globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

tests: missing client_id on OIDC authorization page

Browse source
This commit is contained in:
Éloi Rivard 2024-09-13 15:07:25 +02:00
parent 5149b96731
commit 001d635295
No known key found for this signature in database
GPG key ID: 7EDA204EA57DD184
2 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
canaille/oidc/endpoints/oauth.py
View file

@ -50,7 +50,9 @@ def authorize():
request.form.to_dict(flat=False),
)
client = Backend.instance.get(models.Client, client_id=request.args["client_id"])
client = Backend.instance.get(
models.Client, client_id=request.args.get("client_id")
)
user = current_user()
if response := authorize_guards(client):

17
tests/oidc/test_authorization_code_flow.py
View file

@ -763,3 +763,20 @@ def test_locked_account(
)
assert "access_token" not in res.json
def test_missing_client_id(
testclient, logged_user, client, keypair, trusted_client, backend
):
"""Missing client_id should raise a 400 error."""
res = testclient.get(
"/oauth/authorize",
params=dict(
response_type="code",
scope="openid profile email groups address phone",
nonce="somenonce",
),
status=400,
)
res.mustcontain("client_id parameter is missing.")