Fix PEP8.
This commit is contained in:
parent
748ac231ca
commit
9dbdac6574
|
@ -6,11 +6,32 @@ from oidc_provider import settings
|
|||
|
||||
|
||||
STANDARD_CLAIMS = {
|
||||
'name': '', 'given_name': '', 'family_name': '', 'middle_name': '', 'nickname': '',
|
||||
'preferred_username': '', 'profile': '', 'picture': '', 'website': '', 'gender': '',
|
||||
'birthdate': '', 'zoneinfo': '', 'locale': '', 'updated_at': '', 'email': '', 'email_verified': '',
|
||||
'phone_number': '', 'phone_number_verified': '', 'address': {
|
||||
'formatted': '', 'street_address': '', 'locality': '', 'region': '', 'postal_code': '', 'country': '', },
|
||||
'name': '',
|
||||
'given_name': '',
|
||||
'family_name': '',
|
||||
'middle_name': '',
|
||||
'nickname': '',
|
||||
'preferred_username': '',
|
||||
'profile': '',
|
||||
'picture': '',
|
||||
'website': '',
|
||||
'gender': '',
|
||||
'birthdate': '',
|
||||
'zoneinfo': '',
|
||||
'locale': '',
|
||||
'updated_at': '',
|
||||
'email': '',
|
||||
'email_verified': '',
|
||||
'phone_number': '',
|
||||
'phone_number_verified': '',
|
||||
'address': {
|
||||
'formatted': '',
|
||||
'street_address': '',
|
||||
'locality': '',
|
||||
'region': '',
|
||||
'postal_code': '',
|
||||
'country': '',
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
|
@ -99,14 +120,17 @@ class StandardScopeClaims(ScopeClaims):
|
|||
|
||||
info_profile = (
|
||||
_(u'Basic profile'),
|
||||
_(u'Access to your basic information. Includes names, gender, birthdate and other information.'),
|
||||
_(u'Access to your basic information. Includes names, gender, birthdate'
|
||||
'and other information.'),
|
||||
)
|
||||
|
||||
def scope_profile(self):
|
||||
dic = {
|
||||
'name': self.userinfo.get('name'),
|
||||
'given_name': self.userinfo.get('given_name') or getattr(self.user, 'first_name', None),
|
||||
'family_name': self.userinfo.get('family_name') or getattr(self.user, 'last_name', None),
|
||||
'given_name': (self.userinfo.get('given_name') or
|
||||
getattr(self.user, 'first_name', None)),
|
||||
'family_name': (self.userinfo.get('family_name') or
|
||||
getattr(self.user, 'last_name', None)),
|
||||
'middle_name': self.userinfo.get('middle_name'),
|
||||
'nickname': self.userinfo.get('nickname') or getattr(self.user, 'username', None),
|
||||
'preferred_username': self.userinfo.get('preferred_username'),
|
||||
|
|
|
@ -64,7 +64,7 @@ class TokenEndpoint(object):
|
|||
try:
|
||||
user_pass = b64decode(b64_user_pass).decode('utf-8').split(':')
|
||||
client_id, client_secret = tuple(user_pass)
|
||||
except:
|
||||
except Exception:
|
||||
client_id = client_secret = ''
|
||||
else:
|
||||
client_id = self.request.POST.get('client_id', '')
|
||||
|
@ -138,7 +138,8 @@ class TokenEndpoint(object):
|
|||
client=self.client)
|
||||
|
||||
except Token.DoesNotExist:
|
||||
logger.debug('[Token] Refresh token does not exist: %s', self.params['refresh_token'])
|
||||
logger.debug(
|
||||
'[Token] Refresh token does not exist: %s', self.params['refresh_token'])
|
||||
raise TokenError('invalid_grant')
|
||||
|
||||
else:
|
||||
|
|
|
@ -23,8 +23,7 @@ class UserAuthError(Exception):
|
|||
the Resource Owners credentials are not valid.
|
||||
"""
|
||||
error = 'access_denied'
|
||||
description = 'The resource owner or authorization server denied ' \
|
||||
'the request'
|
||||
description = 'The resource owner or authorization server denied the request.'
|
||||
|
||||
def create_dict(self):
|
||||
return {
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
from hashlib import sha224
|
||||
|
||||
import django
|
||||
from django.http import HttpResponse
|
||||
|
||||
from oidc_provider import settings
|
||||
|
||||
|
||||
if django.VERSION >= (1, 11):
|
||||
from django.urls import reverse
|
||||
else:
|
||||
from django.core.urlresolvers import reverse
|
||||
|
||||
from django.http import HttpResponse
|
||||
|
||||
from oidc_provider import settings
|
||||
|
||||
|
||||
def redirect(uri):
|
||||
"""
|
||||
|
@ -77,17 +77,20 @@ def default_after_userlogin_hook(request, user, client):
|
|||
|
||||
|
||||
def default_after_end_session_hook(
|
||||
request, id_token=None, post_logout_redirect_uri=None, state=None, client=None, next_page=None):
|
||||
request, id_token=None, post_logout_redirect_uri=None,
|
||||
state=None, client=None, next_page=None):
|
||||
"""
|
||||
Default function for setting OIDC_AFTER_END_SESSION_HOOK.
|
||||
|
||||
:param request: Django request object
|
||||
:type request: django.http.HttpRequest
|
||||
|
||||
:param id_token: token passed by `id_token_hint` url query param - do NOT trust this param or validate token
|
||||
:param id_token: token passed by `id_token_hint` url query param.
|
||||
Do NOT trust this param or validate token
|
||||
:type id_token: str
|
||||
|
||||
:param post_logout_redirect_uri: redirect url from url query param - do NOT trust this param
|
||||
:param post_logout_redirect_uri: redirect url from url query param.
|
||||
Do NOT trust this param
|
||||
:type post_logout_redirect_uri: str
|
||||
|
||||
:param state: state param from url query params
|
||||
|
@ -124,5 +127,6 @@ def get_browser_state_or_default(request):
|
|||
"""
|
||||
Determine value to use as session state.
|
||||
"""
|
||||
key = request.session.session_key or settings.get('OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY')
|
||||
key = (request.session.session_key or
|
||||
settings.get('OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY'))
|
||||
return sha224(key.encode('utf-8')).hexdigest()
|
||||
|
|
|
@ -9,10 +9,10 @@ from django.views.generic import TemplateView
|
|||
|
||||
urlpatterns = [
|
||||
url(r'^$', TemplateView.as_view(template_name='home.html'), name='home'),
|
||||
url(r'^accounts/login/$', auth_views.login, {'template_name': 'accounts/login.html'}, name='login'),
|
||||
url(r'^accounts/logout/$', auth_views.logout, {'template_name': 'accounts/logout.html'}, name='logout'),
|
||||
|
||||
url(r'^accounts/login/$',
|
||||
auth_views.login, {'template_name': 'accounts/login.html'}, name='login'),
|
||||
url(r'^accounts/logout/$',
|
||||
auth_views.logout, {'template_name': 'accounts/logout.html'}, name='logout'),
|
||||
url(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
|
||||
|
||||
url(r'^admin/', admin.site.urls),
|
||||
]
|
||||
|
|
|
@ -15,7 +15,8 @@ from oidc_provider.models import (
|
|||
|
||||
|
||||
FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'
|
||||
FAKE_RANDOM_STRING = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(32))
|
||||
FAKE_RANDOM_STRING = ''.join(
|
||||
random.choice(string.ascii_uppercase + string.digits) for _ in range(32))
|
||||
FAKE_CODE_CHALLENGE = 'YlYXEqXuRm-Xgi2BOUiK50JW1KsGTX6F1TDnZSC8VTg'
|
||||
FAKE_CODE_VERIFIER = 'SmxGa0XueyNh5bDgTcSrqzAh2_FmXEqU8kDT6CuXicw'
|
||||
|
||||
|
@ -82,7 +83,7 @@ def is_code_valid(url, user, client):
|
|||
code = params['code'][0]
|
||||
code = Code.objects.get(code=code)
|
||||
is_code_ok = (code.client == client) and (code.user == user)
|
||||
except:
|
||||
except Exception:
|
||||
is_code_ok = False
|
||||
|
||||
return is_code_ok
|
||||
|
@ -118,7 +119,8 @@ def fake_idtoken_processing_hook(id_token, user):
|
|||
|
||||
def fake_idtoken_processing_hook2(id_token, user):
|
||||
"""
|
||||
Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
|
||||
Fake function for inserting some keys into token.
|
||||
Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
|
||||
"""
|
||||
id_token['test_idtoken_processing_hook2'] = FAKE_RANDOM_STRING
|
||||
id_token['test_idtoken_processing_hook_user_email2'] = user.email
|
||||
|
|
|
@ -74,4 +74,4 @@ class EndSessionTestCase(TestCase):
|
|||
self.assertTrue(hook_function.called, 'OIDC_AFTER_END_SESSION_HOOK should be called')
|
||||
self.assertTrue(
|
||||
hook_function.call_count == 1,
|
||||
'OIDC_AFTER_END_SESSION_HOOK should be called once but was {}'.format(hook_function.call_count))
|
||||
'OIDC_AFTER_END_SESSION_HOOK should be called once')
|
||||
|
|
|
@ -148,4 +148,5 @@ class UserInfoTestCase(TestCase):
|
|||
response_dic = json.loads(response.content.decode('utf-8'))
|
||||
|
||||
self.assertIn('address', response_dic, msg='"address" claim should be in response.')
|
||||
self.assertIn('country', response_dic['address'], msg='"country" claim should be in response.')
|
||||
self.assertIn(
|
||||
'country', response_dic['address'], msg='"country" claim should be in response.')
|
||||
|
|
|
@ -73,7 +73,9 @@ class AuthorizeView(View):
|
|||
|
||||
if 'login' in authorize.params['prompt']:
|
||||
if 'none' in authorize.params['prompt']:
|
||||
raise AuthorizeError(authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
||||
raise AuthorizeError(
|
||||
authorize.params['redirect_uri'], 'login_required',
|
||||
authorize.grant_type)
|
||||
else:
|
||||
django_user_logout(request)
|
||||
next_page = self.strip_prompt_login(request.get_full_path())
|
||||
|
@ -83,13 +85,16 @@ class AuthorizeView(View):
|
|||
# TODO: see how we can support multiple accounts for the end-user.
|
||||
if 'none' in authorize.params['prompt']:
|
||||
raise AuthorizeError(
|
||||
authorize.params['redirect_uri'], 'account_selection_required', authorize.grant_type)
|
||||
authorize.params['redirect_uri'], 'account_selection_required',
|
||||
authorize.grant_type)
|
||||
else:
|
||||
django_user_logout(request)
|
||||
return redirect_to_login(request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
|
||||
return redirect_to_login(
|
||||
request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
|
||||
|
||||
if {'none', 'consent'}.issubset(authorize.params['prompt']):
|
||||
raise AuthorizeError(authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
||||
raise AuthorizeError(
|
||||
authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
||||
|
||||
implicit_flow_resp_types = {'id_token', 'id_token token'}
|
||||
allow_skipping_consent = (
|
||||
|
@ -109,7 +114,8 @@ class AuthorizeView(View):
|
|||
return redirect(authorize.create_response_uri())
|
||||
|
||||
if 'none' in authorize.params['prompt']:
|
||||
raise AuthorizeError(authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
||||
raise AuthorizeError(
|
||||
authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
||||
|
||||
# Generate hidden inputs for the form.
|
||||
context = {
|
||||
|
@ -132,7 +138,8 @@ class AuthorizeView(View):
|
|||
return render(request, OIDC_TEMPLATES['authorize'], context)
|
||||
else:
|
||||
if 'none' in authorize.params['prompt']:
|
||||
raise AuthorizeError(authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
||||
raise AuthorizeError(
|
||||
authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
||||
if 'login' in authorize.params['prompt']:
|
||||
next_page = self.strip_prompt_login(request.get_full_path())
|
||||
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
|
||||
|
@ -162,14 +169,16 @@ class AuthorizeView(View):
|
|||
|
||||
if not request.POST.get('allow'):
|
||||
signals.user_decline_consent.send(
|
||||
self.__class__, user=request.user, client=authorize.client, scope=authorize.params['scope'])
|
||||
self.__class__, user=request.user,
|
||||
client=authorize.client, scope=authorize.params['scope'])
|
||||
|
||||
raise AuthorizeError(authorize.params['redirect_uri'],
|
||||
'access_denied',
|
||||
authorize.grant_type)
|
||||
|
||||
signals.user_accept_consent.send(
|
||||
self.__class__, user=request.user, client=authorize.client, scope=authorize.params['scope'])
|
||||
self.__class__, user=request.user, client=authorize.client,
|
||||
scope=authorize.params['scope'])
|
||||
|
||||
# Save the user consent given to the client.
|
||||
authorize.set_client_user_consent()
|
||||
|
|
Loading…
Reference in a new issue