0001-idp_oidc-do-not-delete-code-on-resolution-by-token-e.patch

Benjamin Dauvergne, 12 juillet 2022 12:58

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp_oidc: do not delete code on resolution by token endpoint
 (#66893)

 src/authentic2_idp_oidc/views.py |  1 -
 tests/idp_oidc/test_misc.py      | 49 ++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

src/authentic2_idp_oidc/views.py
733	733	raise InvalidRequest(_('Parameter "code" is invalid'), client=client)
734	734	if not oidc_code.is_valid():
735	735	raise InvalidRequest(_('Parameter "code" has expired or user is disconnected'), client=client)
736		models.OIDCCode.objects.filter(uuid=code).delete()
737	736	redirect_uri = request.POST.get('redirect_uri')
738	737	if oidc_code.redirect_uri != redirect_uri:
739	738	raise InvalidRequest(_('Parameter "redirect_uri" does not match the code.'), client=client)

         response = app.get(authorize_url)
         assert response.location.startswith('/accounts/edit/required/?')
     def test_token_endpoint_code_timeout(oidc_client, oidc_settings, simple_user, app, caplog, rf, freezer):
         '''Verify codes are valid during 30 seconds'''
         utils.login(app, simple_user)
         oidc_client.authorization_mode = oidc_client.AUTHORIZATION_MODE_NONE
         oidc_client.save()
         redirect_uri = oidc_client.redirect_uris.split()[0]
         params = {
             'client_id': oidc_client.client_id,
             'scope': 'openid profile email',
             'redirect_uri': redirect_uri,
             'state': 'xxx',
             'nonce': 'yyy',
             'login_hint': 'backoffice john@example.com',
             'response_type': 'code',
+        }
         authorize_url = make_url('oidc-authorize', params=params)
         response = app.get(authorize_url)
         location = urllib.parse.urlparse(response['Location'])
         query = urllib.parse.parse_qs(location.query)
         code = query['code'][0]
         def resolve_code(**kwargs):
             token_url = make_url('oidc-token')
             return app.post(
                 token_url,
                 params={
                     'grant_type': 'authorization_code',
                     'code': code,
                     'redirect_uri': oidc_client.redirect_uris.split()[0],
                 },
                 headers=client_authentication_headers(oidc_client),
                 **kwargs,
+            )
         response = resolve_code()
         assert 'access_token' in response.json
         freezer.move_to(datetime.timedelta(seconds=29))
         response = resolve_code()
         assert 'access_token' in response.json
         # code should expire after 30 seconds
         freezer.move_to(datetime.timedelta(seconds=1.1))
         response = resolve_code(status=400)
         assert 'access_token' not in response.json
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp_oidc-do-not-delete-code-on-resolution-by-token-e.patch