kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
django-oidc-provider/oidc_provider/lib/utils/common.py
Tuomas Suutari eb682f23ff Pass scope to OIDC_IDTOKEN_PROCESSING_HOOK 
The ID token processing hook might want to add claims to the ID token
conditionally based on the scope parameter.  Therefore it would be very
useful to provide the scope parameter to the processing hook.
2017-07-07 22:56:35 +03:00

142 lines
4 KiB
Python
Raw Blame History

from hashlib import sha224
from django.core.urlresolvers import reverse
from django.http import HttpResponse
from oidc_provider import settings
try:
from urlparse import urlsplit, urlunsplit
except ImportError:
from urllib.parse import urlsplit, urlunsplit
def cleanup_url_from_query_string(uri):
"""
Function used to clean up the uri from any query string, used i.e. by endpoints to validate redirect_uri
:param uri: URI to clean from query string
:type uri: str
:return: cleaned URI without query string
"""
clean_uri = urlsplit(uri)
clean_uri = urlunsplit(clean_uri._replace(query=''))
return clean_uri
def redirect(uri):
"""
Custom Response object for redirecting to a Non-HTTP url scheme.
"""
response = HttpResponse('', status=302)
response['Location'] = uri
return response
def get_site_url(site_url=None, request=None):
"""
Construct the site url.
Orders to decide site url:
1. valid `site_url` parameter
2. valid `SITE_URL` in settings
3. construct from `request` object
"""
site_url = site_url or settings.get('SITE_URL')
if site_url:
return site_url
elif request:
return '{}://{}'.format(request.scheme, request.get_host())
else:
raise Exception('Either pass `site_url`, '
'or set `SITE_URL` in settings, '
'or pass `request` object.')
def get_issuer(site_url=None, request=None):
"""
Construct the issuer full url. Basically is the site url with some path
appended.
"""
site_url = get_site_url(site_url=site_url, request=request)
path = reverse('oidc_provider:provider-info') \
.split('/.well-known/openid-configuration')[0]
issuer = site_url + path
return str(issuer)
def default_userinfo(claims, user):
"""
Default function for setting OIDC_USERINFO.
`claims` is a dict that contains all the OIDC standard claims.
"""
return claims
def default_sub_generator(user):
"""
Default function for setting OIDC_IDTOKEN_SUB_GENERATOR.
"""
return str(user.id)
def default_after_userlogin_hook(request, user, client):
"""
Default function for setting OIDC_AFTER_USERLOGIN_HOOK.
"""
return None
def default_after_end_session_hook(request, id_token=None, post_logout_redirect_uri=None, state=None, client=None, next_page=None):
"""
Default function for setting OIDC_AFTER_END_SESSION_HOOK.
:param request: Django request object
:type request: django.http.HttpRequest
:param id_token: token passed by `id_token_hint` url query param - do NOT trust this param or validate token
:type id_token: str
:param post_logout_redirect_uri: redirect url from url query param - do NOT trust this param
:type post_logout_redirect_uri: str
:param state: state param from url query params
:type state: str
:param client: If id_token has `aud` param and associated Client exists, this is an instance of it - do NOT trust this param
:type client: oidc_provider.models.Client
:param next_page: calculated next_page redirection target
:type next_page: str
:return:
"""
return None
def default_idtoken_processing_hook(id_token, user, scope=None):
"""
Hook to perform some additional actions ti `id_token` dictionary just before serialization.
:param id_token: dictionary contains values that going to be serialized into `id_token`
:type id_token: dict
:param user: user for whom id_token is generated
:type user: User
:param scope: scope for the token
:type scope: list[str]|None
:return: custom modified dictionary of values for `id_token`
:rtype dict
"""
return id_token
def get_browser_state_or_default(request):
"""
Determine value to use as session state.
"""
key = request.session.session_key or settings.get('OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY')
return sha224(key.encode('utf-8')).hexdigest()
Reference in a new issue View git blame Copy permalink