kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fixed client id retrieval when aud is a list of str. (#210)

Browse source 
* Fixed client id retrievel when aud is a list of str.

* Split tests.
This commit is contained in:
Antoine Nguyen 2017-11-09 12:05:20 +01:00 committed by Wojciech Bartosiak
parent 6beb186540
commit 65c6cc6fec
2 changed files with 30 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
oidc_provider/lib/utils/token.py
View file

@ -91,7 +91,12 @@ def client_id_from_id_token(id_token):
Returns a string or None. Returns a string or None.
""" """
payload = JWT().unpack(id_token).payload() payload = JWT().unpack(id_token).payload()
return payload.get('aud', None) aud = payload.get('aud', None)
if aud is None:
return None
if isinstance(aud, list):
return aud[0]
return aud
def create_token(user, client, scope, id_token_dic=None): def create_token(user, client, scope, id_token_dic=None):

29
oidc_provider/tests/test_end_session_endpoint.py
View file

@ -30,21 +30,40 @@ class EndSessionTestCase(TestCase):
self.url = reverse('oidc_provider:end-session') self.url = reverse('oidc_provider:end-session')
def test_redirects(self): def test_redirects_when_aud_is_str(self):
query_params = { query_params = {
'post_logout_redirect_uri': self.LOGOUT_URL, 'post_logout_redirect_uri': self.LOGOUT_URL,
} }
response = self.client.get(self.url, query_params) response = self.client.get(self.url, query_params)
# With no id_token the OP MUST NOT redirect to the requested redirect_uri. # With no id_token the OP MUST NOT redirect to the requested
self.assertRedirects(response, settings.get('OIDC_LOGIN_URL'), fetch_redirect_response=False) # redirect_uri.
self.assertRedirects(
response, settings.get('OIDC_LOGIN_URL'),
fetch_redirect_response=False)
id_token_dic = create_id_token(user=self.user, aud=self.oidc_client.client_id) id_token_dic = create_id_token(
user=self.user, aud=self.oidc_client.client_id)
id_token = encode_id_token(id_token_dic, self.oidc_client) id_token = encode_id_token(id_token_dic, self.oidc_client)
query_params['id_token_hint'] = id_token query_params['id_token_hint'] = id_token
response = self.client.get(self.url, query_params) response = self.client.get(self.url, query_params)
self.assertRedirects(response, self.LOGOUT_URL, fetch_redirect_response=False) self.assertRedirects(
response, self.LOGOUT_URL, fetch_redirect_response=False)
def test_redirects_when_aud_is_list(self):
"""Check with 'aud' containing a list of str."""
query_params = {
'post_logout_redirect_uri': self.LOGOUT_URL,
}
id_token_dic = create_id_token(
user=self.user, aud=self.oidc_client.client_id)
id_token_dic['aud'] = [id_token_dic['aud']]
id_token = encode_id_token(id_token_dic, self.oidc_client)
query_params['id_token_hint'] = id_token
response = self.client.get(self.url, query_params)
self.assertRedirects(
response, self.LOGOUT_URL, fetch_redirect_response=False)
@mock.patch(settings.get('OIDC_AFTER_END_SESSION_HOOK')) @mock.patch(settings.get('OIDC_AFTER_END_SESSION_HOOK'))
def test_call_post_end_session_hook(self, hook_function): def test_call_post_end_session_hook(self, hook_function):