0001-authentic2_idp_oidc-verify-next-url-againts-clients-.patch

Serghei Mihai, 24 novembre 2020 11:23

Voir les différences: en ligne côte à côte

Subject: [PATCH] authentic2_idp_oidc: verify next url againts clients
 redirect_uris (#48739)

 src/authentic2_idp_oidc/apps.py  |  4 ++++
 src/authentic2_idp_oidc/utils.py | 13 +++++++++++++
 tests/test_idp_oidc.py           |  9 ++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

src/authentic2_idp_oidc/apps.py
156	156	qs = qs.distinct()
157	157
158	158	return qs
	159
	160	def a2_hook_good_next_url(self, next_url):
	161	from .utils import good_next_url
	162	return good_next_url(next_url)

     from authentic2 import hooks, crypto
     from authentic2.attributes_ng.engine import get_attributes
     from authentic2.utils.template import Template
     from authentic2.decorators import GlobalCache
     from . import app_settings
-...
         oidc_sessions[uri] = oidc_session
         # force session save
         request.session.modified = True
     @GlobalCache(timeout=60)
     def good_next_url(next_url):
         from authentic2.utils import same_origin
         from .models import OIDCClient
         for oidc_client in OIDCClient.objects.all():
             for url in oidc_client.redirect_uris.split():
                 if same_origin(url, next_url):
                     return True
         return None

     from authentic2_idp_oidc.utils import get_first_ec_sig_key
     from authentic2_idp_oidc.utils import make_sub
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.utils import make_url
     from authentic2.utils import make_url, good_next_url
     from authentic2_auth_oidc.utils import parse_timestamp
     from django_rbac.utils import get_ou_model
     from django_rbac.utils import get_role_model
-...
             'button', {'class': 'authorized-oauth-services--revoke-button'})) == 1
         assert OIDCAuthorization.objects.filter(
             client_ct=ContentType.objects.get_for_model(OU)).count() == 0
     def test_oidc_good_next_url_hook(app, oidc_client):
         from django.test.client import RequestFactory
         rf = RequestFactory()
         request = rf.get('/')
         assert good_next_url(request, 'https://example.com/')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-authentic2_idp_oidc-verify-next-url-againts-clients-.patch