Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality
This commit is contained in:
parent
22c53abd63
commit
7a357001b6
7 changed files with 55 additions and 9 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -7,3 +7,5 @@ dist/
|
||||||
.tox
|
.tox
|
||||||
.coverage
|
.coverage
|
||||||
src/
|
src/
|
||||||
|
.venv
|
||||||
|
.idea
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
from django.conf import settings as django_settings
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
|
|
||||||
|
@ -49,3 +48,15 @@ def default_after_userlogin_hook(request, user, client):
|
||||||
Default function for setting OIDC_AFTER_USERLOGIN_HOOK.
|
Default function for setting OIDC_AFTER_USERLOGIN_HOOK.
|
||||||
"""
|
"""
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def additional_id_token_processing_hook(id_token):
|
||||||
|
"""
|
||||||
|
Hook to perform some additional actions ti `id_token` dictionary just before serialization.
|
||||||
|
|
||||||
|
:param id_token: dictionary contains values that going to be serialized into `id_token`
|
||||||
|
:type id_token: dict
|
||||||
|
:return: custom modified dictionary of values for `id_token`
|
||||||
|
:rtype dict
|
||||||
|
"""
|
||||||
|
return id_token
|
||||||
|
|
||||||
|
|
|
@ -44,6 +44,8 @@ def create_id_token(user, aud, nonce):
|
||||||
if nonce:
|
if nonce:
|
||||||
dic['nonce'] = str(nonce)
|
dic['nonce'] = str(nonce)
|
||||||
|
|
||||||
|
dic = settings.get('OIDC_ID_TOKEN_PROCESSING_HOOK', import_str=True)(dic)
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -97,6 +97,14 @@ class DefaultSettings(object):
|
||||||
"""
|
"""
|
||||||
return 'oidc_provider.lib.utils.common.DefaultUserInfo'
|
return 'oidc_provider.lib.utils.common.DefaultUserInfo'
|
||||||
|
|
||||||
|
@property
|
||||||
|
def OIDC_ID_TOKEN_PROCESSING_HOOK(self):
|
||||||
|
"""
|
||||||
|
OPTIONAL. A string with the location of your hook.
|
||||||
|
Used to add extra dictionary values specific for your app into id_token.
|
||||||
|
"""
|
||||||
|
return 'oidc_provider.lib.utils.common.additional_id_token_processing_hook'
|
||||||
|
|
||||||
default_settings = DefaultSettings()
|
default_settings = DefaultSettings()
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
import os
|
import os
|
||||||
|
import random
|
||||||
|
import string
|
||||||
try:
|
try:
|
||||||
from urlparse import parse_qs, urlsplit
|
from urlparse import parse_qs, urlsplit
|
||||||
except ImportError:
|
except ImportError:
|
||||||
|
@ -10,6 +12,7 @@ from oidc_provider.models import *
|
||||||
|
|
||||||
|
|
||||||
FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'
|
FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'
|
||||||
|
FAKE_RANDOM_STRING = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(32))
|
||||||
|
|
||||||
|
|
||||||
def create_fake_user():
|
def create_fake_user():
|
||||||
|
@ -103,3 +106,11 @@ def fake_sub_generator(user):
|
||||||
Fake function for setting OIDC_IDTOKEN_SUB_GENERATOR.
|
Fake function for setting OIDC_IDTOKEN_SUB_GENERATOR.
|
||||||
"""
|
"""
|
||||||
return user.email
|
return user.email
|
||||||
|
|
||||||
|
|
||||||
|
def fake_id_token_processing_hook(id_token):
|
||||||
|
"""
|
||||||
|
Fake function for inserting some keys into token. Testing OIDC_ID_TOKEN_PROCESSING_HOOK
|
||||||
|
"""
|
||||||
|
id_token['test_id_token_processing_hook'] = FAKE_RANDOM_STRING
|
||||||
|
return id_token
|
|
@ -1,16 +1,12 @@
|
||||||
from base64 import b64encode
|
from base64 import b64encode
|
||||||
import json
|
|
||||||
try:
|
try:
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
except ImportError:
|
except ImportError:
|
||||||
from urllib import urlencode
|
from urllib import urlencode
|
||||||
import uuid
|
|
||||||
|
|
||||||
from django.core.urlresolvers import reverse
|
|
||||||
from django.test import RequestFactory, override_settings
|
from django.test import RequestFactory, override_settings
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from jwkest.jwk import KEYS
|
from jwkest.jwk import KEYS
|
||||||
from jwkest.jws import JWS
|
|
||||||
from jwkest.jwt import JWT
|
from jwkest.jwt import JWT
|
||||||
from mock import patch
|
from mock import patch
|
||||||
|
|
||||||
|
@ -339,3 +335,19 @@ class TokenTestCase(TestCase):
|
||||||
id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
|
id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
|
||||||
|
|
||||||
self.assertEqual(id_token.get('sub'), self.user.email)
|
self.assertEqual(id_token.get('sub'), self.user.email)
|
||||||
|
|
||||||
|
@override_settings(OIDC_ID_TOKEN_PROCESSING_HOOK='oidc_provider.tests.app.utils.fake_id_token_processing_hook')
|
||||||
|
def test_additional_id_token_processing_hook(self):
|
||||||
|
"""
|
||||||
|
Test custom function for setting OIDC_ID_TOKEN_PROCESSING_HOOK.
|
||||||
|
"""
|
||||||
|
code = self._create_code()
|
||||||
|
|
||||||
|
post_data = self._auth_code_post_data(code=code.code)
|
||||||
|
|
||||||
|
response = self._post_request(post_data)
|
||||||
|
|
||||||
|
response_dic = json.loads(response.content.decode('utf-8'))
|
||||||
|
id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
|
||||||
|
|
||||||
|
self.assertEqual(id_token.get('test_id_token_processing_hook'), FAKE_RANDOM_STRING)
|
||||||
|
|
6
tox.ini
6
tox.ini
|
@ -6,9 +6,9 @@ envlist=
|
||||||
[testenv]
|
[testenv]
|
||||||
|
|
||||||
deps =
|
deps =
|
||||||
django17: django==1.7
|
django17: django>=1.7,<1.8
|
||||||
django18: django==1.8
|
django18: django>=1.8,<1.9
|
||||||
django19: django==1.9
|
django19: django>=1.9,<2.0
|
||||||
coverage
|
coverage
|
||||||
mock
|
mock
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue