Fix PEP8.
This commit is contained in:
parent
748ac231ca
commit
9dbdac6574
|
@ -6,11 +6,32 @@ from oidc_provider import settings
|
||||||
|
|
||||||
|
|
||||||
STANDARD_CLAIMS = {
|
STANDARD_CLAIMS = {
|
||||||
'name': '', 'given_name': '', 'family_name': '', 'middle_name': '', 'nickname': '',
|
'name': '',
|
||||||
'preferred_username': '', 'profile': '', 'picture': '', 'website': '', 'gender': '',
|
'given_name': '',
|
||||||
'birthdate': '', 'zoneinfo': '', 'locale': '', 'updated_at': '', 'email': '', 'email_verified': '',
|
'family_name': '',
|
||||||
'phone_number': '', 'phone_number_verified': '', 'address': {
|
'middle_name': '',
|
||||||
'formatted': '', 'street_address': '', 'locality': '', 'region': '', 'postal_code': '', 'country': '', },
|
'nickname': '',
|
||||||
|
'preferred_username': '',
|
||||||
|
'profile': '',
|
||||||
|
'picture': '',
|
||||||
|
'website': '',
|
||||||
|
'gender': '',
|
||||||
|
'birthdate': '',
|
||||||
|
'zoneinfo': '',
|
||||||
|
'locale': '',
|
||||||
|
'updated_at': '',
|
||||||
|
'email': '',
|
||||||
|
'email_verified': '',
|
||||||
|
'phone_number': '',
|
||||||
|
'phone_number_verified': '',
|
||||||
|
'address': {
|
||||||
|
'formatted': '',
|
||||||
|
'street_address': '',
|
||||||
|
'locality': '',
|
||||||
|
'region': '',
|
||||||
|
'postal_code': '',
|
||||||
|
'country': '',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -99,14 +120,17 @@ class StandardScopeClaims(ScopeClaims):
|
||||||
|
|
||||||
info_profile = (
|
info_profile = (
|
||||||
_(u'Basic profile'),
|
_(u'Basic profile'),
|
||||||
_(u'Access to your basic information. Includes names, gender, birthdate and other information.'),
|
_(u'Access to your basic information. Includes names, gender, birthdate'
|
||||||
|
'and other information.'),
|
||||||
)
|
)
|
||||||
|
|
||||||
def scope_profile(self):
|
def scope_profile(self):
|
||||||
dic = {
|
dic = {
|
||||||
'name': self.userinfo.get('name'),
|
'name': self.userinfo.get('name'),
|
||||||
'given_name': self.userinfo.get('given_name') or getattr(self.user, 'first_name', None),
|
'given_name': (self.userinfo.get('given_name') or
|
||||||
'family_name': self.userinfo.get('family_name') or getattr(self.user, 'last_name', None),
|
getattr(self.user, 'first_name', None)),
|
||||||
|
'family_name': (self.userinfo.get('family_name') or
|
||||||
|
getattr(self.user, 'last_name', None)),
|
||||||
'middle_name': self.userinfo.get('middle_name'),
|
'middle_name': self.userinfo.get('middle_name'),
|
||||||
'nickname': self.userinfo.get('nickname') or getattr(self.user, 'username', None),
|
'nickname': self.userinfo.get('nickname') or getattr(self.user, 'username', None),
|
||||||
'preferred_username': self.userinfo.get('preferred_username'),
|
'preferred_username': self.userinfo.get('preferred_username'),
|
||||||
|
|
|
@ -64,7 +64,7 @@ class TokenEndpoint(object):
|
||||||
try:
|
try:
|
||||||
user_pass = b64decode(b64_user_pass).decode('utf-8').split(':')
|
user_pass = b64decode(b64_user_pass).decode('utf-8').split(':')
|
||||||
client_id, client_secret = tuple(user_pass)
|
client_id, client_secret = tuple(user_pass)
|
||||||
except:
|
except Exception:
|
||||||
client_id = client_secret = ''
|
client_id = client_secret = ''
|
||||||
else:
|
else:
|
||||||
client_id = self.request.POST.get('client_id', '')
|
client_id = self.request.POST.get('client_id', '')
|
||||||
|
@ -138,7 +138,8 @@ class TokenEndpoint(object):
|
||||||
client=self.client)
|
client=self.client)
|
||||||
|
|
||||||
except Token.DoesNotExist:
|
except Token.DoesNotExist:
|
||||||
logger.debug('[Token] Refresh token does not exist: %s', self.params['refresh_token'])
|
logger.debug(
|
||||||
|
'[Token] Refresh token does not exist: %s', self.params['refresh_token'])
|
||||||
raise TokenError('invalid_grant')
|
raise TokenError('invalid_grant')
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -23,8 +23,7 @@ class UserAuthError(Exception):
|
||||||
the Resource Owners credentials are not valid.
|
the Resource Owners credentials are not valid.
|
||||||
"""
|
"""
|
||||||
error = 'access_denied'
|
error = 'access_denied'
|
||||||
description = 'The resource owner or authorization server denied ' \
|
description = 'The resource owner or authorization server denied the request.'
|
||||||
'the request'
|
|
||||||
|
|
||||||
def create_dict(self):
|
def create_dict(self):
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
from hashlib import sha224
|
from hashlib import sha224
|
||||||
|
|
||||||
import django
|
import django
|
||||||
|
from django.http import HttpResponse
|
||||||
|
|
||||||
|
from oidc_provider import settings
|
||||||
|
|
||||||
|
|
||||||
if django.VERSION >= (1, 11):
|
if django.VERSION >= (1, 11):
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
else:
|
else:
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
|
|
||||||
from django.http import HttpResponse
|
|
||||||
|
|
||||||
from oidc_provider import settings
|
|
||||||
|
|
||||||
|
|
||||||
def redirect(uri):
|
def redirect(uri):
|
||||||
"""
|
"""
|
||||||
|
@ -77,17 +77,20 @@ def default_after_userlogin_hook(request, user, client):
|
||||||
|
|
||||||
|
|
||||||
def default_after_end_session_hook(
|
def default_after_end_session_hook(
|
||||||
request, id_token=None, post_logout_redirect_uri=None, state=None, client=None, next_page=None):
|
request, id_token=None, post_logout_redirect_uri=None,
|
||||||
|
state=None, client=None, next_page=None):
|
||||||
"""
|
"""
|
||||||
Default function for setting OIDC_AFTER_END_SESSION_HOOK.
|
Default function for setting OIDC_AFTER_END_SESSION_HOOK.
|
||||||
|
|
||||||
:param request: Django request object
|
:param request: Django request object
|
||||||
:type request: django.http.HttpRequest
|
:type request: django.http.HttpRequest
|
||||||
|
|
||||||
:param id_token: token passed by `id_token_hint` url query param - do NOT trust this param or validate token
|
:param id_token: token passed by `id_token_hint` url query param.
|
||||||
|
Do NOT trust this param or validate token
|
||||||
:type id_token: str
|
:type id_token: str
|
||||||
|
|
||||||
:param post_logout_redirect_uri: redirect url from url query param - do NOT trust this param
|
:param post_logout_redirect_uri: redirect url from url query param.
|
||||||
|
Do NOT trust this param
|
||||||
:type post_logout_redirect_uri: str
|
:type post_logout_redirect_uri: str
|
||||||
|
|
||||||
:param state: state param from url query params
|
:param state: state param from url query params
|
||||||
|
@ -124,5 +127,6 @@ def get_browser_state_or_default(request):
|
||||||
"""
|
"""
|
||||||
Determine value to use as session state.
|
Determine value to use as session state.
|
||||||
"""
|
"""
|
||||||
key = request.session.session_key or settings.get('OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY')
|
key = (request.session.session_key or
|
||||||
|
settings.get('OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY'))
|
||||||
return sha224(key.encode('utf-8')).hexdigest()
|
return sha224(key.encode('utf-8')).hexdigest()
|
||||||
|
|
|
@ -9,10 +9,10 @@ from django.views.generic import TemplateView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url(r'^$', TemplateView.as_view(template_name='home.html'), name='home'),
|
url(r'^$', TemplateView.as_view(template_name='home.html'), name='home'),
|
||||||
url(r'^accounts/login/$', auth_views.login, {'template_name': 'accounts/login.html'}, name='login'),
|
url(r'^accounts/login/$',
|
||||||
url(r'^accounts/logout/$', auth_views.logout, {'template_name': 'accounts/logout.html'}, name='logout'),
|
auth_views.login, {'template_name': 'accounts/login.html'}, name='login'),
|
||||||
|
url(r'^accounts/logout/$',
|
||||||
|
auth_views.logout, {'template_name': 'accounts/logout.html'}, name='logout'),
|
||||||
url(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
|
url(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
|
||||||
|
|
||||||
url(r'^admin/', admin.site.urls),
|
url(r'^admin/', admin.site.urls),
|
||||||
]
|
]
|
||||||
|
|
|
@ -15,7 +15,8 @@ from oidc_provider.models import (
|
||||||
|
|
||||||
|
|
||||||
FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'
|
FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'
|
||||||
FAKE_RANDOM_STRING = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(32))
|
FAKE_RANDOM_STRING = ''.join(
|
||||||
|
random.choice(string.ascii_uppercase + string.digits) for _ in range(32))
|
||||||
FAKE_CODE_CHALLENGE = 'YlYXEqXuRm-Xgi2BOUiK50JW1KsGTX6F1TDnZSC8VTg'
|
FAKE_CODE_CHALLENGE = 'YlYXEqXuRm-Xgi2BOUiK50JW1KsGTX6F1TDnZSC8VTg'
|
||||||
FAKE_CODE_VERIFIER = 'SmxGa0XueyNh5bDgTcSrqzAh2_FmXEqU8kDT6CuXicw'
|
FAKE_CODE_VERIFIER = 'SmxGa0XueyNh5bDgTcSrqzAh2_FmXEqU8kDT6CuXicw'
|
||||||
|
|
||||||
|
@ -82,7 +83,7 @@ def is_code_valid(url, user, client):
|
||||||
code = params['code'][0]
|
code = params['code'][0]
|
||||||
code = Code.objects.get(code=code)
|
code = Code.objects.get(code=code)
|
||||||
is_code_ok = (code.client == client) and (code.user == user)
|
is_code_ok = (code.client == client) and (code.user == user)
|
||||||
except:
|
except Exception:
|
||||||
is_code_ok = False
|
is_code_ok = False
|
||||||
|
|
||||||
return is_code_ok
|
return is_code_ok
|
||||||
|
@ -118,7 +119,8 @@ def fake_idtoken_processing_hook(id_token, user):
|
||||||
|
|
||||||
def fake_idtoken_processing_hook2(id_token, user):
|
def fake_idtoken_processing_hook2(id_token, user):
|
||||||
"""
|
"""
|
||||||
Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
|
Fake function for inserting some keys into token.
|
||||||
|
Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
|
||||||
"""
|
"""
|
||||||
id_token['test_idtoken_processing_hook2'] = FAKE_RANDOM_STRING
|
id_token['test_idtoken_processing_hook2'] = FAKE_RANDOM_STRING
|
||||||
id_token['test_idtoken_processing_hook_user_email2'] = user.email
|
id_token['test_idtoken_processing_hook_user_email2'] = user.email
|
||||||
|
|
|
@ -74,4 +74,4 @@ class EndSessionTestCase(TestCase):
|
||||||
self.assertTrue(hook_function.called, 'OIDC_AFTER_END_SESSION_HOOK should be called')
|
self.assertTrue(hook_function.called, 'OIDC_AFTER_END_SESSION_HOOK should be called')
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
hook_function.call_count == 1,
|
hook_function.call_count == 1,
|
||||||
'OIDC_AFTER_END_SESSION_HOOK should be called once but was {}'.format(hook_function.call_count))
|
'OIDC_AFTER_END_SESSION_HOOK should be called once')
|
||||||
|
|
|
@ -148,4 +148,5 @@ class UserInfoTestCase(TestCase):
|
||||||
response_dic = json.loads(response.content.decode('utf-8'))
|
response_dic = json.loads(response.content.decode('utf-8'))
|
||||||
|
|
||||||
self.assertIn('address', response_dic, msg='"address" claim should be in response.')
|
self.assertIn('address', response_dic, msg='"address" claim should be in response.')
|
||||||
self.assertIn('country', response_dic['address'], msg='"country" claim should be in response.')
|
self.assertIn(
|
||||||
|
'country', response_dic['address'], msg='"country" claim should be in response.')
|
||||||
|
|
|
@ -73,7 +73,9 @@ class AuthorizeView(View):
|
||||||
|
|
||||||
if 'login' in authorize.params['prompt']:
|
if 'login' in authorize.params['prompt']:
|
||||||
if 'none' in authorize.params['prompt']:
|
if 'none' in authorize.params['prompt']:
|
||||||
raise AuthorizeError(authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
raise AuthorizeError(
|
||||||
|
authorize.params['redirect_uri'], 'login_required',
|
||||||
|
authorize.grant_type)
|
||||||
else:
|
else:
|
||||||
django_user_logout(request)
|
django_user_logout(request)
|
||||||
next_page = self.strip_prompt_login(request.get_full_path())
|
next_page = self.strip_prompt_login(request.get_full_path())
|
||||||
|
@ -83,13 +85,16 @@ class AuthorizeView(View):
|
||||||
# TODO: see how we can support multiple accounts for the end-user.
|
# TODO: see how we can support multiple accounts for the end-user.
|
||||||
if 'none' in authorize.params['prompt']:
|
if 'none' in authorize.params['prompt']:
|
||||||
raise AuthorizeError(
|
raise AuthorizeError(
|
||||||
authorize.params['redirect_uri'], 'account_selection_required', authorize.grant_type)
|
authorize.params['redirect_uri'], 'account_selection_required',
|
||||||
|
authorize.grant_type)
|
||||||
else:
|
else:
|
||||||
django_user_logout(request)
|
django_user_logout(request)
|
||||||
return redirect_to_login(request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
|
return redirect_to_login(
|
||||||
|
request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
|
||||||
|
|
||||||
if {'none', 'consent'}.issubset(authorize.params['prompt']):
|
if {'none', 'consent'}.issubset(authorize.params['prompt']):
|
||||||
raise AuthorizeError(authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
raise AuthorizeError(
|
||||||
|
authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
||||||
|
|
||||||
implicit_flow_resp_types = {'id_token', 'id_token token'}
|
implicit_flow_resp_types = {'id_token', 'id_token token'}
|
||||||
allow_skipping_consent = (
|
allow_skipping_consent = (
|
||||||
|
@ -109,7 +114,8 @@ class AuthorizeView(View):
|
||||||
return redirect(authorize.create_response_uri())
|
return redirect(authorize.create_response_uri())
|
||||||
|
|
||||||
if 'none' in authorize.params['prompt']:
|
if 'none' in authorize.params['prompt']:
|
||||||
raise AuthorizeError(authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
raise AuthorizeError(
|
||||||
|
authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
||||||
|
|
||||||
# Generate hidden inputs for the form.
|
# Generate hidden inputs for the form.
|
||||||
context = {
|
context = {
|
||||||
|
@ -132,7 +138,8 @@ class AuthorizeView(View):
|
||||||
return render(request, OIDC_TEMPLATES['authorize'], context)
|
return render(request, OIDC_TEMPLATES['authorize'], context)
|
||||||
else:
|
else:
|
||||||
if 'none' in authorize.params['prompt']:
|
if 'none' in authorize.params['prompt']:
|
||||||
raise AuthorizeError(authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
raise AuthorizeError(
|
||||||
|
authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
||||||
if 'login' in authorize.params['prompt']:
|
if 'login' in authorize.params['prompt']:
|
||||||
next_page = self.strip_prompt_login(request.get_full_path())
|
next_page = self.strip_prompt_login(request.get_full_path())
|
||||||
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
|
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
|
||||||
|
@ -162,14 +169,16 @@ class AuthorizeView(View):
|
||||||
|
|
||||||
if not request.POST.get('allow'):
|
if not request.POST.get('allow'):
|
||||||
signals.user_decline_consent.send(
|
signals.user_decline_consent.send(
|
||||||
self.__class__, user=request.user, client=authorize.client, scope=authorize.params['scope'])
|
self.__class__, user=request.user,
|
||||||
|
client=authorize.client, scope=authorize.params['scope'])
|
||||||
|
|
||||||
raise AuthorizeError(authorize.params['redirect_uri'],
|
raise AuthorizeError(authorize.params['redirect_uri'],
|
||||||
'access_denied',
|
'access_denied',
|
||||||
authorize.grant_type)
|
authorize.grant_type)
|
||||||
|
|
||||||
signals.user_accept_consent.send(
|
signals.user_accept_consent.send(
|
||||||
self.__class__, user=request.user, client=authorize.client, scope=authorize.params['scope'])
|
self.__class__, user=request.user, client=authorize.client,
|
||||||
|
scope=authorize.params['scope'])
|
||||||
|
|
||||||
# Save the user consent given to the client.
|
# Save the user consent given to the client.
|
||||||
authorize.set_client_user_consent()
|
authorize.set_client_user_consent()
|
||||||
|
|
Loading…
Reference in a new issue