0001-idp_oidc-use-invalid_grant-error-in-token-endpoint-6.patch
src/authentic2_idp_oidc/views.py | ||
---|---|---|
74 | 74 |
content['error_description'] = self.error_description |
75 | 75 | |
76 | 76 |
if self.client: |
77 |
content['client_id'] = self.client.client_id |
|
77 | 78 |
msg = 'idp_oidc: error "%s" in %s endpoint "%s" for client %s' |
78 | 79 |
if self.extra_info: |
79 | 80 |
msg += ' (%s)' % self.extra_info |
... | ... | |
181 | 182 |
error_code = 'invalid_client' |
182 | 183 | |
183 | 184 | |
185 |
class InvalidGrant(OIDCException): |
|
186 |
error_code = 'invalid_grant' |
|
187 | ||
188 | ||
184 | 189 |
class WrongClientSecret(InvalidClient): |
185 | 190 |
error_description = _('Wrong client secret') |
186 | 191 | |
... | ... | |
730 | 735 |
try: |
731 | 736 |
oidc_code = models.OIDCCode.objects.select_related().get(uuid=code) |
732 | 737 |
except models.OIDCCode.DoesNotExist: |
733 |
raise InvalidRequest(_('Parameter "code" is invalid'), client=client)
|
|
738 |
raise InvalidGrant(_('Code is unknown.'), client=client)
|
|
734 | 739 |
if not oidc_code.is_valid(): |
735 |
raise InvalidRequest(_('Parameter "code" has expired or user is disconnected'), client=client)
|
|
740 |
raise InvalidGrant(_('Code has expired, user is disconnected or session was lost.'), client=client)
|
|
736 | 741 |
redirect_uri = request.POST.get('redirect_uri') |
737 | 742 |
if oidc_code.redirect_uri != redirect_uri: |
738 |
raise InvalidRequest(_('Parameter "redirect_uri" does not match the code.'), client=client) |
|
743 |
raise InvalidGrant(_('Redirect_uri does not match the code.'), client=client) |
|
744 |
if oidc_code.client != client: |
|
745 |
raise InvalidGrant(_('Code was issued to a different client.'), client=client) |
|
739 | 746 |
if client.access_token_duration is None: |
740 | 747 |
expires_in = datetime.timedelta(seconds=oidc_code.session.get_expiry_age()) |
741 | 748 |
expired = None |
tests/idp_oidc/test_misc.py | ||
---|---|---|
892 | 892 |
token_url, params=params, headers=client_authentication_headers(oidc_client), status=400 |
893 | 893 |
) |
894 | 894 |
assert 'error' in response.json |
895 |
assert response.json['error'] == 'invalid_request' |
|
896 |
assert response.json['error_description'] == 'Parameter "code" has expired or user is disconnected' |
|
895 |
assert response.json['error'] == 'invalid_grant' |
|
897 | 896 | |
898 | 897 |
# invalid logout |
899 | 898 |
logout_url = make_url( |
... | ... | |
926 | 925 |
status=400, |
927 | 926 |
) |
928 | 927 |
assert 'error' in response.json |
929 |
assert response.json['error'] == 'invalid_request' |
|
930 |
assert response.json['error_description'] == 'Parameter "code" has expired or user is disconnected' |
|
928 |
assert response.json['error'] == 'invalid_grant' |
|
931 | 929 | |
932 | 930 | |
933 | 931 |
def test_client_secret_post_authentication(oidc_settings, app, simple_oidc_client, simple_user): |
934 |
- |