Projet

Général

Profil

0001-auth_oidc-use-simple-strings-in-exceptions-39136.patch

Benjamin Dauvergne, 19 février 2020 02:27

Télécharger (2,82 ko)

Voir les différences: 

Subject: [PATCH 1/3] auth_oidc: use simple strings in exceptions (#39136)


 src/authentic2_auth_oidc/backends.py |  2 +-
 src/authentic2_auth_oidc/utils.py    | 23 ++++++++++++-----------
 2 files changed, 13 insertions(+), 12 deletions(-)
src/authentic2_auth_oidc/backends.py
45 45 
            id_token = utils.IDToken(id_token)
46 46 
            id_token.deserialize(provider)
47 47 
        except utils.IDTokenError as e:
48 
            logger.warning(u'auth_oidc: invalid id_token %r: %s', id_token, e)
48 
            logger.warning(u'auth_oidc: invalid id_token %s: %s', original_id_token, e)
49 49 
            return None
50 50 

  		




  51
  51
  
    
        try:

  		












  

    
      src/authentic2_auth_oidc/utils.py
    
  





  27
  27
  
    
from authentic2.models import Attribute

  		




  28
  28
  
    
from authentic2.a2_rbac.utils import get_default_ou

  		




  29
  29
  
    

  		




  30
  
  
    
from jwcrypto.jwt import JWT, JWTMissingKey

  		




  
  30
  
    
from jwcrypto.jwt import JWT, JWTMissingKey, JWTMissingKeyID

  		




  31
  31
  
    
from jwcrypto.jwk import JWK

  		




  32
  32
  
    
from jwcrypto.common import (JWException, InvalidJWAAlgorithm, json_decode,

  		




  33
  33
  
    
        base64url_encode)

  		




  ......




  74
  74
  
    
    jwt.deserialize(encoded, None)

  		




  75
  75
  
    
    header = jwt.token.jose_header

  		




  76
  76
  
    

  		




  77
  
  
    
    if header['alg'] in ('RS256', 'RS384', 'RS512'):

  		




  78
  
  
    
        key = provider.jwkset.get_key(kid=header.get('kid'))

  		




  
  77
  
    
    alg = header.get('alg')

  		




  
  78
  
    

  		




  
  79
  
    
    if alg in ('RS256', 'RS384', 'RS512'):

  		




  
  80
  
    
        kid = header.get('kid')

  		




  
  81
  
    
        if not kid:

  		




  
  82
  
    
            raise JWTMissingKeyID()

  		




  
  83
  
    
        key = provider.jwkset.get_key(kid=kid)

  		




  79
  84
  
    
        if not key:

  		




  80
  
  
    
            raise JWTMissingKey(

  		




  81
  
  
    
                    _('Unknown RSA key identifier %(kid)s for provider %(provider)s') %

  		




  82
  
  
    
                            {'kid': header.get('kid'), 'provider': provider})

  		




  83
  
  
    
    elif header['alg'] in ('HS256', 'HS384', 'HS512'):

  		




  84
  
  
    
        key = JWK(kty='oct', k=base64url_encode(

  		




  85
  
  
    
                provider.client_secret.encode('utf-8')))

  		




  
  85
  
    
            raise JWTMissingKey('Key ID %r not in key set' % kid)

  		




  
  86
  
    
    elif alg in ('HS256', 'HS384', 'HS512'):

  		




  
  87
  
    
        key = JWK(kty='oct', k=base64url_encode(provider.client_secret.encode('utf-8')))

  		




  86
  88
  
    
    else:

  		




  87
  
  
    
        raise InvalidJWAAlgorithm(

  		




  88
  
  
    
                _('Unsupported %s signature algorithm') % header['alg'])

  		




  
  89
  
    
        raise InvalidJWAAlgorithm(repr(alg))

  		




  89
  90
  
    

  		




  90
  91
  
    
    jwt = JWT()

  		




  91
  92
  
    
    jwt.deserialize(encoded, key)

  		




  92
  
  
    
-