Add OIDC_SKIP_CONSENT_ALWAYS setting.
This commit is contained in:
parent
649179b34d
commit
6646bdb92a
5 changed files with 31 additions and 6 deletions
|
@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### [Unreleased]
|
### [Unreleased]
|
||||||
|
|
||||||
|
##### Added
|
||||||
|
- Setting OIDC_SKIP_CONSENT_ALWAYS.
|
||||||
|
|
||||||
##### Changed
|
##### Changed
|
||||||
- Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.
|
- Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.
|
||||||
|
|
||||||
|
|
6
DOC.md
6
DOC.md
|
@ -32,6 +32,7 @@ Before getting started there are some important things that you should know:
|
||||||
- [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
|
- [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
|
||||||
- [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
|
- [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
|
||||||
- [OIDC_IDTOKEN_SUB_GENERATOR](#oidc_idtoken_sub_generator)
|
- [OIDC_IDTOKEN_SUB_GENERATOR](#oidc_idtoken_sub_generator)
|
||||||
|
- [OIDC_SKIP_CONSENT_ALWAYS](#oidc_skip_consent_always)
|
||||||
- [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
|
- [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
|
||||||
- [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
|
- [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
|
||||||
- [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
|
- [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
|
||||||
|
@ -398,6 +399,11 @@ def default_sub_generator(user):
|
||||||
return str(user.id)
|
return str(user.id)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
##### OIDC_SKIP_CONSENT_ALWAYS
|
||||||
|
OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
|
||||||
|
|
||||||
|
`bool`. Default is `False`.
|
||||||
|
|
||||||
##### OIDC_SKIP_CONSENT_ENABLE
|
##### OIDC_SKIP_CONSENT_ENABLE
|
||||||
OPTIONAL. If enabled, the Server will save the user consent given to a specific client, so that user won't be prompted for the same authorization multiple times.
|
OPTIONAL. If enabled, the Server will save the user consent given to a specific client, so that user won't be prompted for the same authorization multiple times.
|
||||||
|
|
||||||
|
|
|
@ -58,6 +58,13 @@ class DefaultSettings(object):
|
||||||
"""
|
"""
|
||||||
return 'oidc_provider.lib.utils.common.default_sub_generator'
|
return 'oidc_provider.lib.utils.common.default_sub_generator'
|
||||||
|
|
||||||
|
@property
|
||||||
|
def OIDC_SKIP_CONSENT_ALWAYS(self):
|
||||||
|
"""
|
||||||
|
OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
|
||||||
|
"""
|
||||||
|
return False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def OIDC_SKIP_CONSENT_ENABLE(self):
|
def OIDC_SKIP_CONSENT_ENABLE(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -224,13 +224,18 @@ class AuthorizationCodeFlowTestCase(TestCase):
|
||||||
# Simulate that the user is logged.
|
# Simulate that the user is logged.
|
||||||
request.user = self.user
|
request.user = self.user
|
||||||
|
|
||||||
|
with self.settings(OIDC_SKIP_CONSENT_ALWAYS=True):
|
||||||
|
response = AuthorizeView.as_view()(request)
|
||||||
|
|
||||||
|
self.assertEqual('code' in response['Location'], True,
|
||||||
|
msg='Code is missing in the returned url.')
|
||||||
|
|
||||||
response = AuthorizeView.as_view()(request)
|
response = AuthorizeView.as_view()(request)
|
||||||
|
|
||||||
is_code_ok = is_code_valid(url=response['Location'],
|
is_code_ok = is_code_valid(url=response['Location'],
|
||||||
user=self.user,
|
user=self.user,
|
||||||
client=self.client)
|
client=self.client)
|
||||||
self.assertEqual(is_code_ok, True,
|
self.assertEqual(is_code_ok, True, msg='Code returned is invalid.')
|
||||||
msg='Code returned is invalid.')
|
|
||||||
|
|
||||||
del post_data['allow']
|
del post_data['allow']
|
||||||
query_str = urlencode(post_data).replace('+', '%20')
|
query_str = urlencode(post_data).replace('+', '%20')
|
||||||
|
@ -247,10 +252,12 @@ class AuthorizationCodeFlowTestCase(TestCase):
|
||||||
is_code_ok = is_code_valid(url=response['Location'],
|
is_code_ok = is_code_valid(url=response['Location'],
|
||||||
user=self.user,
|
user=self.user,
|
||||||
client=self.client)
|
client=self.client)
|
||||||
self.assertEqual(is_code_ok, True,
|
self.assertEqual(is_code_ok, True, msg='Code returned is invalid or missing.')
|
||||||
msg='Code returned is invalid or missing.')
|
|
||||||
|
|
||||||
def test_response_uri_is_properly_constructed(self):
|
def test_response_uri_is_properly_constructed(self):
|
||||||
|
"""
|
||||||
|
TODO
|
||||||
|
"""
|
||||||
post_data = {
|
post_data = {
|
||||||
'client_id': self.client.client_id,
|
'client_id': self.client.client_id,
|
||||||
'redirect_uri': self.client.default_redirect_uri + "?redirect_state=xyz",
|
'redirect_uri': self.client.default_redirect_uri + "?redirect_state=xyz",
|
||||||
|
|
|
@ -38,11 +38,13 @@ class AuthorizeView(View):
|
||||||
if hook_resp:
|
if hook_resp:
|
||||||
return hook_resp
|
return hook_resp
|
||||||
|
|
||||||
|
if settings.get('OIDC_SKIP_CONSENT_ALWAYS'):
|
||||||
|
return redirect(authorize.create_response_uri())
|
||||||
|
|
||||||
if settings.get('OIDC_SKIP_CONSENT_ENABLE'):
|
if settings.get('OIDC_SKIP_CONSENT_ENABLE'):
|
||||||
# Check if user previously give consent.
|
# Check if user previously give consent.
|
||||||
if authorize.client_has_user_consent():
|
if authorize.client_has_user_consent():
|
||||||
uri = authorize.create_response_uri()
|
return redirect(authorize.create_response_uri())
|
||||||
return redirect(uri)
|
|
||||||
|
|
||||||
# Generate hidden inputs for the form.
|
# Generate hidden inputs for the form.
|
||||||
context = {
|
context = {
|
||||||
|
|
Loading…
Reference in a new issue