):
                 logger.warning(u'auth_oidc: invalid token endpoint response from %s: %r' % (
                     provider.token_endpoint, result))
                 messages.warning(request, _('Provider %(name)s is down, report %(request_id)s to '

     import pytest
     import json
     import time
     import random
     from jwcrypto.jwk import JWKSet, JWK
     from jwcrypto.jwt import JWT
-...
                 content = {
                     'access_token': '1234',
                     'token_type': 'Bearer',
                     # check token_type is case insensitive
                     'token_type': random.choice(['B', 'b']) + 'earer',
                     'id_token': jwt.serialize(),
+                }
                 return {
+    -

Produits Entr'ouvert » Authentic 2