0003-ajustements-2.patch

Benjamin Dauvergne, 23 janvier 2020 01:33

Voir les différences: en ligne côte à côte

Subject: [PATCH 3/4] ajustements 2

 src/authentic2_idp_oidc/utils.py |  3 ++-
 src/authentic2_idp_oidc/views.py |  7 +++++--
 tests/test_idp_oidc.py           | 23 +++++++++++++++++++++--
 3 files changed, 28 insertions(+), 5 deletions(-)

     def create_user_info(request, client, user, scope_set, id_token=False):
         '''Create user info dictionary'''
         user_info = {
             'sub': make_sub(client, user)
+        }
         if 'openid' in scope_set:
             user_info['sub'] = make_sub(client, user)
         attributes = get_attributes({
             'user': user,
             'request': request,

             return invalid_request_response(
                 'wrong content type. request content type must be \'application/x-www-form-urlencoded\'')
         username = request.POST.get('username')
         scope = request.POST.get('scope', '')
         scope = request.POST.get('scope')
         # scope is ignored, we used the configured scope
-...
             return access_denied_response('invalid resource owner credentials')
         # limit requested scopes
         scopes = utils.scope_set(scope) & client.scope_set()
         if scope is not None:
             scopes = utils.scope_set(scope) & client.scope_set()
         else:
             scopes = client.scope_set()
         exponential_backoff.success(*backoff_keys)
         start = now()

     def test_resource_owner_password_credential_grant(app, oidc_client, admin, simple_user):
         cache.clear()
         oidc_client.authorization_flow = OIDCClient.FLOW_RESOURCE_OWNER_CRED
         oidc_client.scope = 'openid'
         oidc_client.save()
         token_url = make_url('oidc-token')
         if oidc_client.idtoken_algo == OIDCClient.ALGO_HMAC:
-...
         jwt.deserialize(token, key=jwk)
         claims = json.loads(jwt.claims)
         # xxx already verified by jwcrypto deserialization?
         assert all(claims.get(key) for key in ('acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'))
         assert set(claims) == set(['acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'])
         assert all(claims.values())
         # 2. test basic authz
         params.pop('client_id')
-...
         jwt.deserialize(token, key=jwk)
         claims = json.loads(jwt.claims)
         # xxx already verified by jwcrypto deserialization?
         assert all(claims.get(key) for key in ('acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'))
         assert set(claims) == set(['acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'])
         assert all(claims.values())
     def test_resource_owner_password_credential_grant_ratelimitation_invalid_client(
-...
         assert 'id_token' in response.json
     def test_credentials_grant_invalid_flow(
             app, oidc_client, admin, simple_user, settings):
         cache.clear()
         params = {
             'client_id': oidc_client.client_id,
             'client_secret': oidc_client.client_secret,
             'grant_type': 'password',
             'username': simple_user.username,
             'password': u'SurelyNotTheRightPassword',
+        }
         token_url = make_url('oidc-token')
         response = app.post(token_url, params=params, status=400)
         assert response.json['error'] == 'unauthorized_client'
         assert 'is not configured' in response.json['error_description']
     def test_credentials_grant_invalid_client(
             app, oidc_client, admin, simple_user, settings):
         cache.clear()
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0003-ajustements-2.patch