forked from Github-Mirrors/canaille
Fixed dynamic client registration scope management
This commit is contained in:
parent
02f03685de
commit
63f927830a
5 changed files with 20 additions and 8 deletions
|
@ -19,6 +19,7 @@ Fixed
|
||||||
- Fix wording and punctuations. :pr:`86`
|
- Fix wording and punctuations. :pr:`86`
|
||||||
- Fix HTML lang tag :issue:`122` :pr:`87`
|
- Fix HTML lang tag :issue:`122` :pr:`87`
|
||||||
- Automatically trims the HTML translated strings. :pr:`91`
|
- Automatically trims the HTML translated strings. :pr:`91`
|
||||||
|
- Fixed dynamic registration scope management. :issue:`123` :pr:`93`
|
||||||
|
|
||||||
[0.0.19] - 2023-01-14
|
[0.0.19] - 2023-01-14
|
||||||
=====================
|
=====================
|
||||||
|
|
|
@ -88,10 +88,13 @@ class Client(LDAPObject, ClientMixin):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def client_metadata(self):
|
def client_metadata(self):
|
||||||
return {
|
metadata = {
|
||||||
attribute_name: getattr(self, attribute_name)
|
attribute_name: getattr(self, attribute_name)
|
||||||
for attribute_name in self.client_metadata_attributes
|
for attribute_name in self.client_metadata_attributes
|
||||||
}
|
}
|
||||||
|
if "scope" in metadata:
|
||||||
|
metadata["scope"] = " ".join(metadata["scope"])
|
||||||
|
return metadata
|
||||||
|
|
||||||
|
|
||||||
class AuthorizationCode(LDAPObject, AuthorizationCodeMixin):
|
class AuthorizationCode(LDAPObject, AuthorizationCodeMixin):
|
||||||
|
|
|
@ -351,6 +351,10 @@ class ClientRegistrationEndpoint(ClientManagementMixin, _ClientRegistrationEndpo
|
||||||
client_info["client_id_issued_at"] = datetime.datetime.fromtimestamp(
|
client_info["client_id_issued_at"] = datetime.datetime.fromtimestamp(
|
||||||
client_info["client_id_issued_at"]
|
client_info["client_id_issued_at"]
|
||||||
)
|
)
|
||||||
|
if "scope" in client_metadata and not isinstance(
|
||||||
|
client_metadata["scope"], list
|
||||||
|
):
|
||||||
|
client_metadata["scope"] = client_metadata["scope"].split(" ")
|
||||||
client = Client(**client_info, **client_metadata)
|
client = Client(**client_info, **client_metadata)
|
||||||
client.save()
|
client.save()
|
||||||
return client
|
return client
|
||||||
|
@ -371,6 +375,10 @@ class ClientConfigurationEndpoint(ClientManagementMixin, _ClientConfigurationEnd
|
||||||
client.delete()
|
client.delete()
|
||||||
|
|
||||||
def update_client(self, client, client_metadata, request):
|
def update_client(self, client, client_metadata, request):
|
||||||
|
if "scope" in client_metadata and not isinstance(
|
||||||
|
client_metadata["scope"], list
|
||||||
|
):
|
||||||
|
client_metadata["scope"] = client_metadata["scope"].split(" ")
|
||||||
for key, value in client_metadata.items():
|
for key, value in client_metadata.items():
|
||||||
setattr(client, key, value)
|
setattr(client, key, value)
|
||||||
client.save()
|
client.save()
|
||||||
|
|
|
@ -139,7 +139,7 @@ def test_client_registration_with_software_statement(
|
||||||
"https://client.example.org/callback2",
|
"https://client.example.org/callback2",
|
||||||
],
|
],
|
||||||
"software_statement": software_statement,
|
"software_statement": software_statement,
|
||||||
"scope": ["openid", "profile"],
|
"scope": "openid profile",
|
||||||
}
|
}
|
||||||
print(payload["software_statement"])
|
print(payload["software_statement"])
|
||||||
res = testclient.post_json("/oauth/register", payload, status=201)
|
res = testclient.post_json("/oauth/register", payload, status=201)
|
||||||
|
@ -156,7 +156,7 @@ def test_client_registration_with_software_statement(
|
||||||
],
|
],
|
||||||
"grant_types": ["authorization_code"],
|
"grant_types": ["authorization_code"],
|
||||||
"response_types": ["code"],
|
"response_types": ["code"],
|
||||||
"scope": ["openid", "profile"],
|
"scope": "openid profile",
|
||||||
"token_endpoint_auth_method": "client_secret_basic",
|
"token_endpoint_auth_method": "client_secret_basic",
|
||||||
"client_name": "Example Statement-based Client",
|
"client_name": "Example Statement-based Client",
|
||||||
"client_uri": "https://client.example.net/",
|
"client_uri": "https://client.example.net/",
|
||||||
|
@ -185,7 +185,7 @@ def test_client_registration_without_authentication_ok(testclient, slapd_connect
|
||||||
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
|
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
|
||||||
"grant_types": ["authorization_code", "implicit"],
|
"grant_types": ["authorization_code", "implicit"],
|
||||||
"response_types": ["code", "token"],
|
"response_types": ["code", "token"],
|
||||||
"scope": ["openid", "profile"],
|
"scope": "openid profile",
|
||||||
"contacts": ["contact@example.com"],
|
"contacts": ["contact@example.com"],
|
||||||
"tos_uri": "https://example.com/uri",
|
"tos_uri": "https://example.com/uri",
|
||||||
"policy_uri": "https://example.com/policy",
|
"policy_uri": "https://example.com/policy",
|
||||||
|
@ -212,7 +212,7 @@ def test_client_registration_without_authentication_ok(testclient, slapd_connect
|
||||||
"token_endpoint_auth_method": "client_secret_basic",
|
"token_endpoint_auth_method": "client_secret_basic",
|
||||||
"grant_types": ["authorization_code", "implicit"],
|
"grant_types": ["authorization_code", "implicit"],
|
||||||
"response_types": ["code", "token"],
|
"response_types": ["code", "token"],
|
||||||
"scope": ["openid", "profile"],
|
"scope": "openid profile",
|
||||||
"contacts": ["contact@example.com"],
|
"contacts": ["contact@example.com"],
|
||||||
"tos_uri": "https://example.com/uri",
|
"tos_uri": "https://example.com/uri",
|
||||||
"policy_uri": "https://example.com/policy",
|
"policy_uri": "https://example.com/policy",
|
||||||
|
|
|
@ -35,7 +35,7 @@ def test_get(testclient, slapd_connection, client, user):
|
||||||
"client_name": "Some client",
|
"client_name": "Some client",
|
||||||
"client_uri": "https://mydomain.tld",
|
"client_uri": "https://mydomain.tld",
|
||||||
"logo_uri": "https://mydomain.tld/logo.png",
|
"logo_uri": "https://mydomain.tld/logo.png",
|
||||||
"scope": ["openid", "email", "profile", "groups", "address", "phone"],
|
"scope": "openid email profile groups address phone",
|
||||||
"contacts": ["contact@mydomain.tld"],
|
"contacts": ["contact@mydomain.tld"],
|
||||||
"tos_uri": "https://mydomain.tld/tos",
|
"tos_uri": "https://mydomain.tld/tos",
|
||||||
"policy_uri": "https://mydomain.tld/policy",
|
"policy_uri": "https://mydomain.tld/policy",
|
||||||
|
@ -74,7 +74,7 @@ def test_update(testclient, slapd_connection, client, user):
|
||||||
"client_name": "new name",
|
"client_name": "new name",
|
||||||
"client_uri": "https://newname.example.org",
|
"client_uri": "https://newname.example.org",
|
||||||
"logo_uri": "https://newname.example.org/logo.png",
|
"logo_uri": "https://newname.example.org/logo.png",
|
||||||
"scope": ["openid", "profile", "email"],
|
"scope": "openid profile email",
|
||||||
"contacts": ["newcontact@example.org"],
|
"contacts": ["newcontact@example.org"],
|
||||||
"tos_uri": "https://newname.example.org/tos",
|
"tos_uri": "https://newname.example.org/tos",
|
||||||
"policy_uri": "https://newname.example.org/policy",
|
"policy_uri": "https://newname.example.org/policy",
|
||||||
|
@ -103,7 +103,7 @@ def test_update(testclient, slapd_connection, client, user):
|
||||||
"client_name": "new name",
|
"client_name": "new name",
|
||||||
"client_uri": "https://newname.example.org",
|
"client_uri": "https://newname.example.org",
|
||||||
"logo_uri": "https://newname.example.org/logo.png",
|
"logo_uri": "https://newname.example.org/logo.png",
|
||||||
"scope": ["openid", "profile", "email"],
|
"scope": "openid profile email",
|
||||||
"contacts": ["newcontact@example.org"],
|
"contacts": ["newcontact@example.org"],
|
||||||
"tos_uri": "https://newname.example.org/tos",
|
"tos_uri": "https://newname.example.org/tos",
|
||||||
"policy_uri": "https://newname.example.org/policy",
|
"policy_uri": "https://newname.example.org/policy",
|
||||||
|
|
Loading…
Reference in a new issue