From 5d9c41eeb3495c28d4562c0435a156847c716a6c Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 24 Jan 2020 11:50:18 +0100
Subject: [PATCH] auth2_fc: set default scopes to profile and email (#39231)

And move default value to app_settings file. Support for FC data
provider had to be modified.
---
 src/authentic2_auth_fc/app_settings.py |  2 +-
 src/authentic2_auth_fc/views.py        | 13 ++++---------
 tests/auth_fc/test_auth_fc.py          |  2 +-
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/authentic2_auth_fc/app_settings.py b/src/authentic2_auth_fc/app_settings.py
index a7b5cf03..15cb79f9 100644
--- a/src/authentic2_auth_fc/app_settings.py
+++ b/src/authentic2_auth_fc/app_settings.py
@@ -128,7 +128,7 @@ class AppSettings(object):
 
     @property
     def scopes(self):
-        return self._setting('SCOPES', [])
+        return self._setting('SCOPES', ['profile', 'email'])
 
     @property
     def popup(self):
diff --git a/src/authentic2_auth_fc/views.py b/src/authentic2_auth_fc/views.py
index 9e6cff63..03e809c7 100644
--- a/src/authentic2_auth_fc/views.py
+++ b/src/authentic2_auth_fc/views.py
@@ -159,7 +159,6 @@ def clean_fc_session(session):
 
 class FcOAuthSessionViewMixin(LoggerMixin):
     '''Add the OAuth2 dance to a view'''
-    scopes = ['openid', 'profile', 'birth', 'email']
     redirect_field_name = REDIRECT_FIELD_NAME
     in_popup = False
     token = None
@@ -210,10 +209,7 @@ class FcOAuthSessionViewMixin(LoggerMixin):
         return self.redirect(request, next_url=there, *args, **kwargs)
 
     def get_scopes(self):
-        if app_settings.scopes:
-            return list(set(['openid'] + app_settings.scopes))
-        else:
-            return self.scopes
+        return list(set(['openid'] + app_settings.scopes))
 
     def get_ressource(self, url, verify):
         try:
@@ -327,11 +323,10 @@ class FcOAuthSessionViewMixin(LoggerMixin):
         elif 'error' in request.GET:
             return self.authorization_error(request, *args, **kwargs)
         else:
+            scopes = self.get_scopes()
             if 'fd_scopes' in request.GET:
-                scopes = request.GET.get('fd_scopes')
-                scopes = scopes.split()
-                self.scopes.extend(scopes)
-            return ask_authorization(request, self.get_scopes(), self.logger)
+                scopes = list(set(scopes) | set(request.GET['fd_scopes'].split()))
+            return ask_authorization(request, scopes, self.logger)
 
 
 class PopupViewMixin(object):
diff --git a/tests/auth_fc/test_auth_fc.py b/tests/auth_fc/test_auth_fc.py
index 0e3e6558..06a47860 100644
--- a/tests/auth_fc/test_auth_fc.py
+++ b/tests/auth_fc/test_auth_fc.py
@@ -78,7 +78,7 @@ def check_authorization_url(url):
     assert 'client_id' in parsed
     assert parsed['client_id'] == 'xxx'
     assert 'scope' in parsed
-    assert set(parsed['scope'].split()) == set(['openid', 'profile', 'birth', 'email'])
+    assert set(parsed['scope'].split()) == set(['openid', 'profile', 'email'])
     assert 'state' in parsed
     assert 'nonce' in parsed
     assert parsed['state'] == parsed['nonce']
-- 
2.24.0