Projet

Général

Profil

0001-idp_oidc-fix-erroneous-exception-handling-at-client-.patch

Paul Marillonnet, 09 février 2023 14:14

Télécharger (2,61 ko)

Voir les différences: 

Subject: [PATCH] idp_oidc: fix erroneous exception-handling at client authn
 time (#73990)


 src/authentic2_idp_oidc/views.py |  2 +-
 tests/idp_oidc/test_misc.py      | 39 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)
src/authentic2_idp_oidc/views.py
599 599 
        raise InvalidClient(_('Empty client identifier'))
600 600 

  		




  601
  601
  
    
    if not client_secret:

  		




  602
  
  
    
        raise InvalidRequest('missing client_secret', client=client_id)

  		




  
  602
  
    
        raise InvalidRequest('missing client_secret', client=client)

  		




  603
  603
  
    

  		




  604
  604
  
    
    client = get_client(client_id)

  		




  605
  605
  
    
    if not client:

  		












  

    
      tests/idp_oidc/test_misc.py
    
  





  1959
  1959
  
    
    freezer.move_to(datetime.timedelta(seconds=1.1))

  		




  1960
  1960
  
    
    response = resolve_code(status=400)

  		




  1961
  1961
  
    
    assert 'access_token' not in response.json

  		




  
  1962
  
    

  		




  
  1963
  
    

  		




  
  1964
  
    
def test_authenticate_client_exception_handling(app, oidc_client, simple_user, rf):

  		




  
  1965
  
    
    from authentic2_idp_oidc.views import (

  		




  
  1966
  
    
        InvalidClient,

  		




  
  1967
  
    
        InvalidRequest,

  		




  
  1968
  
    
        WrongClientSecret,

  		




  
  1969
  
    
        authenticate_client,

  		




  
  1970
  
    
    )

  		




  
  1971
  
    

  		




  
  1972
  
    
    request = rf.get('/')

  		




  
  1973
  
    

  		




  
  1974
  
    
    # missing client id

  		




  
  1975
  
    
    with pytest.raises(InvalidRequest):

  		




  
  1976
  
    
        authenticate_client(request, client=oidc_client)

  		




  
  1977
  
    

  		




  
  1978
  
    
    # empty client id

  		




  
  1979
  
    
    request.POST = {'client_id': '', 'client_secret': ''}

  		




  
  1980
  
    
    with pytest.raises(InvalidClient):

  		




  
  1981
  
    
        authenticate_client(request, client=oidc_client)

  		




  
  1982
  
    

  		




  
  1983
  
    
    # empty client secret

  		




  
  1984
  
    
    request.POST['client_id'] = 'abc'

  		




  
  1985
  
    
    with pytest.raises(InvalidRequest):

  		




  
  1986
  
    
        authenticate_client(request, client=oidc_client)

  		




  
  1987
  
    

  		




  
  1988
  
    
    # wrong client id

  		




  
  1989
  
    
    request.POST['client_secret'] = 'def'

  		




  
  1990
  
    
    with pytest.raises(InvalidClient):

  		




  
  1991
  
    
        authenticate_client(request, client=oidc_client)

  		




  
  1992
  
    

  		




  
  1993
  
    
    # wrong client secret

  		




  
  1994
  
    
    request.POST['client_id'] = oidc_client.client_id

  		




  
  1995
  
    
    with pytest.raises(WrongClientSecret):

  		




  
  1996
  
    
        authenticate_client(request, client=oidc_client)

  		




  
  1997
  
    

  		




  
  1998
  
    
    # OK

  		




  
  1999
  
    
    request.POST['client_secret'] = oidc_client.client_secret

  		




  
  2000
  
    
    assert authenticate_client(request, client=oidc_client) == oidc_client

  		




  1962
  
  
    
-