Refactoring create_id_token function.

This commit is contained in:
Ignacio Fiorentino 2016-09-09 13:10:12 -03:00
parent 5836774f6b
commit 8a63c83514
7 changed files with 41 additions and 15 deletions

View file

@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file.
##### Fixed
- CORS in discovery and userinfo endpoint.
- Client type public bug when created using the admin.
- Missing OIDC_TOKEN_EXPIRE setting on implicit flow.
### [0.3.7] - 2016-08-31

View file

@ -151,6 +151,7 @@ class AuthorizeEndpoint(object):
'aud': self.client.client_id,
'nonce': self.params.nonce,
'request': self.request,
'scope': self.params.scope,
}
# Include at_hash when access_token is being returned.
if 'access_token' in query_fragment:

View file

@ -153,6 +153,7 @@ class TokenEndpoint(object):
nonce=self.code.nonce,
at_hash=token.at_hash,
request=self.request,
scope=self.params.scope,
)
else:
id_token_dic = {}
@ -188,6 +189,7 @@ class TokenEndpoint(object):
nonce=None,
at_hash=token.at_hash,
request=self.request,
scope=self.params.scope,
)
else:
id_token_dic = {}

View file

@ -17,7 +17,7 @@ from oidc_provider.models import (
from oidc_provider import settings
def create_id_token(user, aud, nonce, at_hash=None, request=None):
def create_id_token(user, aud, nonce, at_hash=None, request=None, scope=[]):
"""
Creates the id_token dictionary.
See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
@ -50,7 +50,7 @@ def create_id_token(user, aud, nonce, at_hash=None, request=None):
if at_hash:
dic['at_hash'] = at_hash
if getattr(user, 'email', None):
if ('email' in scope) and getattr(user, 'email', None):
dic['email'] = user.email
processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')

View file

@ -11,7 +11,10 @@ import uuid
from django.contrib.auth.models import AnonymousUser
from django.core.management import call_command
from django.core.urlresolvers import reverse
from django.test import RequestFactory
from django.test import (
RequestFactory,
override_settings,
)
from django.test import TestCase
from jwkest.jwt import JWT
@ -457,12 +460,8 @@ class AuthorizationHybridFlowTestCase(TestCase, AuthorizeEndpointMixin):
self.state = uuid.uuid4().hex
self.nonce = uuid.uuid4().hex
def test_code_idtoken_token_response(self):
"""
Implicit client requesting `id_token token` receives both id token
and access token as the result of the authorization request.
"""
data = {
# Base data for the auth request.
self.data = {
'client_id': self.client_code_idtoken_token.client_id,
'redirect_uri': self.client_code_idtoken_token.default_redirect_uri,
'response_type': self.client_code_idtoken_token.response_type,
@ -472,7 +471,12 @@ class AuthorizationHybridFlowTestCase(TestCase, AuthorizeEndpointMixin):
'allow': 'Accept',
}
response = self._auth_request('post', data, is_user_authenticated=True)
def test_code_idtoken_token_response(self):
"""
Implicit client requesting `id_token token` receives both id token
and access token as the result of the authorization request.
"""
response = self._auth_request('post', self.data, is_user_authenticated=True)
self.assertIn('#', response['Location'])
self.assertIn('access_token', response['Location'])
@ -485,3 +489,12 @@ class AuthorizationHybridFlowTestCase(TestCase, AuthorizeEndpointMixin):
user=self.user,
client=self.client_code_idtoken_token)
self.assertEqual(is_code_ok, True, msg='Code returned is invalid.')
@override_settings(OIDC_TOKEN_EXPIRE=36000)
def test_access_token_expiration(self):
"""
Add ten hours of expiration to access_token. Check for the expires_in query in fragment.
"""
response = self._auth_request('post', self.data, is_user_authenticated=True)
self.assertIn('expires_in=36000', response['Location'])

View file

@ -10,7 +10,10 @@ except ImportError:
from django.core.management import call_command
from django.core.urlresolvers import reverse
from django.test import RequestFactory, override_settings
from django.test import (
RequestFactory,
override_settings,
)
from django.test import TestCase
from django.utils import timezone
from jwkest.jwk import KEYS
@ -148,7 +151,7 @@ class TokenTestCase(TestCase):
self.assertEqual(response_dic['token_type'], 'bearer')
self.assertEqual(response_dic['expires_in'], 720)
self.assertEqual(id_token['sub'], str(self.user.id))
self.assertEqual(id_token['aud'], self.client.client_id)
self.assertEqual(id_token['aud'], self.client.client_id);
def test_refresh_token(self):
"""

View file

@ -34,14 +34,20 @@ class UserInfoTestCase(TestCase):
"""
Generate a valid token.
"""
id_token_dic = create_id_token(self.user,
self.client.client_id, FAKE_NONCE)
scope = ['openid', 'email'] + extra_scope
id_token_dic = create_id_token(
user=self.user,
aud=self.client.client_id,
nonce=FAKE_NONCE,
scope=scope,
)
token = create_token(
user=self.user,
client=self.client,
id_token_dic=id_token_dic,
scope=['openid', 'email'] + extra_scope)
scope=scope)
token.save()
return token