Project

General

Profile

« Previous | Next » 

Revision 6388360c

Added by Serghei Mihai almost 9 years ago

checking the 'state' parameter issued by idp

View differences:

ckanext/ozwillo_pyoidc/oidc.py
26 26
        if behaviour:
27 27
            self.behaviour = behaviour
28 28

  
29
    def create_authn_request(self, session, acr_value=None):
30
        session["state"] = rndstr()
31
        session["nonce"] = rndstr()
29
    def create_authn_request(self, acr_value=None):
30
        self.state = rndstr()
31
        nonce = rndstr()
32 32
        request_args = {
33 33
            "response_type": self.behaviour["response_type"],
34 34
            "scope": self.behaviour["scope"],
35
            "state": session["state"],
36
            "nonce": session["nonce"],
35
            "state": self.state,
36
            "nonce": nonce,
37 37
            "redirect_uri": self.registration_response["redirect_uris"][0]
38 38
        }
39 39

  
......
64 64
        authresp = self.parse_response(AuthorizationResponse, response,
65 65
                                       sformat="dict", keyjar=self.keyjar)
66 66

  
67
        if self.state != authresp['state']:
68
            raise OIDCError("Invalid state %s." % authresp["state"])
69

  
67 70
        if isinstance(authresp, ErrorResponse):
68 71
            return OIDCError("Access denied")
69 72

  

Also available in: Unified diff