Project

General

Profile

Development #31180

python3 : choisir la bonne exception à détecter dans le test authn OIDC de décodage en base64 de URL

Added by Paul Marillonnet 11 months ago. Updated 3 months ago.

Status:
Solution validée
Priority:
Normal
Category:
-
Target version:
-
Start date:
06 Mar 2019
Due date:
% Done:

0%

Patch proposed:
Yes
Planning:
No

Description

en python2 on cherche à détecter une TypeError alors qu'en python3 c'est une binascii.Error que l'on veut détecter.

0001-python3-pick-url-b64-decoding-exception-in-oidc-auth.patch View (949 Bytes) Paul Marillonnet, 06 Mar 2019 09:52 PM

0001-python3-define-a-base64-decoding-exception-31180.patch View (5.96 KB) Paul Marillonnet, 09 Apr 2019 11:25 AM


Related issues

Related to Authentic 2 - Development #28276: Fonctionner avec Python3 pour Django1.11 En cours 23 Nov 2018

History

#1 Updated by Paul Marillonnet 11 months ago

#2 Updated by Paul Marillonnet 11 months ago

#3 Updated by Benjamin Dauvergne 10 months ago

  • Assignee set to Paul Marillonnet

#4 Updated by Benjamin Dauvergne 10 months ago

Il y en a d'autres, je propose de tous les corriger peut-être en inventant une Base64Error dans authentic2.compat qui prendra le bon type.

bdauvergne@revestel:~/wd/eo/authentic$ git grep -C10 TypeError | grep -C4 b64
src/authentic2/crypto.py-        if raise_on_error:
src/authentic2/crypto.py-            raise DecryptionError('bad payload')
src/authentic2/crypto.py-        return None
src/authentic2/crypto.py-    try:
src/authentic2/crypto.py-        iv = base64.b64decode(iv)
src/authentic2/crypto.py-        crypted = base64.b64decode(crypted)
src/authentic2/crypto.py:    except TypeError:
src/authentic2/crypto.py-        if raise_on_error:
src/authentic2/crypto.py-            raise DecryptionError('incorrect base64 encoding')
src/authentic2/crypto.py-        return None
--
src/authentic2/nonce/utils.py-
src/authentic2/nonce/utils.py-def unlink_if_exists(path):
src/authentic2/nonce/utils.py-    try:
--
src/authentic2/profile_views.py-        uidb64 = kwargs['uidb64']
src/authentic2/profile_views.py-        self.token = token = kwargs['token']
src/authentic2/profile_views.py-
src/authentic2/profile_views.py-        UserModel = get_user_model()
src/authentic2/profile_views.py-        # checked by URLconf
src/authentic2/profile_views.py-        assert uidb64 is not None and token is not None
src/authentic2/profile_views.py-        try:
src/authentic2/profile_views.py-            uid = urlsafe_base64_decode(uidb64)
src/authentic2/profile_views.py-            # use authenticate to eventually get an LDAPUser
src/authentic2/profile_views.py-            self.user = authenticate(user=UserModel._default_manager.get(pk=uid))
src/authentic2/profile_views.py:        except (TypeError, ValueError, OverflowError,
src/authentic2/profile_views.py-                UserModel.DoesNotExist):
--
src/authentic2/saml/saml2utils.py-    if boolean is False:
src/authentic2/saml/saml2utils.py-        return 'false'
src/authentic2/saml/saml2utils.py:    raise TypeError()
src/authentic2/saml/saml2utils.py-
src/authentic2/saml/saml2utils.py-def int_to_b64(i):
src/authentic2/saml/saml2utils.py-    h = hex(i)[2:].strip('L')
src/authentic2/saml/saml2utils.py-    if len(h) % 2 == 1:
src/authentic2/saml/saml2utils.py-        h = '0' + h
src/authentic2/saml/saml2utils.py-    return base64.b64encode(binascii.unhexlify(h))
src/authentic2/saml/saml2utils.py-
src/authentic2/saml/saml2utils.py-def keyinfo(tb, key):
src/authentic2/saml/saml2utils.py-    tb.pushNamespace(lasso.DS_HREF)
src/authentic2/saml/saml2utils.py-    tb.start('KeyInfo', {})
--
src/authentic2_idp_oidc/views.py-        authorization = request.META['HTTP_AUTHORIZATION'].split()
src/authentic2_idp_oidc/views.py-        if authorization[0] != 'Basic' or len(authorization) != 2:
src/authentic2_idp_oidc/views.py-            return None
src/authentic2_idp_oidc/views.py-        try:
src/authentic2_idp_oidc/views.py-            decoded = base64.b64decode(authorization[1])
src/authentic2_idp_oidc/views.py:        except TypeError:
src/authentic2_idp_oidc/views.py-            return None
src/authentic2_idp_oidc/views.py-        parts = decoded.split(':')
src/authentic2_idp_oidc/views.py-        if len(parts) != 2:
--
tests/test_idp_saml2.py-                             '%s/sso/POST' % self.base_url)
tests/test_idp_saml2.py-            self.assertIn('SAMLResponse', doc.forms[0].fields)
tests/test_idp_saml2.py-            saml_response = doc.forms[0].fields['SAMLResponse']
tests/test_idp_saml2.py-            try:
tests/test_idp_saml2.py-                base64.b64decode(saml_response)
tests/test_idp_saml2.py:            except TypeError:
tests/test_idp_saml2.py-                self.fail('SAMLResponse is not base64 encoded: %s'
tests/test_idp_saml2.py-                          % saml_response)
tests/test_idp_saml2.py-            with self.assertRaises(lasso.ProfileRequestDeniedError):
--
tests/test_idp_saml2.py-                doc.forms[0].get('action'), '%s/sso/POST' % self.base_url)
tests/test_idp_saml2.py-            self.assertIn('SAMLResponse', doc.forms[0].fields)
tests/test_idp_saml2.py-            saml_response = doc.forms[0].fields['SAMLResponse']
tests/test_idp_saml2.py-            try:
tests/test_idp_saml2.py-                base64.b64decode(saml_response)
tests/test_idp_saml2.py:            except TypeError:
tests/test_idp_saml2.py-                self.fail('SAMLResponse is not base64 encoded: %s' % saml_response)
tests/test_idp_saml2.py-            login = self.parse_authn_response(saml_response)
tests/test_idp_saml2.py-            assertion = login.assertion
bdauvergne@revestel:~/wd/eo/authentic$ 

#5 Updated by Benjamin Dauvergne 10 months ago

  • Status changed from Solution proposée to En cours

#6 Updated by Paul Marillonnet 9 months ago

#7 Updated by Benjamin Dauvergne 3 months ago

  • Status changed from Solution proposée to Solution validée

Also available in: Atom PDF