0001-idp_oidc-use-invalid_grant-error-in-token-endpoint-6.patch

Benjamin Dauvergne, 26 juillet 2022 13:32

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp_oidc: use invalid_grant error in token endpoint (#66544)

 src/authentic2_idp_oidc/views.py | 13 ++++++++++---
 tests/idp_oidc/test_misc.py      |  6 ++----
 2 files changed, 12 insertions(+), 7 deletions(-)

                 content['error_description'] = self.error_description
             if self.client:
                 content['client_id'] = self.client.client_id
                 msg = 'idp_oidc: error "%s" in %s endpoint "%s" for client %s'
                 if self.extra_info:
                     msg += ' (%s)' % self.extra_info
-...
         error_code = 'invalid_client'
     class InvalidGrant(OIDCException):
         error_code = 'invalid_grant'
     class WrongClientSecret(InvalidClient):
         error_description = _('Wrong client secret')
-...
         try:
             oidc_code = models.OIDCCode.objects.select_related().get(uuid=code)
         except models.OIDCCode.DoesNotExist:
             raise InvalidRequest(_('Parameter "code" is invalid'), client=client)
             raise InvalidGrant(_('Code is unknown.'), client=client)
         if not oidc_code.is_valid():
             raise InvalidRequest(_('Parameter "code" has expired or user is disconnected'), client=client)
             raise InvalidGrant(_('Code has expired, user is disconnected or session was lost.'), client=client)
         redirect_uri = request.POST.get('redirect_uri')
         if oidc_code.redirect_uri != redirect_uri:
             raise InvalidRequest(_('Parameter "redirect_uri" does not match the code.'), client=client)
             raise InvalidGrant(_('Redirect_uri does not match the code.'), client=client)
         if oidc_code.client != client:
             raise InvalidGrant(_('Code was issued to a different client.'), client=client)
         if client.access_token_duration is None:
             expires_in = datetime.timedelta(seconds=oidc_code.session.get_expiry_age())
             expired = None

                 token_url, params=params, headers=client_authentication_headers(oidc_client), status=400
+            )
             assert 'error' in response.json
             assert response.json['error'] == 'invalid_request'
             assert response.json['error_description'] == 'Parameter "code" has expired or user is disconnected'
             assert response.json['error'] == 'invalid_grant'
         # invalid logout
         logout_url = make_url(
-...
                 status=400,
+            )
             assert 'error' in response.json
             assert response.json['error'] == 'invalid_request'
             assert response.json['error_description'] == 'Parameter "code" has expired or user is disconnected'
             assert response.json['error'] == 'invalid_grant'
     def test_client_secret_post_authentication(oidc_settings, app, simple_oidc_client, simple_user):
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp_oidc-use-invalid_grant-error-in-token-endpoint-6.patch