Add OIDC_SKIP_CONSENT_ALWAYS setting.
This commit is contained in:
parent
649179b34d
commit
6646bdb92a
5 changed files with 31 additions and 6 deletions
|
@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### [Unreleased]
|
||||
|
||||
##### Added
|
||||
- Setting OIDC_SKIP_CONSENT_ALWAYS.
|
||||
|
||||
##### Changed
|
||||
- Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.
|
||||
|
||||
|
|
6
DOC.md
6
DOC.md
|
@ -32,6 +32,7 @@ Before getting started there are some important things that you should know:
|
|||
- [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
|
||||
- [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
|
||||
- [OIDC_IDTOKEN_SUB_GENERATOR](#oidc_idtoken_sub_generator)
|
||||
- [OIDC_SKIP_CONSENT_ALWAYS](#oidc_skip_consent_always)
|
||||
- [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
|
||||
- [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
|
||||
- [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
|
||||
|
@ -398,6 +399,11 @@ def default_sub_generator(user):
|
|||
return str(user.id)
|
||||
```
|
||||
|
||||
##### OIDC_SKIP_CONSENT_ALWAYS
|
||||
OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
|
||||
|
||||
`bool`. Default is `False`.
|
||||
|
||||
##### OIDC_SKIP_CONSENT_ENABLE
|
||||
OPTIONAL. If enabled, the Server will save the user consent given to a specific client, so that user won't be prompted for the same authorization multiple times.
|
||||
|
||||
|
|
|
@ -58,6 +58,13 @@ class DefaultSettings(object):
|
|||
"""
|
||||
return 'oidc_provider.lib.utils.common.default_sub_generator'
|
||||
|
||||
@property
|
||||
def OIDC_SKIP_CONSENT_ALWAYS(self):
|
||||
"""
|
||||
OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
|
||||
"""
|
||||
return False
|
||||
|
||||
@property
|
||||
def OIDC_SKIP_CONSENT_ENABLE(self):
|
||||
"""
|
||||
|
|
|
@ -224,13 +224,18 @@ class AuthorizationCodeFlowTestCase(TestCase):
|
|||
# Simulate that the user is logged.
|
||||
request.user = self.user
|
||||
|
||||
with self.settings(OIDC_SKIP_CONSENT_ALWAYS=True):
|
||||
response = AuthorizeView.as_view()(request)
|
||||
|
||||
self.assertEqual('code' in response['Location'], True,
|
||||
msg='Code is missing in the returned url.')
|
||||
|
||||
response = AuthorizeView.as_view()(request)
|
||||
|
||||
is_code_ok = is_code_valid(url=response['Location'],
|
||||
user=self.user,
|
||||
client=self.client)
|
||||
self.assertEqual(is_code_ok, True,
|
||||
msg='Code returned is invalid.')
|
||||
self.assertEqual(is_code_ok, True, msg='Code returned is invalid.')
|
||||
|
||||
del post_data['allow']
|
||||
query_str = urlencode(post_data).replace('+', '%20')
|
||||
|
@ -247,10 +252,12 @@ class AuthorizationCodeFlowTestCase(TestCase):
|
|||
is_code_ok = is_code_valid(url=response['Location'],
|
||||
user=self.user,
|
||||
client=self.client)
|
||||
self.assertEqual(is_code_ok, True,
|
||||
msg='Code returned is invalid or missing.')
|
||||
self.assertEqual(is_code_ok, True, msg='Code returned is invalid or missing.')
|
||||
|
||||
def test_response_uri_is_properly_constructed(self):
|
||||
"""
|
||||
TODO
|
||||
"""
|
||||
post_data = {
|
||||
'client_id': self.client.client_id,
|
||||
'redirect_uri': self.client.default_redirect_uri + "?redirect_state=xyz",
|
||||
|
|
|
@ -38,11 +38,13 @@ class AuthorizeView(View):
|
|||
if hook_resp:
|
||||
return hook_resp
|
||||
|
||||
if settings.get('OIDC_SKIP_CONSENT_ALWAYS'):
|
||||
return redirect(authorize.create_response_uri())
|
||||
|
||||
if settings.get('OIDC_SKIP_CONSENT_ENABLE'):
|
||||
# Check if user previously give consent.
|
||||
if authorize.client_has_user_consent():
|
||||
uri = authorize.create_response_uri()
|
||||
return redirect(uri)
|
||||
return redirect(authorize.create_response_uri())
|
||||
|
||||
# Generate hidden inputs for the form.
|
||||
context = {
|
||||
|
|
Loading…
Reference in a new issue