Merge develop to v0.5.x (#179)

* Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 05:19:57 +02:00 · 2017-05-05 05:19:57 +02:00 · a829726be8
commit a829726be8
parent e7947e2738
18 changed files with 554 additions and 50 deletions
--- a/oidc_provider/lib/endpoints/authorize.py
+++ b/oidc_provider/lib/endpoints/authorize.py
@ -30,8 +30,7 @@ from oidc_provider.models import (
    UserConsent,
 )
 from oidc_provider import settings
-from oidc_provider.lib.utils.common import cleanup_url_from_query_string
-
+from oidc_provider.lib.utils.common import cleanup_url_from_query_string, get_browser_state_or_default

 logger = logging.getLogger(__name__)

@ -122,7 +121,7 @@ class AuthorizeEndpoint(object):
    def create_response_uri(self):
        uri = urlsplit(self.params['redirect_uri'])
        query_params = parse_qs(uri.query)
-        query_fragment = parse_qs(uri.fragment)
+        query_fragment = {}

        try:
            if self.grant_type in ['authorization_code', 'hybrid']:
@ -197,7 +196,7 @@ class AuthorizeEndpoint(object):
                session_state = '{client_id} {origin} {browser_state} {salt}'.format(
                    client_id=self.client.client_id,
                    origin=client_origin,
-                    browser_state=self.request.COOKIES['op_browser_state'],
+                    browser_state=get_browser_state_or_default(self.request),
                    salt=salt)
                session_state = sha256(session_state.encode('utf-8')).hexdigest()
                session_state += '.' + salt
@ -207,11 +206,10 @@ class AuthorizeEndpoint(object):
                    query_fragment['session_state'] = session_state

        except Exception as error:
-            logger.debug('[Authorize] Error when trying to create response uri: %s', error)
+            logger.exception('[Authorize] Error when trying to create response uri: %s', error)
            raise AuthorizeError(self.params['redirect_uri'], 'server_error', self.grant_type)

-        uri = uri._replace(query=urlencode(query_params, doseq=True))
-        uri = uri._replace(fragment=urlencode(query_fragment, doseq=True))
+        uri = uri._replace(query=urlencode(query_params, doseq=True), fragment=uri.fragment + urlencode(query_fragment, doseq=True))

        return urlunsplit(uri)