Refactoring prompt=none logic.

This commit is contained in:
Ignacio Fiorentino 2016-04-13 17:19:37 -03:00
parent b05894bf6d
commit 61f0c209af
2 changed files with 24 additions and 20 deletions

View file

@ -62,35 +62,39 @@ class AuthorizeEndpoint(object):
self.params.code_challenge_method = query_dict.get('code_challenge_method') self.params.code_challenge_method = query_dict.get('code_challenge_method')
def validate_params(self): def validate_params(self):
# Client validation.
try: try:
self.client = Client.objects.get(client_id=self.params.client_id) self.client = Client.objects.get(client_id=self.params.client_id)
except Client.DoesNotExist: except Client.DoesNotExist:
logger.debug('[Authorize] Invalid client identifier: %s', self.params.client_id) logger.debug('[Authorize] Invalid client identifier: %s', self.params.client_id)
raise ClientIdError() raise ClientIdError()
# Redirect URI validation.
if self.is_authentication and not self.params.redirect_uri: if self.is_authentication and not self.params.redirect_uri:
logger.debug('[Authorize] Missing redirect uri.') logger.debug('[Authorize] Missing redirect uri.')
raise RedirectUriError() raise RedirectUriError()
if not self.grant_type:
logger.debug('[Authorize] Invalid response type: %s', self.params.response_type)
raise AuthorizeError(self.params.redirect_uri, 'unsupported_response_type',
self.grant_type)
if self.is_authentication and self.grant_type == 'implicit' and not self.params.nonce:
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
self.grant_type)
if self.is_authentication and self.params.response_type != self.client.response_type:
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
self.grant_type)
clean_redirect_uri = urlsplit(self.params.redirect_uri) clean_redirect_uri = urlsplit(self.params.redirect_uri)
clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query='')) clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query=''))
if not (clean_redirect_uri in self.client.redirect_uris): if not (clean_redirect_uri in self.client.redirect_uris):
logger.debug('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri) logger.debug('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri)
raise RedirectUriError() raise RedirectUriError()
# Grant type validation.
if not self.grant_type:
logger.debug('[Authorize] Invalid response type: %s', self.params.response_type)
raise AuthorizeError(self.params.redirect_uri, 'unsupported_response_type',
self.grant_type)
# Nonce parameter validation.
if self.is_authentication and self.grant_type == 'implicit' and not self.params.nonce:
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
self.grant_type)
# Response type parameter validation.
if self.is_authentication and self.params.response_type != self.client.response_type:
raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
self.grant_type)
# PKCE validation of the transformation method. # PKCE validation of the transformation method.
if self.params.code_challenge: if self.params.code_challenge:
if not (self.params.code_challenge_method in ['plain', 'S256']): if not (self.params.code_challenge_method in ['plain', 'S256']):

View file

@ -66,13 +66,15 @@ class AuthorizeView(View):
'params': authorize.params, 'params': authorize.params,
} }
if authorize.params.prompt == 'none':
raise AuthorizeError(authorize.params.redirect_uri, 'interaction_required', authorize.grant_type)
return render(request, 'oidc_provider/authorize.html', context) return render(request, 'oidc_provider/authorize.html', context)
else: else:
if authorize.params.prompt == 'none': if authorize.params.prompt == 'none':
raise AuthorizeError(authorize.params.redirect_uri, 'login_required', authorize.grant_type) raise AuthorizeError(authorize.params.redirect_uri, 'login_required', authorize.grant_type)
else:
path = request.get_full_path() return redirect_to_login(request.get_full_path())
return redirect_to_login(path)
except (ClientIdError, RedirectUriError) as error: except (ClientIdError, RedirectUriError) as error:
context = { context = {
@ -92,12 +94,10 @@ class AuthorizeView(View):
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
authorize = AuthorizeEndpoint(request) authorize = AuthorizeEndpoint(request)
allow = True if request.POST.get('allow') else False
try: try:
authorize.validate_params() authorize.validate_params()
if not allow: if not request.POST.get('allow'):
raise AuthorizeError(authorize.params.redirect_uri, raise AuthorizeError(authorize.params.redirect_uri,
'access_denied', 'access_denied',
authorize.grant_type) authorize.grant_type)