From 7601ea85112cd08c7e61a8c311c8aea9f5abec9c Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 24 Jun 2021 15:12:29 +0200 Subject: [PATCH] franceconnect_data: add a hash of the identite_pivot to returned data (#55155) --- passerelle/apps/franceconnect_data/fc.py | 9 +++++++++ tests/test_franceconnect_data.py | 1 + 2 files changed, 10 insertions(+) diff --git a/passerelle/apps/franceconnect_data/fc.py b/passerelle/apps/franceconnect_data/fc.py index 7e7d30d2..f602fa9d 100644 --- a/passerelle/apps/franceconnect_data/fc.py +++ b/passerelle/apps/franceconnect_data/fc.py @@ -15,6 +15,7 @@ # along with this program. If not, see . import base64 +import hashlib import json import urllib.parse import uuid @@ -113,8 +114,16 @@ class FranceConnect: platform.user_info_endpoint_url, headers={'Authorization': 'Bearer %s' % self.fc_access_token}, ) + fc_user_info['identite_pivot_sha256'] = self.make_identite_pivot_sha256(fc_user_info) self.add('fc_user_info', fc_user_info) + def make_identite_pivot_sha256(self, user_info): + parts = [] + for key in ['given_name', 'family_name', 'birthdate', 'gender', 'birthplace', 'birthcountry']: + parts.append('%s=%s' % (key, user_info.get(key) or '')) + data = '\n'.join(parts) + return hashlib.sha256(data.encode()).hexdigest().lower() + def request_dgfip_access_token(self, dgfip_username, dgfip_password, scope=None): data = { 'grant_type': 'client_credentials', diff --git a/tests/test_franceconnect_data.py b/tests/test_franceconnect_data.py index 8e53dc02..afd45966 100644 --- a/tests/test_franceconnect_data.py +++ b/tests/test_franceconnect_data.py @@ -85,6 +85,7 @@ def test_callback(app, fc): 'gender': 'male', 'given_name': 'John', 'sub': 'sub-1234', + 'identite_pivot_sha256': 'c4d239de7e2abc4782039091437bcc9ad963ec93b40ffe6beac6600c36f3635b', }, 'id': None, 'text': 'John Doe né le April 28, 2001', -- 2.32.0.rc0