globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Fixed dynamic client registration scope management

Browse source
This commit is contained in:
Éloi Rivard 2023-01-28 14:04:04 +01:00
parent 02f03685de
commit 63f927830a
5 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGES.rst
View file

@ -19,6 +19,7 @@ Fixed
- Fix wording and punctuations. :pr:`86` - Fix wording and punctuations. :pr:`86`
- Fix HTML lang tag :issue:`122` :pr:`87` - Fix HTML lang tag :issue:`122` :pr:`87`
- Automatically trims the HTML translated strings. :pr:`91` - Automatically trims the HTML translated strings. :pr:`91`
- Fixed dynamic registration scope management. :issue:`123` :pr:`93`
[0.0.19] - 2023-01-14 [0.0.19] - 2023-01-14
===================== =====================

5
canaille/oidc/models.py
View file

@ -88,10 +88,13 @@ class Client(LDAPObject, ClientMixin):
@property @property
def client_metadata(self): def client_metadata(self):
return { metadata = {
attribute_name: getattr(self, attribute_name) attribute_name: getattr(self, attribute_name)
for attribute_name in self.client_metadata_attributes for attribute_name in self.client_metadata_attributes
} }
if "scope" in metadata:
metadata["scope"] = " ".join(metadata["scope"])
return metadata
class AuthorizationCode(LDAPObject, AuthorizationCodeMixin): class AuthorizationCode(LDAPObject, AuthorizationCodeMixin):

8
canaille/oidc/oauth.py
View file

@ -351,6 +351,10 @@ class ClientRegistrationEndpoint(ClientManagementMixin, _ClientRegistrationEndpo
client_info["client_id_issued_at"] = datetime.datetime.fromtimestamp( client_info["client_id_issued_at"] = datetime.datetime.fromtimestamp(
client_info["client_id_issued_at"] client_info["client_id_issued_at"]
) )
if "scope" in client_metadata and not isinstance(
client_metadata["scope"], list
):
client_metadata["scope"] = client_metadata["scope"].split(" ")
client = Client(**client_info, **client_metadata) client = Client(**client_info, **client_metadata)
client.save() client.save()
return client return client
@ -371,6 +375,10 @@ class ClientConfigurationEndpoint(ClientManagementMixin, _ClientConfigurationEnd
client.delete() client.delete()
def update_client(self, client, client_metadata, request): def update_client(self, client, client_metadata, request):
if "scope" in client_metadata and not isinstance(
client_metadata["scope"], list
):
client_metadata["scope"] = client_metadata["scope"].split(" ")
for key, value in client_metadata.items(): for key, value in client_metadata.items():
setattr(client, key, value) setattr(client, key, value)
client.save() client.save()

8
tests/oidc/test_dynamic_client_registration.py
View file

@ -139,7 +139,7 @@ def test_client_registration_with_software_statement(
"https://client.example.org/callback2", "https://client.example.org/callback2",
], ],
"software_statement": software_statement, "software_statement": software_statement,
"scope": ["openid", "profile"], "scope": "openid profile",
} }
print(payload["software_statement"]) print(payload["software_statement"])
res = testclient.post_json("/oauth/register", payload, status=201) res = testclient.post_json("/oauth/register", payload, status=201)
@ -156,7 +156,7 @@ def test_client_registration_with_software_statement(
], ],
"grant_types": ["authorization_code"], "grant_types": ["authorization_code"],
"response_types": ["code"], "response_types": ["code"],
"scope": ["openid", "profile"], "scope": "openid profile",
"token_endpoint_auth_method": "client_secret_basic", "token_endpoint_auth_method": "client_secret_basic",
"client_name": "Example Statement-based Client", "client_name": "Example Statement-based Client",
"client_uri": "https://client.example.net/", "client_uri": "https://client.example.net/",
@ -185,7 +185,7 @@ def test_client_registration_without_authentication_ok(testclient, slapd_connect
"jwks_uri": "https://client.example.org/my_public_keys.jwks", "jwks_uri": "https://client.example.org/my_public_keys.jwks",
"grant_types": ["authorization_code", "implicit"], "grant_types": ["authorization_code", "implicit"],
"response_types": ["code", "token"], "response_types": ["code", "token"],
"scope": ["openid", "profile"], "scope": "openid profile",
"contacts": ["contact@example.com"], "contacts": ["contact@example.com"],
"tos_uri": "https://example.com/uri", "tos_uri": "https://example.com/uri",
"policy_uri": "https://example.com/policy", "policy_uri": "https://example.com/policy",
@ -212,7 +212,7 @@ def test_client_registration_without_authentication_ok(testclient, slapd_connect
"token_endpoint_auth_method": "client_secret_basic", "token_endpoint_auth_method": "client_secret_basic",
"grant_types": ["authorization_code", "implicit"], "grant_types": ["authorization_code", "implicit"],
"response_types": ["code", "token"], "response_types": ["code", "token"],
"scope": ["openid", "profile"], "scope": "openid profile",
"contacts": ["contact@example.com"], "contacts": ["contact@example.com"],
"tos_uri": "https://example.com/uri", "tos_uri": "https://example.com/uri",
"policy_uri": "https://example.com/policy", "policy_uri": "https://example.com/policy",

6
tests/oidc/test_dynamic_client_registration_management.py
View file

@ -35,7 +35,7 @@ def test_get(testclient, slapd_connection, client, user):
"client_name": "Some client", "client_name": "Some client",
"client_uri": "https://mydomain.tld", "client_uri": "https://mydomain.tld",
"logo_uri": "https://mydomain.tld/logo.png", "logo_uri": "https://mydomain.tld/logo.png",
"scope": ["openid", "email", "profile", "groups", "address", "phone"], "scope": "openid email profile groups address phone",
"contacts": ["contact@mydomain.tld"], "contacts": ["contact@mydomain.tld"],
"tos_uri": "https://mydomain.tld/tos", "tos_uri": "https://mydomain.tld/tos",
"policy_uri": "https://mydomain.tld/policy", "policy_uri": "https://mydomain.tld/policy",
@ -74,7 +74,7 @@ def test_update(testclient, slapd_connection, client, user):
"client_name": "new name", "client_name": "new name",
"client_uri": "https://newname.example.org", "client_uri": "https://newname.example.org",
"logo_uri": "https://newname.example.org/logo.png", "logo_uri": "https://newname.example.org/logo.png",
"scope": ["openid", "profile", "email"], "scope": "openid profile email",
"contacts": ["newcontact@example.org"], "contacts": ["newcontact@example.org"],
"tos_uri": "https://newname.example.org/tos", "tos_uri": "https://newname.example.org/tos",
"policy_uri": "https://newname.example.org/policy", "policy_uri": "https://newname.example.org/policy",
@ -103,7 +103,7 @@ def test_update(testclient, slapd_connection, client, user):
"client_name": "new name", "client_name": "new name",
"client_uri": "https://newname.example.org", "client_uri": "https://newname.example.org",
"logo_uri": "https://newname.example.org/logo.png", "logo_uri": "https://newname.example.org/logo.png",
"scope": ["openid", "profile", "email"], "scope": "openid profile email",
"contacts": ["newcontact@example.org"], "contacts": ["newcontact@example.org"],
"tos_uri": "https://newname.example.org/tos", "tos_uri": "https://newname.example.org/tos",
"policy_uri": "https://newname.example.org/policy", "policy_uri": "https://newname.example.org/policy",