Projet

Général

Profil

0001-idp_oidc-add-iss-and-sid-parameter-to-frontchannel_l.patch

Benjamin Dauvergne, 19 mai 2022 22:05

Télécharger (2,44 ko)

Voir les différences:

Subject: [PATCH] idp_oidc: add iss and sid parameter to
 frontchannel_logout_uri (#65475)

 src/authentic2_idp_oidc/utils.py | 7 ++++---
 tests/idp_oidc/test_misc.py      | 4 +++-
 2 files changed, 7 insertions(+), 4 deletions(-)
src/authentic2_idp_oidc/utils.py
30 30
from authentic2 import hooks
31 31
from authentic2.attributes_ng.engine import get_attributes
32 32
from authentic2.utils import crypto
33
from authentic2.utils.misc import make_url
33 34
from authentic2.utils.template import Template
34 35

  
35 36
from . import app_settings
......
294 295
    oidc_sessions = request.session.setdefault('oidc_sessions', {})
295 296
    if not client.frontchannel_logout_uri:
296 297
        return
297
    uri = client.frontchannel_logout_uri
298
    sid = get_session_id(request, client)
299
    iss = get_issuer(request)
300
    uri = make_url(client.frontchannel_logout_uri, params={'iss': iss, 'sid': sid}, resolve=False)
298 301
    oidc_session = {
299 302
        'frontchannel_logout_uri': uri,
300 303
        'frontchannel_timeout': client.frontchannel_timeout,
301 304
        'name': client.name,
302
        'sid': get_session_id(request, client),
303
        'iss': get_issuer(request),
304 305
    }
305 306
    if oidc_sessions.get(uri) == oidc_session:
306 307
        # already present
tests/idp_oidc/test_misc.py
398 398
        response = app.get(make_url('account_management'))
399 399
        response = response.click('Logout')
400 400
        if oidc_client.frontchannel_logout_uri:
401
            iframes = response.pyquery('iframe[src="https://example.com/southpark/logout/"]')
401
            iframes = response.pyquery('iframe[src^="https://example.com/southpark/logout/"]')
402 402
            assert iframes
403
            assert '?iss=' in iframes.attr('src')
404
            assert '&sid=' in iframes.attr('src')
403 405
            if oidc_client.frontchannel_timeout:
404 406
                assert iframes.attr('onload').endswith(', %d)' % oidc_client.frontchannel_timeout)
405 407
            else:
406
-