kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add scope validation in userinfo endpoint.

Browse source
This commit is contained in:
juanifioren 2015-05-07 16:12:45 -03:00
parent e92308e421
commit 7a82c352fd
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
oidc_provider/lib/endpoints/userinfo.py
View file

@ -13,13 +13,11 @@ from oidc_provider import settings
class UserInfoEndpoint(object): class UserInfoEndpoint(object):
def __init__(self, request): def __init__(self, request):
self.request = request self.request = request
self.params = Params() self.params = Params()
self._extract_params() self._extract_params()
def _extract_params(self): def _extract_params(self):
# TODO: Maybe add other ways of passing access token # TODO: Maybe add other ways of passing access token
# http://tools.ietf.org/html/rfc6750#section-2 # http://tools.ietf.org/html/rfc6750#section-2
self.params.access_token = self._get_access_token() self.params.access_token = self._get_access_token()
@ -41,13 +39,15 @@ class UserInfoEndpoint(object):
return access_token return access_token
def validate_params(self): def validate_params(self):
try: try:
self.token = Token.objects.get(access_token=self.params.access_token) self.token = Token.objects.get(access_token=self.params.access_token)
if self.token.has_expired(): if self.token.has_expired():
raise UserInfoError('invalid_token') raise UserInfoError('invalid_token')
if not ('openid' in self.token.scope):
raise UserInfoError('insufficient_scope')
except Token.DoesNotExist: except Token.DoesNotExist:
raise UserInfoError('invalid_token') raise UserInfoError('invalid_token')
@ -75,7 +75,6 @@ class UserInfoEndpoint(object):
@classmethod @classmethod
def response(cls, dic): def response(cls, dic):
response = JsonResponse(dic, status=200) response = JsonResponse(dic, status=200)
response['Cache-Control'] = 'no-store' response['Cache-Control'] = 'no-store'
response['Pragma'] = 'no-cache' response['Pragma'] = 'no-cache'
@ -84,7 +83,6 @@ class UserInfoEndpoint(object):
@classmethod @classmethod
def error_response(cls, code, description, status): def error_response(cls, code, description, status):
response = HttpResponse(status=status) response = HttpResponse(status=status)
response['WWW-Authenticate'] = 'error="{0}", error_description="{1}"'.format(code, description) response['WWW-Authenticate'] = 'error="{0}", error_description="{1}"'.format(code, description)