Now passing along the token to create_id_token function.

This commit is contained in:
dhrp 2017-12-15 09:29:49 +01:00
parent 8c736b8b08
commit 900cc9e5df
9 changed files with 30 additions and 18 deletions

View file

@ -16,11 +16,12 @@ STANDARD_CLAIMS = {
class ScopeClaims(object):
def __init__(self, user, scope):
self.user = user
def __init__(self, token):
self.user = token.user
claims = copy.deepcopy(STANDARD_CLAIMS)
self.userinfo = settings.get('OIDC_USERINFO', import_str=True)(claims, self.user)
self.scopes = scope
self.scopes = token.scope
self.client = token.client
def create_response_dic(self):
"""

View file

@ -155,6 +155,7 @@ class AuthorizeEndpoint(object):
kwargs = {
'user': self.request.user,
'aud': self.client.client_id,
'token': token,
'nonce': self.params['nonce'],
'request': self.request,
'scope': self.params['scope'],

View file

@ -164,6 +164,7 @@ class TokenEndpoint(object):
id_token_dic = create_id_token(
user=self.user,
aud=self.client.client_id,
token=token,
nonce='self.code.nonce',
at_hash=token.at_hash,
request=self.request,
@ -193,6 +194,7 @@ class TokenEndpoint(object):
id_token_dic = create_id_token(
user=self.code.user,
aud=self.client.client_id,
token=token,
nonce=self.code.nonce,
at_hash=token.at_hash,
request=self.request,
@ -237,6 +239,7 @@ class TokenEndpoint(object):
id_token_dic = create_id_token(
user=self.token.user,
aud=self.client.client_id,
token=token,
nonce=None,
at_hash=token.at_hash,
request=self.request,

View file

@ -19,7 +19,7 @@ from oidc_provider.models import (
from oidc_provider import settings
def create_id_token(user, aud, nonce='', at_hash='', request=None, scope=None):
def create_id_token(user, aud, token, nonce='', at_hash='', request=None, scope=None):
"""
Creates the id_token dictionary.
See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
@ -54,10 +54,10 @@ def create_id_token(user, aud, nonce='', at_hash='', request=None, scope=None):
dic['at_hash'] = at_hash
if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'):
custom_claims = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True)(user, scope)
custom_claims = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True)(token)
claims = custom_claims.create_response_dic()
else:
claims = StandardScopeClaims(user=user, scope=scope).create_response_dic()
claims = StandardScopeClaims(token).create_response_dic()
dic.update(claims) # modifies dic, adding all requested claims

View file

@ -15,7 +15,7 @@ class ClaimsTestCase(TestCase):
self.scopes = ['openid', 'address', 'email', 'phone', 'profile']
self.client = create_fake_client('code')
self.token = create_fake_token(self.user, self.scopes, self.client)
self.scopeClaims = ScopeClaims(self.token.user, self.token.scope)
self.scopeClaims = ScopeClaims(self.token)
def test_empty_standard_claims(self):
for v in [v for k, v in STANDARD_CLAIMS.items() if k != 'address']:

View file

@ -3,6 +3,7 @@ from django.core.urlresolvers import reverse
from django.test import TestCase
from oidc_provider.lib.utils.token import (
create_token,
create_id_token,
encode_id_token,
)
@ -41,8 +42,9 @@ class EndSessionTestCase(TestCase):
response, settings.get('OIDC_LOGIN_URL'),
fetch_redirect_response=False)
token = create_token(self.user, self.oidc_client, [])
id_token_dic = create_id_token(
user=self.user, aud=self.oidc_client.client_id)
user=self.user, aud=self.oidc_client.client_id, token=token)
id_token = encode_id_token(id_token_dic, self.oidc_client)
query_params['id_token_hint'] = id_token
@ -56,8 +58,9 @@ class EndSessionTestCase(TestCase):
query_params = {
'post_logout_redirect_uri': self.LOGOUT_URL,
}
token = create_token(self.user, self.oidc_client, [])
id_token_dic = create_id_token(
user=self.user, aud=self.oidc_client.client_id)
user=self.user, aud=self.oidc_client.client_id, token=token)
id_token_dic['aud'] = [id_token_dic['aud']]
id_token = encode_id_token(id_token_dic, self.oidc_client)
query_params['id_token_hint'] = id_token

View file

@ -38,18 +38,20 @@ class UserInfoTestCase(TestCase):
extra_scope = []
scope = ['openid', 'email'] + extra_scope
token = create_token(
user=self.user,
client=self.client,
scope=scope)
id_token_dic = create_id_token(
user=self.user,
aud=self.client.client_id,
token=token,
nonce=FAKE_NONCE,
scope=scope,
)
token = create_token(
user=self.user,
client=self.client,
id_token_dic=id_token_dic,
scope=scope)
token.id_token=id_token_dic
token.save()
return token

View file

@ -8,8 +8,8 @@ from django.utils import timezone
from mock import mock
from oidc_provider.lib.utils.common import get_issuer, get_browser_state_or_default
from oidc_provider.lib.utils.token import create_id_token
from oidc_provider.tests.app.utils import create_fake_user
from oidc_provider.lib.utils.token import create_token, create_id_token
from oidc_provider.tests.app.utils import create_fake_user, create_fake_client
class Request(object):
@ -67,7 +67,9 @@ class TokenTest(TestCase):
start_time = int(time.time())
login_timestamp = start_time - 1234
self.user.last_login = timestamp_to_datetime(login_timestamp)
id_token_data = create_id_token(self.user, aud='test-aud')
client = create_fake_client("code")
token = create_token(self.user, client, [])
id_token_data = create_id_token(self.user, aud='test-aud', token=token)
iat = id_token_data['iat']
self.assertEqual(type(iat), int)
self.assertGreaterEqual(iat, start_time)

View file

@ -234,7 +234,7 @@ def userinfo(request, *args, **kwargs):
'sub': token.id_token.get('sub'),
}
standard_claims = StandardScopeClaims(user=token.user, scope=token.scope)
standard_claims = StandardScopeClaims(token)
dic.update(standard_claims.create_response_dic())
if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'):