Add OIDC_SKIP_CONSENT_ALWAYS setting.

This commit is contained in:
juanifioren 2016-02-01 14:34:39 -03:00
parent 649179b34d
commit 6646bdb92a
5 changed files with 31 additions and 6 deletions

View file

@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
### [Unreleased]
##### Added
- Setting OIDC_SKIP_CONSENT_ALWAYS.
##### Changed
- Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.

6
DOC.md
View file

@ -32,6 +32,7 @@ Before getting started there are some important things that you should know:
- [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
- [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
- [OIDC_IDTOKEN_SUB_GENERATOR](#oidc_idtoken_sub_generator)
- [OIDC_SKIP_CONSENT_ALWAYS](#oidc_skip_consent_always)
- [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
- [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
- [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
@ -398,6 +399,11 @@ def default_sub_generator(user):
return str(user.id)
```
##### OIDC_SKIP_CONSENT_ALWAYS
OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
`bool`. Default is `False`.
##### OIDC_SKIP_CONSENT_ENABLE
OPTIONAL. If enabled, the Server will save the user consent given to a specific client, so that user won't be prompted for the same authorization multiple times.

View file

@ -58,6 +58,13 @@ class DefaultSettings(object):
"""
return 'oidc_provider.lib.utils.common.default_sub_generator'
@property
def OIDC_SKIP_CONSENT_ALWAYS(self):
"""
OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
"""
return False
@property
def OIDC_SKIP_CONSENT_ENABLE(self):
"""

View file

@ -224,13 +224,18 @@ class AuthorizationCodeFlowTestCase(TestCase):
# Simulate that the user is logged.
request.user = self.user
with self.settings(OIDC_SKIP_CONSENT_ALWAYS=True):
response = AuthorizeView.as_view()(request)
self.assertEqual('code' in response['Location'], True,
msg='Code is missing in the returned url.')
response = AuthorizeView.as_view()(request)
is_code_ok = is_code_valid(url=response['Location'],
user=self.user,
client=self.client)
self.assertEqual(is_code_ok, True,
msg='Code returned is invalid.')
self.assertEqual(is_code_ok, True, msg='Code returned is invalid.')
del post_data['allow']
query_str = urlencode(post_data).replace('+', '%20')
@ -247,10 +252,12 @@ class AuthorizationCodeFlowTestCase(TestCase):
is_code_ok = is_code_valid(url=response['Location'],
user=self.user,
client=self.client)
self.assertEqual(is_code_ok, True,
msg='Code returned is invalid or missing.')
self.assertEqual(is_code_ok, True, msg='Code returned is invalid or missing.')
def test_response_uri_is_properly_constructed(self):
"""
TODO
"""
post_data = {
'client_id': self.client.client_id,
'redirect_uri': self.client.default_redirect_uri + "?redirect_state=xyz",

View file

@ -38,11 +38,13 @@ class AuthorizeView(View):
if hook_resp:
return hook_resp
if settings.get('OIDC_SKIP_CONSENT_ALWAYS'):
return redirect(authorize.create_response_uri())
if settings.get('OIDC_SKIP_CONSENT_ENABLE'):
# Check if user previously give consent.
if authorize.client_has_user_consent():
uri = authorize.create_response_uri()
return redirect(uri)
return redirect(authorize.create_response_uri())
# Generate hidden inputs for the form.
context = {