0001-idp_oidc-reduce-users-api-data-to-client-s-authorize.patch

Paul Marillonnet, 09 juin 2022 18:12

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp_oidc: reduce users api data to client's authorized claims
 (#65943)

 src/authentic2_idp_oidc/apps.py |  7 +++++++
 tests/idp_oidc/test_api.py      | 26 ++++++++++++++++++++------
 2 files changed, 27 insertions(+), 6 deletions(-)

                         request.unknown_uuids.append(u)
                 serializer.validated_data['known_uuids'] = new_known_uuids
             elif serializer.__class__.__name__ == 'ListSerializer' and 'claim_resolution' in view.request.GET:
                 allowed_attrs = ['sub'] + list(
                     OIDCClaim.objects.filter(client=client).values_list('name', flat=True)
+                )
                 for user_dict in serializer.data:
                     context = user_dict.copy()
                     for claim in OIDCClaim.objects.filter(client=client):
-...
                             template = Template(claim.value)
                             value = template.render(context=context)
                         user_dict[claim.name] = value
                     copied_dict = user_dict.copy()
                     for attr in copied_dict.keys():
                         if attr not in allowed_attrs:
                             user_dict.pop(attr)
         def a2_hook_api_modify_response(self, view, method_name, data):
             """Reverse mapping applied in a2_hook_api_modify_serializer_after_validation using the

             client=oidc_client,
+        )
         users = [User.objects.create(username=f'user-{i}', last_name=f'Name-{i}') for i in range(10)]
         users = [
             User.objects.create(username=f'user-{i}', last_name=f'Name-{i}', email=f'name-{i}@plain.nowhere.null')
             for i in range(10)
+        ]
         expired = now() + timedelta(hours=1)
         for user in users:
             OIDCAuthorization.objects.create(
-...
+        )
         for user_dict in random.choices(response.json['results'], k=3):
             assert user_dict['last_name']
             assert user_dict['family_name'].startswith('Templated')
             assert user_dict['family_name'].endswith(user_dict['last_name'])
             assert 'Name' in user_dict['family_name']
             assert user_dict['first_name']
             assert user_dict['given_name'].startswith('Templated')
             assert user_dict['given_name'].endswith(user_dict['first_name'])
             assert 'User' in user_dict['given_name']
             assert user_dict['email']
             assert user_dict['email'].startswith(user_dict['last_name'])
             assert 'Name' in user_dict['email']
             assert user_dict['email'].endswith('@templated.nowhere.null')
         response = app.get(
             f'/api/users/?modified__gt={pre_modification}',
             status=200,
+        )
         for user_dict in random.choices(response.json['results'], k=3):
             assert user_dict['last_name']
             assert 'family_name' not in user_dict
             assert user_dict['first_name']
             assert 'given_name' not in user_dict
             assert user_dict['email']
             assert not user_dict['email'].endswith('@templated.nowhere.null')
     def test_api_users_list_queryset_reduction(app, oidc_client):
         oidc_client.has_api_access = True
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp_oidc-reduce-users-api-data-to-client-s-authorize.patch