diff --git a/CHANGELOG.md b/CHANGELOG.md index 1396522..656c2e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file. ### [Unreleased] +##### Added +- Setting OIDC_SKIP_CONSENT_ALWAYS. + ##### Changed - Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database. diff --git a/DOC.md b/DOC.md index b493e08..dc03c9d 100644 --- a/DOC.md +++ b/DOC.md @@ -32,6 +32,7 @@ Before getting started there are some important things that you should know: - [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims) - [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire) - [OIDC_IDTOKEN_SUB_GENERATOR](#oidc_idtoken_sub_generator) + - [OIDC_SKIP_CONSENT_ALWAYS](#oidc_skip_consent_always) - [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable) - [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire) - [OIDC_TOKEN_EXPIRE](#oidc_token_expire) @@ -398,6 +399,11 @@ def default_sub_generator(user): return str(user.id) ``` +##### OIDC_SKIP_CONSENT_ALWAYS +OPTIONAL. If enabled, the Server will NEVER ask the user for consent. + +`bool`. Default is `False`. + ##### OIDC_SKIP_CONSENT_ENABLE OPTIONAL. If enabled, the Server will save the user consent given to a specific client, so that user won't be prompted for the same authorization multiple times. diff --git a/oidc_provider/settings.py b/oidc_provider/settings.py index a52e4ec..9b5f9f7 100644 --- a/oidc_provider/settings.py +++ b/oidc_provider/settings.py @@ -58,6 +58,13 @@ class DefaultSettings(object): """ return 'oidc_provider.lib.utils.common.default_sub_generator' + @property + def OIDC_SKIP_CONSENT_ALWAYS(self): + """ + OPTIONAL. If enabled, the Server will NEVER ask the user for consent. + """ + return False + @property def OIDC_SKIP_CONSENT_ENABLE(self): """ diff --git a/oidc_provider/tests/test_authorize_endpoint.py b/oidc_provider/tests/test_authorize_endpoint.py index d57f7e8..fc92fcc 100644 --- a/oidc_provider/tests/test_authorize_endpoint.py +++ b/oidc_provider/tests/test_authorize_endpoint.py @@ -224,13 +224,18 @@ class AuthorizationCodeFlowTestCase(TestCase): # Simulate that the user is logged. request.user = self.user + with self.settings(OIDC_SKIP_CONSENT_ALWAYS=True): + response = AuthorizeView.as_view()(request) + + self.assertEqual('code' in response['Location'], True, + msg='Code is missing in the returned url.') + response = AuthorizeView.as_view()(request) is_code_ok = is_code_valid(url=response['Location'], user=self.user, client=self.client) - self.assertEqual(is_code_ok, True, - msg='Code returned is invalid.') + self.assertEqual(is_code_ok, True, msg='Code returned is invalid.') del post_data['allow'] query_str = urlencode(post_data).replace('+', '%20') @@ -247,10 +252,12 @@ class AuthorizationCodeFlowTestCase(TestCase): is_code_ok = is_code_valid(url=response['Location'], user=self.user, client=self.client) - self.assertEqual(is_code_ok, True, - msg='Code returned is invalid or missing.') + self.assertEqual(is_code_ok, True, msg='Code returned is invalid or missing.') def test_response_uri_is_properly_constructed(self): + """ + TODO + """ post_data = { 'client_id': self.client.client_id, 'redirect_uri': self.client.default_redirect_uri + "?redirect_state=xyz", diff --git a/oidc_provider/views.py b/oidc_provider/views.py index 4d6aed9..6d6fa17 100644 --- a/oidc_provider/views.py +++ b/oidc_provider/views.py @@ -38,11 +38,13 @@ class AuthorizeView(View): if hook_resp: return hook_resp + if settings.get('OIDC_SKIP_CONSENT_ALWAYS'): + return redirect(authorize.create_response_uri()) + if settings.get('OIDC_SKIP_CONSENT_ENABLE'): # Check if user previously give consent. if authorize.client_has_user_consent(): - uri = authorize.create_response_uri() - return redirect(uri) + return redirect(authorize.create_response_uri()) # Generate hidden inputs for the form. context = {