From eb2f272a0b8442e276bcf793a2c6cf93394b1707 Mon Sep 17 00:00:00 2001 From: Christian Bouvier Date: Thu, 4 Oct 2018 10:40:23 -0300 Subject: [PATCH] Enhancement: AuthorizeView's static method strip-prompt-login was moved to a new file oidc_provider/lib/utils/authorize.py in order to be more consistent with the implementation of other Views --- oidc_provider/lib/utils/authorize.py | 21 +++++++++++++++++ .../tests/cases/test_authorize_endpoint.py | 23 ++++++++++--------- oidc_provider/views.py | 21 +++-------------- 3 files changed, 36 insertions(+), 29 deletions(-) create mode 100644 oidc_provider/lib/utils/authorize.py diff --git a/oidc_provider/lib/utils/authorize.py b/oidc_provider/lib/utils/authorize.py new file mode 100644 index 0000000..006c9cc --- /dev/null +++ b/oidc_provider/lib/utils/authorize.py @@ -0,0 +1,21 @@ +try: + from urllib import urlencode + from urlparse import urlsplit, parse_qs, urlunsplit +except ImportError: + from urllib.parse import urlsplit, parse_qs, urlunsplit, urlencode + + +def strip_prompt_login(path): + """ + Strips 'login' from the 'prompt' query parameter. + """ + uri = urlsplit(path) + query_params = parse_qs(uri.query) + prompt_list = query_params.get('prompt', '')[0].split() + if 'login' in prompt_list: + prompt_list.remove('login') + query_params['prompt'] = ' '.join(prompt_list) + if not query_params['prompt']: + del query_params['prompt'] + uri = uri._replace(query=urlencode(query_params, doseq=True)) + return urlunsplit(uri) diff --git a/oidc_provider/tests/cases/test_authorize_endpoint.py b/oidc_provider/tests/cases/test_authorize_endpoint.py index 3bbf74b..7bbd390 100644 --- a/oidc_provider/tests/cases/test_authorize_endpoint.py +++ b/oidc_provider/tests/cases/test_authorize_endpoint.py @@ -31,6 +31,7 @@ from oidc_provider.tests.app.utils import ( FAKE_CODE_CHALLENGE, is_code_valid, ) +from oidc_provider.lib.utils.authorize import strip_prompt_login from oidc_provider.views import AuthorizeView from oidc_provider.lib.endpoints.authorize import AuthorizeEndpoint @@ -481,20 +482,20 @@ class AuthorizationCodeFlowTestCase(TestCase, AuthorizeEndpointMixin): '_id=112233&prompt=login none&redirect_uri' + '=http://localhost:8000') - self.assertNotIn('prompt', AuthorizeView.strip_prompt_login(path0)) + self.assertNotIn('prompt', strip_prompt_login(path0)) - self.assertIn('prompt', AuthorizeView.strip_prompt_login(path1)) - self.assertIn('consent', AuthorizeView.strip_prompt_login(path1)) - self.assertIn('none', AuthorizeView.strip_prompt_login(path1)) - self.assertNotIn('login', AuthorizeView.strip_prompt_login(path1)) + self.assertIn('prompt', strip_prompt_login(path1)) + self.assertIn('consent', strip_prompt_login(path1)) + self.assertIn('none', strip_prompt_login(path1)) + self.assertNotIn('login', strip_prompt_login(path1)) - self.assertIn('prompt', AuthorizeView.strip_prompt_login(path2)) - self.assertIn('consent', AuthorizeView.strip_prompt_login(path1)) - self.assertNotIn('login', AuthorizeView.strip_prompt_login(path2)) + self.assertIn('prompt', strip_prompt_login(path2)) + self.assertIn('consent', strip_prompt_login(path1)) + self.assertNotIn('login', strip_prompt_login(path2)) - self.assertIn('prompt', AuthorizeView.strip_prompt_login(path3)) - self.assertIn('none', AuthorizeView.strip_prompt_login(path3)) - self.assertNotIn('login', AuthorizeView.strip_prompt_login(path3)) + self.assertIn('prompt', strip_prompt_login(path3)) + self.assertIn('none', strip_prompt_login(path3)) + self.assertNotIn('login', strip_prompt_login(path3)) class AuthorizationImplicitFlowTestCase(TestCase, AuthorizeEndpointMixin): diff --git a/oidc_provider/views.py b/oidc_provider/views.py index d0c8d0c..def720f 100644 --- a/oidc_provider/views.py +++ b/oidc_provider/views.py @@ -39,6 +39,7 @@ from oidc_provider.lib.errors import ( TokenError, UserAuthError, TokenIntrospectionError) +from oidc_provider.lib.utils.authorize import strip_prompt_login from oidc_provider.lib.utils.common import ( redirect, get_site_url, @@ -84,7 +85,7 @@ class AuthorizeView(View): authorize.grant_type) else: django_user_logout(request) - next_page = self.strip_prompt_login(request.get_full_path()) + next_page = strip_prompt_login(request.get_full_path()) return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL')) if 'select_account' in authorize.params['prompt']: @@ -147,7 +148,7 @@ class AuthorizeView(View): raise AuthorizeError( authorize.params['redirect_uri'], 'login_required', authorize.grant_type) if 'login' in authorize.params['prompt']: - next_page = self.strip_prompt_login(request.get_full_path()) + next_page = strip_prompt_login(request.get_full_path()) return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL')) return redirect_to_login(request.get_full_path(), settings.get('OIDC_LOGIN_URL')) @@ -200,22 +201,6 @@ class AuthorizeView(View): return redirect(uri) - @staticmethod - def strip_prompt_login(path): - """ - Strips 'login' from the 'prompt' query parameter. - """ - uri = urlsplit(path) - query_params = parse_qs(uri.query) - prompt_list = query_params.get('prompt', '')[0].split() - if 'login' in prompt_list: - prompt_list.remove('login') - query_params['prompt'] = ' '.join(prompt_list) - if not query_params['prompt']: - del query_params['prompt'] - uri = uri._replace(query=urlencode(query_params, doseq=True)) - return urlunsplit(uri) - class TokenView(View): def post(self, request, *args, **kwargs):