Merge branch 'v0.1.x' of https://github.com/juanifioren/django-oidc-provider

.travis.yml

@@ -6,7 +6,7 @@ env:
   - DJANGO=1.7
   - DJANGO=1.8
 install:
-  - pip install -q Django==$DJANGO --use-mirrors
+  - pip install -q django==$DJANGO
   - pip install -e .
 script:
   - PYTHONPATH=$PYTHONPATH:$PWD django-admin.py test oidc_provider --settings=oidc_provider.tests.app.settings

CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 
 ### [Unreleased]
 
+##### Added
+- Sending access_token as query string parameter in UserInfo Endpoint.
+
 ##### Changed
 - Use models setting instead of User.
 

oidc_provider/lib/endpoints/authorize.py

@@ -22,14 +22,8 @@ class AuthorizeEndpoint(object):
 
     def __init__(self, request):
         self.request = request
-
         self.params = Params()
 
-        # Because in this endpoint we handle both GET
-        # and POST request.
-        self.query_dict = (self.request.POST if self.request.method == 'POST'
-                           else self.request.GET)
-
         self._extract_params()
 
         # Determine which flow to use.
@@ -47,12 +41,17 @@ class AuthorizeEndpoint(object):
 
         See: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
         """
-        self.params.client_id = self.query_dict.get('client_id', '')
-        self.params.redirect_uri = self.query_dict.get('redirect_uri', '')
-        self.params.response_type = self.query_dict.get('response_type', '')
-        self.params.scope = self.query_dict.get('scope', '').split()
-        self.params.state = self.query_dict.get('state', '')
-        self.params.nonce = self.query_dict.get('nonce', '')
+        # Because in this endpoint we handle both GET
+        # and POST request.
+        query_dict = (self.request.POST if self.request.method == 'POST'
+                      else self.request.GET)
+
+        self.params.client_id = query_dict.get('client_id', '')
+        self.params.redirect_uri = query_dict.get('redirect_uri', '')
+        self.params.response_type = query_dict.get('response_type', '')
+        self.params.scope = query_dict.get('scope', '').split()
+        self.params.state = query_dict.get('state', '')
+        self.params.nonce = query_dict.get('nonce', '')
 
     def validate_params(self):
 

oidc_provider/lib/endpoints/userinfo.py

@@ -29,6 +29,7 @@ class UserInfoEndpoint(object):
     def _get_access_token(self):
         """
         Get the access token using Authorization Request Header Field method.
+        Or try getting via GET.
         See: http://tools.ietf.org/html/rfc6750#section-2.1
 
         Return a string.
@@ -38,7 +39,7 @@ class UserInfoEndpoint(object):
         if re.compile('^Bearer\s{1}.+$').match(auth_header):
             access_token = auth_header.split()[1]
         else:
-            access_token = ''
+            access_token = self.request.GET.get('access_token', '')
 
         return access_token
 

oidc_provider/tests/test_authorize_endpoint.py

@@ -130,7 +130,6 @@ class AuthorizationCodeFlowTestCase(TestCase):
         # Simulate that the user is logged.
         request.user = self.user
 
-        # Remove the hook, because we want to test default behaviour.
         response = AuthorizeView.as_view()(request)
 
         # Check if hidden inputs exists in the form,
@@ -273,3 +272,27 @@ class AuthorizationCodeFlowTestCase(TestCase):
                                    client=self.client)
         self.assertEqual(is_code_ok, True,
                          msg='Code returned is invalid.')
+
+    def test_scope_with_plus(self):
+        """
+        In query string, scope use `+` instead of the space url-encoded.
+        """
+        scope_test = 'openid email profile'
+
+        query_str = urlencode({
+            'client_id': self.client.client_id,
+            'response_type': 'code',
+            'redirect_uri': self.client.default_redirect_uri,
+            'scope': scope_test,
+            'state': self.state,
+        })
+
+        url = reverse('oidc_provider:authorize') + '?' + query_str
+
+        request = self.factory.get(url)
+        # Simulate that the user is logged.
+        request.user = self.user
+
+        response = AuthorizeView.as_view()(request)
+
+        self.assertEqual(scope_test in response.content.decode('utf-8'), True)

oidc_provider/tests/test_userinfo_endpoint.py

@@ -1,4 +1,8 @@
 from datetime import timedelta
+try:
+    from urllib.parse import urlencode
+except ImportError:
+    from urllib import urlencode
 
 from django.core.urlresolvers import reverse
 from django.test import RequestFactory
@@ -93,3 +97,20 @@ class UserInfoTestCase(TestCase):
         except KeyError:
             is_header_field_ok = False
         self.assertEqual(is_header_field_ok, True)
+
+    def test_accesstoken_query_string_parameter(self):
+        """
+        Make a GET request to the UserInfo Endpoint by sending access_token
+        as query string parameter.
+        """
+        token = self._create_token()
+
+        url = reverse('oidc_provider:userinfo') + '?' + urlencode({
+            'access_token': token.access_token,
+        })
+
+        request = self.factory.get(url)
+        response = userinfo(request)
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(bool(response.content), True)

tox.ini

@@ -10,6 +10,5 @@ deps =
     django18: django==1.8
 
 commands =
-    pip uninstall --yes django-oidc-provider
     pip install -e .
     {envbindir}/django-admin.py test oidc_provider --settings=oidc_provider.tests.app.settings