0001-idp_oidc-prompt-for-user-profile-selection-even-when.patch

Paul Marillonnet, 19 décembre 2022 10:18

Voir les différences: en ligne côte à côte

Subject: [PATCH] idp_oidc: prompt for user profile selection even when
 prompt=none (#72507)

 src/authentic2_idp_oidc/views.py |  2 +-
 tests/idp_oidc/test_misc.py      | 55 ++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)

                 profile = authorized_profile
             if (authorized_scopes & scopes) < scopes:
                 needs_scope_validation = True
             if needs_scope_validation or (user_has_selectable_profiles and client.activate_user_profiles):
             if needs_scope_validation:
                 if 'none' in prompt:
                     raise ConsentRequired(_('Consent is required but prompt parameter is "none"'))
                 if request.method == 'POST':

     from authentic2.a2_rbac.models import OrganizationalUnit, Role
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.custom_user.models import Profile, ProfileType
     from authentic2.models import Attribute, AuthorizedRole
     from authentic2.utils.misc import good_next_url, make_url
     from authentic2_auth_oidc.utils import parse_timestamp
-...
                 response, 'consent_required', 'Consent is required but prompt parameter is "none"', message=False
+            )
             # prompt is none, but account selection is required, corner case without error
             oidc_client.activate_user_profiles = True
             oidc_client.save()
             profile_type_manager = ProfileType.objects.create(
                 name='One Manager Type',
                 slug='one-manager-type',
+            )
             profile_type_delegate = ProfileType.objects.create(
                 name='One Delegate Type',
                 slug='one-delegate-type',
+            )
             profile_manager = Profile.objects.create(
                 user=simple_user,
                 profile_type=profile_type_manager,
                 identifier='Entity 789',
                 email='manager@example789.org',
+            )
             profile_delegate = Profile.objects.create(
                 user=simple_user,
                 profile_type=profile_type_delegate,
                 identifier='Entity 1011',
                 email='delegate@example1011.org',
+            )
             # authorization exists
             authorize = OIDCAuthorization.objects.create(
                 client=oidc_client,
                 user=simple_user,
                 scopes='openid profile email',
                 expired=now() + datetime.timedelta(days=2),
+            )
             response = app.get(
                 make_url(
                     'oidc-authorize',
                     params={
                         'client_id': oidc_client.client_id,
                         'redirect_uri': redirect_uri,
                         'response_type': response_type,
                         'scope': 'openid',
                         'prompt': 'none',
                     },
+                )
+            )
             if oidc_client.authorization_flow == OIDCClient.FLOW_IMPLICIT:
                 assert 'access_token' in response.location
                 assert 'id_token' in response.location
                 assert 'expires_in' in response.location
                 assert 'token_type' in response.location
             elif oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
                 assert 'code' in response.location
             profile_manager.delete()
             profile_delegate.delete()
             authorize.delete()
             # user do not consent
             response = app.get(
                 make_url(
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-idp_oidc-prompt-for-user-profile-selection-even-when.patch