0001-utils-add-function-get_authentication_events-32780.patch
src/authentic2/utils.py | ||
---|---|---|
381 | 381 |
def find_authentication_event(request, nonce): |
382 | 382 |
'''Find an authentication event occurring during this session and matching |
383 | 383 |
this nonce.''' |
384 |
authentication_events = request.session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, []) |
|
385 |
for event in authentication_events: |
|
384 |
for event in get_authentication_events(request=request): |
|
386 | 385 |
if event.get('nonce') == nonce: |
387 | 386 |
return event |
388 | 387 |
return None |
389 | 388 | |
390 | 389 | |
391 |
def last_authentication_event(session):
|
|
392 |
authentication_events = session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, [])
|
|
390 |
def last_authentication_event(request=None, session=None):
|
|
391 |
authentication_events = get_authentication_events(request=request, session=None)
|
|
393 | 392 |
if authentication_events: |
394 | 393 |
return authentication_events[-1] |
395 | 394 |
return None |
... | ... | |
1119 | 1118 |
''' |
1120 | 1119 |
return encoding.force_text(func() or default) |
1121 | 1120 |
lazy_label = allow_lazy(lazy_label, six.text_type) |
1121 | ||
1122 | ||
1123 |
def get_authentication_events(request=None, session=None): |
|
1124 |
if request is not None and session is None: |
|
1125 |
session = getattr(request, 'session', None) |
|
1126 |
if session is not None: |
|
1127 |
return session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, []) |
|
1128 |
return [] |
src/authentic2_idp_oidc/views.py | ||
---|---|---|
188 | 188 |
# is raised and handled by ServiceAccessMiddleware |
189 | 189 |
client.authorize(request.user) |
190 | 190 | |
191 |
last_auth = last_authentication_event(request.session)
|
|
191 |
last_auth = last_authentication_event(request=request)
|
|
192 | 192 |
if max_age is not None and time.time() - last_auth['when'] >= max_age: |
193 | 193 |
if 'none' in prompt: |
194 | 194 |
return authorization_error(request, redirect_uri, 'login_required', |
... | ... | |
392 | 392 |
expired=oidc_code.created + datetime.timedelta(seconds=expires_in)) |
393 | 393 |
start = now() |
394 | 394 |
acr = '0' |
395 |
if (oidc_code.nonce is not None and last_authentication_event(oidc_code.session).get('nonce') == |
|
395 |
if (oidc_code.nonce is not None and last_authentication_event(session=oidc_code.session).get('nonce') ==
|
|
396 | 396 |
oidc_code.nonce): |
397 | 397 |
acr = '1' |
398 | 398 |
# prefill id_token with user info |
tests/test_utils.py | ||
---|---|---|
1 |
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password |
|
1 |
from django.contrib.auth import authenticate |
|
2 |
from django.contrib.auth.middleware import AuthenticationMiddleware |
|
3 |
from django.contrib.sessions.middleware import SessionMiddleware |
|
4 | ||
5 |
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password, login, get_authentication_events |
|
2 | 6 | |
3 | 7 | |
4 | 8 |
def test_good_next_url(rf, settings): |
... | ... | |
52 | 56 |
assert user_can_change_password(user=simple_user) is True |
53 | 57 |
settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD = False |
54 | 58 |
assert user_can_change_password(user=simple_user) is False |
59 | ||
60 | ||
61 |
def test_get_authentication_events_hows(rf, simple_user): |
|
62 |
user = authenticate(username=simple_user.username, password=simple_user.username) |
|
63 |
request = rf.get('/login/') |
|
64 |
middleware = SessionMiddleware() |
|
65 |
middleware.process_request(request) |
|
66 |
middleware = AuthenticationMiddleware() |
|
67 |
middleware.process_request(request) |
|
68 |
assert 'password' not in [ev['how'] for ev in get_authentication_events(request)] |
|
69 |
login(request, user, 'password') |
|
70 |
assert 'password' in [ev['how'] for ev in get_authentication_events(request)] |
|
55 |
- |