0001-authentic2_idp_oidc-verify-next-url-againts-clients-.patch
src/authentic2_idp_oidc/apps.py | ||
---|---|---|
156 | 156 |
qs = qs.distinct() |
157 | 157 | |
158 | 158 |
return qs |
159 | ||
160 |
def a2_hook_good_next_url(self, next_url): |
|
161 |
from .utils import good_next_url |
|
162 |
return good_next_url(next_url) |
src/authentic2_idp_oidc/utils.py | ||
---|---|---|
31 | 31 |
from authentic2 import hooks, crypto |
32 | 32 |
from authentic2.attributes_ng.engine import get_attributes |
33 | 33 |
from authentic2.utils.template import Template |
34 |
from authentic2.decorators import GlobalCache |
|
34 | 35 | |
35 | 36 |
from . import app_settings |
36 | 37 | |
... | ... | |
251 | 252 |
oidc_sessions[uri] = oidc_session |
252 | 253 |
# force session save |
253 | 254 |
request.session.modified = True |
255 | ||
256 | ||
257 |
@GlobalCache(timeout=60) |
|
258 |
def good_next_url(next_url): |
|
259 |
from authentic2.utils import same_origin |
|
260 |
from .models import OIDCClient |
|
261 | ||
262 |
for oidc_client in OIDCClient.objects.all(): |
|
263 |
for url in oidc_client.redirect_uris.split(): |
|
264 |
if same_origin(url, next_url): |
|
265 |
return True |
|
266 |
return None |
tests/test_idp_oidc.py | ||
---|---|---|
43 | 43 |
from authentic2_idp_oidc.utils import get_first_ec_sig_key |
44 | 44 |
from authentic2_idp_oidc.utils import make_sub |
45 | 45 |
from authentic2.a2_rbac.utils import get_default_ou |
46 |
from authentic2.utils import make_url |
|
46 |
from authentic2.utils import make_url, good_next_url
|
|
47 | 47 |
from authentic2_auth_oidc.utils import parse_timestamp |
48 | 48 |
from django_rbac.utils import get_ou_model |
49 | 49 |
from django_rbac.utils import get_role_model |
... | ... | |
1689 | 1689 |
'button', {'class': 'authorized-oauth-services--revoke-button'})) == 1 |
1690 | 1690 |
assert OIDCAuthorization.objects.filter( |
1691 | 1691 |
client_ct=ContentType.objects.get_for_model(OU)).count() == 0 |
1692 | ||
1693 | ||
1694 |
def test_oidc_good_next_url_hook(app, oidc_client): |
|
1695 |
from django.test.client import RequestFactory |
|
1696 |
rf = RequestFactory() |
|
1697 |
request = rf.get('/') |
|
1698 |
assert good_next_url(request, 'https://example.com/') |
|
1692 |
- |