Projet

Général

Profil

0001-utils-add-function-get_authentication_events-32780.patch

Benjamin Dauvergne, 03 mai 2019 16:32

Télécharger (4,41 ko)

Voir les différences: 

Subject: [PATCH] utils: add function get_authentication_events (#32780)


 src/authentic2/utils.py          | 15 +++++++++++----
 src/authentic2_idp_oidc/views.py |  4 ++--
 tests/test_utils.py              | 18 +++++++++++++++++-
 3 files changed, 30 insertions(+), 7 deletions(-)
src/authentic2/utils.py
381 381 
def find_authentication_event(request, nonce):
382 382 
    '''Find an authentication event occurring during this session and matching
383 383 
       this nonce.'''
384 
    authentication_events = request.session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, [])
385 
    for event in authentication_events:
384 
    for event in get_authentication_events(request=request):
386 385 
        if event.get('nonce') == nonce:
387 386 
            return event
388 387 
    return None
389 388 

  		




  390
  389
  
    

  		




  391
  
  
    
def last_authentication_event(session):

  		




  392
  
  
    
    authentication_events = session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, [])

  		




  
  390
  
    
def last_authentication_event(request=None, session=None):

  		




  
  391
  
    
    authentication_events = get_authentication_events(request=request, session=session)

  		




  393
  392
  
    
    if authentication_events:

  		




  394
  393
  
    
        return authentication_events[-1]

  		




  395
  394
  
    
    return None

  		




  ......




  1119
  1118
  
    
    '''

  		




  1120
  1119
  
    
    return encoding.force_text(func() or default)

  		




  1121
  1120
  
    
lazy_label = allow_lazy(lazy_label, six.text_type)

  		




  
  1121
  
    

  		




  
  1122
  
    

  		




  
  1123
  
    
def get_authentication_events(request=None, session=None):

  		




  
  1124
  
    
    if request is not None and session is None:

  		




  
  1125
  
    
        session = getattr(request, 'session', None)

  		




  
  1126
  
    
    if session is not None:

  		




  
  1127
  
    
        return session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, [])

  		




  
  1128
  
    
    return []

  		












  

    
      src/authentic2_idp_oidc/views.py
    
  





  188
  188
  
    
    # is raised and handled by ServiceAccessMiddleware

  		




  189
  189
  
    
    client.authorize(request.user)

  		




  190
  190
  
    

  		




  191
  
  
    
    last_auth = last_authentication_event(request.session)

  		




  
  191
  
    
    last_auth = last_authentication_event(request=request)

  		




  192
  192
  
    
    if max_age is not None and time.time() - last_auth['when'] >= max_age:

  		




  193
  193
  
    
        if 'none' in prompt:

  		




  194
  194
  
    
            return authorization_error(request, redirect_uri, 'login_required',

  		




  ......




  392
  392
  
    
        expired=oidc_code.created + datetime.timedelta(seconds=expires_in))

  		




  393
  393
  
    
    start = now()

  		




  394
  394
  
    
    acr = '0'

  		




  395
  
  
    
    if (oidc_code.nonce is not None and last_authentication_event(oidc_code.session).get('nonce') ==

  		




  
  395
  
    
    if (oidc_code.nonce is not None and last_authentication_event(session=oidc_code.session).get('nonce') ==

  		




  396
  396
  
    
            oidc_code.nonce):

  		




  397
  397
  
    
        acr = '1'

  		




  398
  398
  
    
    # prefill id_token with user info

  		












  

    
      tests/test_utils.py
    
  





  1
  
  
    
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password

  		




  
  1
  
    
from django.contrib.auth import authenticate

  		




  
  2
  
    
from django.contrib.auth.middleware import AuthenticationMiddleware

  		




  
  3
  
    
from django.contrib.sessions.middleware import SessionMiddleware

  		




  
  4
  
    

  		




  
  5
  
    
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password, login, get_authentication_events

  		




  2
  6
  
    

  		




  3
  7
  
    

  		




  4
  8
  
    
def test_good_next_url(rf, settings):

  		




  ......




  52
  56
  
    
    assert user_can_change_password(user=simple_user) is True

  		




  53
  57
  
    
    settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD = False

  		




  54
  58
  
    
    assert user_can_change_password(user=simple_user) is False

  		




  
  59
  
    

  		




  
  60
  
    

  		




  
  61
  
    
def test_get_authentication_events_hows(rf, simple_user):

  		




  
  62
  
    
    user = authenticate(username=simple_user.username, password=simple_user.username)

  		




  
  63
  
    
    request = rf.get('/login/')

  		




  
  64
  
    
    middleware = SessionMiddleware()

  		




  
  65
  
    
    middleware.process_request(request)

  		




  
  66
  
    
    middleware = AuthenticationMiddleware()

  		




  
  67
  
    
    middleware.process_request(request)

  		




  
  68
  
    
    assert 'password' not in [ev['how'] for ev in get_authentication_events(request)]

  		




  
  69
  
    
    login(request, user, 'password')

  		




  
  70
  
    
    assert 'password' in [ev['how'] for ev in get_authentication_events(request)]

  		




  55
  
  
    
-