From e4850ab3c73f6b40a4a95986996925312e5b82e5 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 24 Jan 2020 11:50:18 +0100
Subject: [PATCH] auth2_fc: set default scopes to profile and email (#39231)

And move default value to app_settings file. Support for FC data
provider had to be modified.
---
 src/authentic2_auth_fc/app_settings.py |  2 +-
 src/authentic2_auth_fc/views.py        | 13 ++++---------
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/authentic2_auth_fc/app_settings.py b/src/authentic2_auth_fc/app_settings.py
index a7b5cf03..15cb79f9 100644
--- a/src/authentic2_auth_fc/app_settings.py
+++ b/src/authentic2_auth_fc/app_settings.py
@@ -128,7 +128,7 @@ class AppSettings(object):
 
     @property
     def scopes(self):
-        return self._setting('SCOPES', [])
+        return self._setting('SCOPES', ['profile', 'email'])
 
     @property
     def popup(self):
diff --git a/src/authentic2_auth_fc/views.py b/src/authentic2_auth_fc/views.py
index 9e6cff63..03e809c7 100644
--- a/src/authentic2_auth_fc/views.py
+++ b/src/authentic2_auth_fc/views.py
@@ -159,7 +159,6 @@ def clean_fc_session(session):
 
 class FcOAuthSessionViewMixin(LoggerMixin):
     '''Add the OAuth2 dance to a view'''
-    scopes = ['openid', 'profile', 'birth', 'email']
     redirect_field_name = REDIRECT_FIELD_NAME
     in_popup = False
     token = None
@@ -210,10 +209,7 @@ class FcOAuthSessionViewMixin(LoggerMixin):
         return self.redirect(request, next_url=there, *args, **kwargs)
 
     def get_scopes(self):
-        if app_settings.scopes:
-            return list(set(['openid'] + app_settings.scopes))
-        else:
-            return self.scopes
+        return list(set(['openid'] + app_settings.scopes))
 
     def get_ressource(self, url, verify):
         try:
@@ -327,11 +323,10 @@ class FcOAuthSessionViewMixin(LoggerMixin):
         elif 'error' in request.GET:
             return self.authorization_error(request, *args, **kwargs)
         else:
+            scopes = self.get_scopes()
             if 'fd_scopes' in request.GET:
-                scopes = request.GET.get('fd_scopes')
-                scopes = scopes.split()
-                self.scopes.extend(scopes)
-            return ask_authorization(request, self.get_scopes(), self.logger)
+                scopes = list(set(scopes) | set(request.GET['fd_scopes'].split()))
+            return ask_authorization(request, scopes, self.logger)
 
 
 class PopupViewMixin(object):
-- 
2.24.0