kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Preparing v0.5.2 (#201)

Browse source 
* Fix infinite login loop if "prompt=login" (#198)
* Fix Django 2.0 deprecation warnings (#185)
This commit is contained in:
Wojciech Bartosiak 2017-08-22 17:33:13 +02:00 committed by GitHub
parent 2e1efc41ed
commit 8e26248022
7 changed files with 56 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
oidc_provider/lib/utils/common.py
View file

@ -1,6 +1,12 @@
from hashlib import sha224
from django.core.urlresolvers import reverse
import django
if django.VERSION >= (1, 11):
from django.urls import reverse
else:
from django.core.urlresolvers import reverse
from django.http import HttpResponse
from oidc_provider import settings

10
oidc_provider/migrations/0001_initial.py
View file

@ -34,7 +34,7 @@ class Migration(migrations.Migration):
('expires_at', models.DateTimeField()),
('_scope', models.TextField(default=b'')),
('code', models.CharField(unique=True, max_length=255)),
('client', models.ForeignKey(to='oidc_provider.Client')),
('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)),
],
options={
'abstract': False,
@ -49,7 +49,7 @@ class Migration(migrations.Migration):
('_scope', models.TextField(default=b'')),
('access_token', models.CharField(unique=True, max_length=255)),
('_id_token', models.TextField()),
('client', models.ForeignKey(to='oidc_provider.Client')),
('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)),
],
options={
'abstract': False,
@ -59,7 +59,7 @@ class Migration(migrations.Migration):
migrations.CreateModel(
name='UserInfo',
fields=[
('user', models.OneToOneField(primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL)),
('user', models.OneToOneField(primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE)),
('given_name', models.CharField(max_length=255, null=True, blank=True)),
('family_name', models.CharField(max_length=255, null=True, blank=True)),
('middle_name', models.CharField(max_length=255, null=True, blank=True)),
@ -89,13 +89,13 @@ class Migration(migrations.Migration):
migrations.AddField(
model_name='token',
name='user',
field=models.ForeignKey(to=settings.AUTH_USER_MODEL),
field=models.ForeignKey(to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
preserve_default=True,
),
migrations.AddField(
model_name='code',
name='user',
field=models.ForeignKey(to=settings.AUTH_USER_MODEL),
field=models.ForeignKey(to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
preserve_default=True,
),
]

4
oidc_provider/migrations/0002_userconsent.py
View file

@ -19,8 +19,8 @@ class Migration(migrations.Migration):
('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
('expires_at', models.DateTimeField()),
('_scope', models.TextField(default=b'')),
('client', models.ForeignKey(to='oidc_provider.Client')),
('user', models.ForeignKey(to=settings.AUTH_USER_MODEL)),
('client', models.ForeignKey(to='oidc_provider.Client', on_delete=models.CASCADE)),
('user', models.ForeignKey(to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE)),
],
options={
'abstract': False,

4
oidc_provider/models.py
View file

@ -83,8 +83,8 @@ class Client(models.Model):
class BaseCodeTokenModel(models.Model):
user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_(u'User'))
client = models.ForeignKey(Client, verbose_name=_(u'Client'))
user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_(u'User'), on_delete=models.CASCADE)
client = models.ForeignKey(Client, verbose_name=_(u'Client'), on_delete=models.CASCADE)
expires_at = models.DateTimeField(verbose_name=_(u'Expiration Date'))
_scope = models.TextField(default='', verbose_name=_(u'Scopes'))

14
oidc_provider/tests/test_authorize_endpoint.py
View file

@ -1,9 +1,9 @@
from oidc_provider.lib.errors import RedirectUriError
try:
from urllib.parse import urlencode
from urllib.parse import urlencode, quote
except ImportError:
from urllib import urlencode
from urllib import urlencode, quote
try:
from urllib.parse import parse_qs, urlsplit
except ImportError:
@ -369,10 +369,20 @@ class AuthorizationCodeFlowTestCase(TestCase, AuthorizeEndpointMixin):
response = self._auth_request('get', data)
self.assertIn(settings.get('OIDC_LOGIN_URL'), response['Location'])
self.assertNotIn(
quote('prompt=login'),
response['Location'],
"Found prompt=login, this leads to infinite login loop. See https://github.com/juanifioren/django-oidc-provider/issues/197."
)
response = self._auth_request('get', data, is_user_authenticated=True)
self.assertIn(settings.get('OIDC_LOGIN_URL'), response['Location'])
self.assertTrue(logout_function.called_once())
self.assertNotIn(
quote('prompt=login'),
response['Location'],
"Found prompt=login, this leads to infinite login loop. See https://github.com/juanifioren/django-oidc-provider/issues/197."
)
def test_prompt_login_none_parameter(self):
"""

2
oidc_provider/urls.py
View file

@ -6,7 +6,7 @@ from oidc_provider import (
views,
)
app_name = 'oidc_provider'
urlpatterns = [
url(r'^authorize/?$', views.AuthorizeView.as_view(), name='authorize'),
url(r'^token/?$', csrf_exempt(views.TokenView.as_view()), name='token'),

30
oidc_provider/views.py
View file

@ -11,8 +11,14 @@ from django.contrib.auth.views import (
redirect_to_login,
logout,
)
import django
if django.VERSION >= (1, 11):
from django.urls import reverse
else:
from django.core.urlresolvers import reverse
from django.contrib.auth import logout as django_user_logout
from django.core.urlresolvers import reverse
from django.http import JsonResponse
from django.shortcuts import render
from django.template.loader import render_to_string
@ -66,13 +72,14 @@ class AuthorizeView(View):
client=authorize.client)
if hook_resp:
return hook_resp
if 'login' in authorize.params['prompt']:
if 'none' in authorize.params['prompt']:
raise AuthorizeError(authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
else:
django_user_logout(request)
return redirect_to_login(request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
next_page = self.strip_prompt_login(request.get_full_path())
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
if 'select_account' in authorize.params['prompt']:
# TODO: see how we can support multiple accounts for the end-user.
@ -127,6 +134,9 @@ class AuthorizeView(View):
else:
if 'none' in authorize.params['prompt']:
raise AuthorizeError(authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
if 'login' in authorize.params['prompt']:
next_page = self.strip_prompt_login(request.get_full_path())
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
return redirect_to_login(request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
@ -174,6 +184,20 @@ class AuthorizeView(View):
return redirect(uri)
@staticmethod
def strip_prompt_login(path):
"""
Strips 'login' from the 'prompt' query parameter.
"""
uri = urlsplit(path)
query_params = parse_qs(uri.query)
if 'login' in query_params['prompt']:
query_params['prompt'].remove('login')
if not query_params['prompt']:
del query_params['prompt']
uri = uri._replace(query=urlencode(query_params, doseq=True))
return urlunsplit(uri)
class TokenView(View):
def post(self, request, *args, **kwargs):