Fixed dynamic client registration scope management

2023-01-28 14:04:04 +01:00 · 2023-01-28 14:04:04 +01:00 · 63f927830a
commit 63f927830a
parent 02f03685de
5 changed files with 20 additions and 8 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -19,6 +19,7 @@ Fixed
 - Fix wording and punctuations. :pr:`86`
 - Fix HTML lang tag :issue:`122` :pr:`87`
 - Automatically trims the HTML translated strings. :pr:`91`
+- Fixed dynamic registration scope management. :issue:`123` :pr:`93`

 [0.0.19] - 2023-01-14
 =====================
--- a/canaille/oidc/models.py
+++ b/canaille/oidc/models.py
@ -88,10 +88,13 @@ class Client(LDAPObject, ClientMixin):

    @property
    def client_metadata(self):
-        return {
+        metadata = {
            attribute_name: getattr(self, attribute_name)
            for attribute_name in self.client_metadata_attributes
        }
+        if "scope" in metadata:
+            metadata["scope"] = " ".join(metadata["scope"])
+        return metadata


 class AuthorizationCode(LDAPObject, AuthorizationCodeMixin):
--- a/canaille/oidc/oauth.py
+++ b/canaille/oidc/oauth.py
@ -351,6 +351,10 @@ class ClientRegistrationEndpoint(ClientManagementMixin, _ClientRegistrationEndpo
        client_info["client_id_issued_at"] = datetime.datetime.fromtimestamp(
            client_info["client_id_issued_at"]
        )
+        if "scope" in client_metadata and not isinstance(
+            client_metadata["scope"], list
+        ):
+            client_metadata["scope"] = client_metadata["scope"].split(" ")
        client = Client(**client_info, **client_metadata)
        client.save()
        return client
@ -371,6 +375,10 @@ class ClientConfigurationEndpoint(ClientManagementMixin, _ClientConfigurationEnd
        client.delete()

    def update_client(self, client, client_metadata, request):
+        if "scope" in client_metadata and not isinstance(
+            client_metadata["scope"], list
+        ):
+            client_metadata["scope"] = client_metadata["scope"].split(" ")
        for key, value in client_metadata.items():
            setattr(client, key, value)
        client.save()
--- a/tests/oidc/test_dynamic_client_registration.py
+++ b/tests/oidc/test_dynamic_client_registration.py
@ -139,7 +139,7 @@ def test_client_registration_with_software_statement(
            "https://client.example.org/callback2",
        ],
        "software_statement": software_statement,
-        "scope": ["openid", "profile"],
+        "scope": "openid profile",
    }
    print(payload["software_statement"])
    res = testclient.post_json("/oauth/register", payload, status=201)
@ -156,7 +156,7 @@ def test_client_registration_with_software_statement(
        ],
        "grant_types": ["authorization_code"],
        "response_types": ["code"],
-        "scope": ["openid", "profile"],
+        "scope": "openid profile",
        "token_endpoint_auth_method": "client_secret_basic",
        "client_name": "Example Statement-based Client",
        "client_uri": "https://client.example.net/",
@ -185,7 +185,7 @@ def test_client_registration_without_authentication_ok(testclient, slapd_connect
        "jwks_uri": "https://client.example.org/my_public_keys.jwks",
        "grant_types": ["authorization_code", "implicit"],
        "response_types": ["code", "token"],
-        "scope": ["openid", "profile"],
+        "scope": "openid profile",
        "contacts": ["contact@example.com"],
        "tos_uri": "https://example.com/uri",
        "policy_uri": "https://example.com/policy",
@ -212,7 +212,7 @@ def test_client_registration_without_authentication_ok(testclient, slapd_connect
        "token_endpoint_auth_method": "client_secret_basic",
        "grant_types": ["authorization_code", "implicit"],
        "response_types": ["code", "token"],
-        "scope": ["openid", "profile"],
+        "scope": "openid profile",
        "contacts": ["contact@example.com"],
        "tos_uri": "https://example.com/uri",
        "policy_uri": "https://example.com/policy",
--- a/tests/oidc/test_dynamic_client_registration_management.py
+++ b/tests/oidc/test_dynamic_client_registration_management.py
@ -35,7 +35,7 @@ def test_get(testclient, slapd_connection, client, user):
        "client_name": "Some client",
        "client_uri": "https://mydomain.tld",
        "logo_uri": "https://mydomain.tld/logo.png",
-        "scope": ["openid", "email", "profile", "groups", "address", "phone"],
+        "scope": "openid email profile groups address phone",
        "contacts": ["contact@mydomain.tld"],
        "tos_uri": "https://mydomain.tld/tos",
        "policy_uri": "https://mydomain.tld/policy",
@ -74,7 +74,7 @@ def test_update(testclient, slapd_connection, client, user):
        "client_name": "new name",
        "client_uri": "https://newname.example.org",
        "logo_uri": "https://newname.example.org/logo.png",
-        "scope": ["openid", "profile", "email"],
+        "scope": "openid profile email",
        "contacts": ["newcontact@example.org"],
        "tos_uri": "https://newname.example.org/tos",
        "policy_uri": "https://newname.example.org/policy",
@ -103,7 +103,7 @@ def test_update(testclient, slapd_connection, client, user):
        "client_name": "new name",
        "client_uri": "https://newname.example.org",
        "logo_uri": "https://newname.example.org/logo.png",
-        "scope": ["openid", "profile", "email"],
+        "scope": "openid profile email",
        "contacts": ["newcontact@example.org"],
        "tos_uri": "https://newname.example.org/tos",
        "policy_uri": "https://newname.example.org/policy",