globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Variable renaming

Browse source
This commit is contained in:
Éloi Rivard 2022-10-17 17:49:52 +02:00 committed by Éloi Rivard
parent da5f288e4f
commit 659efaf7ef
17 changed files with 88 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
canaille/ldap_backend/schemas/oauth2-openldap.ldif
View file

@ -135,7 +135,6 @@ olcAttributeTypes: ( 1.3.6.1.4.1.56207.1.1.16 NAME 'oauthClientContact'
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications
X-ORIGIN 'OAuth 2.0' )
olcAttributeTypes: ( 1.3.6.1.4.1.56207.1.1.17 NAME 'oauthClientURI'

1
canaille/ldap_backend/schemas/oauth2-openldap.schema
View file

@ -132,7 +132,6 @@ attributetype ( 1.3.6.1.4.1.56207.1.1.16 NAME 'oauthClientContact'
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications
X-ORIGIN 'OAuth 2.0' )
attributetype ( 1.3.6.1.4.1.56207.1.1.17 NAME 'oauthClientURI'

42
canaille/oidc/clients.py
View file

@ -28,21 +28,21 @@ def index(user):
def client_audiences():
return [(client.dn, client.name) for client in Client.all()]
return [(client.dn, client.client_name) for client in Client.all()]
class ClientAdd(FlaskForm):
name = wtforms.StringField(
client_name = wtforms.StringField(
_("Name"),
validators=[wtforms.validators.DataRequired()],
render_kw={"placeholder": "Client Name"},
)
contact = wtforms.EmailField(
contacts = wtforms.EmailField(
_("Contact"),
validators=[wtforms.validators.Optional()],
render_kw={"placeholder": "admin@mydomain.tld"},
)
uri = wtforms.URLField(
client_uri = wtforms.URLField(
_("URI"),
validators=[wtforms.validators.DataRequired()],
render_kw={"placeholder": "https://mydomain.tld"},
@ -57,7 +57,7 @@ class ClientAdd(FlaskForm):
validators=[wtforms.validators.Optional()],
render_kw={"placeholder": "https://mydomain.tld/you-have-been-disconnected"},
)
grant_type = wtforms.SelectMultipleField(
grant_types = wtforms.SelectMultipleField(
_("Grant types"),
validators=[wtforms.validators.DataRequired()],
choices=[
@ -75,7 +75,7 @@ class ClientAdd(FlaskForm):
default="openid profile email",
render_kw={"placeholder": "openid profile"},
)
response_type = wtforms.SelectMultipleField(
response_types = wtforms.SelectMultipleField(
_("Response types"),
validators=[wtforms.validators.DataRequired()],
choices=[("code", "code"), ("token", "token"), ("id_token", "id_token")],
@ -127,7 +127,7 @@ class ClientAdd(FlaskForm):
validators=[wtforms.validators.Optional()],
render_kw={"placeholder": ""},
)
jwk_uri = wtforms.URLField(
jwks_uri = wtforms.URLField(
_("JKW URI"),
validators=[wtforms.validators.Optional()],
render_kw={"placeholder": ""},
@ -162,14 +162,14 @@ def add(user):
client_id_issued_at = datetime.datetime.now()
client = Client(
client_id=client_id,
issue_date=client_id_issued_at,
name=form["name"].data,
contact=form["contact"].data,
uri=form["uri"].data,
grant_type=form["grant_type"].data,
client_id_issued_at=client_id_issued_at,
client_name=form["client_name"].data,
contacts=[form["contacts"].data],
client_uri=form["client_uri"].data,
grant_types=form["grant_types"].data,
redirect_uris=[form["redirect_uris"].data],
post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],
response_type=form["response_type"].data,
response_types=form["response_types"].data,
scope=form["scope"].data.split(" "),
token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
logo_uri=form["logo_uri"].data,
@ -178,9 +178,9 @@ def add(user):
software_id=form["software_id"].data,
software_version=form["software_version"].data,
jwk=form["jwk"].data,
jwk_uri=form["jwk_uri"].data,
jwks_uri=form["jwks_uri"].data,
preconsent=form["preconsent"].data,
secret=""
client_secret=""
if form["token_endpoint_auth_method"].data == "none"
else gen_salt(48),
)
@ -236,13 +236,13 @@ def client_edit(client_id):
else:
client.update(
name=form["name"].data,
contact=form["contact"].data,
uri=form["uri"].data,
grant_type=form["grant_type"].data,
client_name=form["client_name"].data,
contacts=[form["contacts"].data],
client_uri=form["client_uri"].data,
grant_types=form["grant_types"].data,
redirect_uris=[form["redirect_uris"].data],
post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],
response_type=form["response_type"].data,
response_types=form["response_types"].data,
scope=form["scope"].data.split(" "),
token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
logo_uri=form["logo_uri"].data,
@ -251,7 +251,7 @@ def client_edit(client_id):
software_id=form["software_id"].data,
software_version=form["software_version"].data,
jwk=form["jwk"].data,
jwk_uri=form["jwk_uri"].data,
jwks_uri=form["jwks_uri"].data,
audience=form["audience"].data,
preconsent=form["preconsent"].data,
)

26
canaille/oidc/models.py
View file

@ -15,21 +15,21 @@ class Client(LDAPObject, ClientMixin):
attribute_table = {
"description": "description",
"client_id": "oauthClientID",
"name": "oauthClientName",
"contact": "oauthClientContact",
"uri": "oauthClientURI",
"client_name": "oauthClientName",
"contacts": "oauthClientContact",
"client_uri": "oauthClientURI",
"redirect_uris": "oauthRedirectURIs",
"post_logout_redirect_uris": "oauthPostLogoutRedirectURI",
"logo_uri": "oauthLogoURI",
"issue_date": "oauthIssueDate",
"secret": "oauthClientSecret",
"secret_expires_date": "oauthClientSecretExpDate",
"grant_type": "oauthGrantType",
"response_type": "oauthResponseType",
"client_id_issued_at": "oauthIssueDate",
"client_secret": "oauthClientSecret",
"client_secret_expires_date": "oauthClientSecretExpDate",
"grant_types": "oauthGrantType",
"response_types": "oauthResponseType",
"scope": "oauthScope",
"tos_uri": "oauthTermsOfServiceURI",
"policy_uri": "oauthPolicyURI",
"jwk_uri": "oauthJWKURI",
"jwks_uri": "oauthJWKURI",
"jwk": "oauthJWK",
"token_endpoint_auth_method": "oauthTokenEndpointAuthMethod",
"software_id": "oauthSoftwareID",
@ -50,10 +50,10 @@ class Client(LDAPObject, ClientMixin):
return redirect_uri in self.redirect_uris
def has_client_secret(self):
return bool(self.secret)
return bool(self.client_secret)
def check_client_secret(self, client_secret):
return client_secret == self.secret
return client_secret == self.client_secret
def check_endpoint_auth_method(self, method, endpoint):
if endpoint == "token":
@ -61,10 +61,10 @@ class Client(LDAPObject, ClientMixin):
return True
def check_response_type(self, response_type):
return all(r in self.response_type for r in response_type.split(" "))
return all(r in self.response_types for r in response_type.split(" "))
def check_grant_type(self, grant_type):
return grant_type in self.grant_type
return grant_type in self.grant_types
@property
def client_info(self):

2
canaille/templates/oidc/admin/client_edit.html
View file

@ -49,7 +49,7 @@
<div class="field">
<label>{% trans %}Issued at{% endtrans %}</label>
<div class="ui cornor labeled input">
<input type="text" value="{{ client.issue_date }}" readonly name="issue_date">
<input type="text" value="{{ client.client_id_issued_at }}" readonly name="client_id_issued_at">
<div class="ui corner label" title="{{ _("This field is not editable") }}">
<i class="lock icon"></i>
</div>

4
canaille/templates/oidc/admin/client_list.html
View file

@ -35,9 +35,9 @@
{% endif %}
</a>
</td>
<td><a href="{{ url_for('oidc.clients.edit', client_id=client.client_id) }}">{{ client.name }}</a></td>
<td><a href="{{ url_for('oidc.clients.edit', client_id=client.client_id) }}">{{ client.client_name }}</a></td>
<td><a href="{{ client.uri }}">{{ client.uri }}</a></td>
<td>{% if client.issue_date %}{{ client.issue_date }}{% endif %}</td>
<td>{% if client.client_id_issued_at %}{{ client.client_id_issued_at }}{% endif %}</td>
</tr>
{% endfor %}
</table>

2
canaille/templates/oidc/admin/token_list.html
View file

@ -29,7 +29,7 @@
</td>
<td>
<a href="{{ url_for('oidc.clients.edit', client_id=client.client_id) }}">
{{ client.name }}
{{ client.client_name }}
</a>
</td>
<td>

4
canaille/templates/oidc/admin/token_view.html
View file

@ -17,7 +17,7 @@
<td>{{ _("Client") }}</td>
<td>
<a href="{{ url_for("oidc.clients.edit", client_id=token_client.client_id) }}">
{{ token_client.name }}
{{ token_client.client_name }}
</a>
</td>
</tr>
@ -46,7 +46,7 @@
{% for client in token_audience %}
<li class="item">
<a href="{{ url_for("oidc.clients.edit", client_id=client.dn) }}">
{{ client.name }}
{{ client.client_name }}
</a>
</li>
{% endfor %}

4
canaille/templates/oidc/user/authorize.html
View file

@ -3,10 +3,10 @@
{% block content %}
<div class="ui segment">
{% if client.logo_uri %}
<img class="ui centered tiny image" src="{{ client.logo_uri }}" alt="{{ client.name }}">
<img class="ui centered tiny image" src="{{ client.logo_uri }}" alt="{{ client.client_name }}">
{% endif %}
<h2 class="ui header">{{ gettext('The application %(name)s is requesting access to:', name=client.name) }}</h2>
<h2 class="ui header">{{ gettext('The application %(name)s is requesting access to:', name=client.client_name) }}</h2>
<div class="ui divided items">
{% for claim in grant.request.scope.split(" ") %}

4
canaille/templates/oidc/user/consent_list.html
View file

@ -32,9 +32,9 @@
<img class="right floated mini ui image" src="{{ client.logo_uri }}">
{% endif %}
{% if client.uri %}
<a href="{{ client.uri }}" class="header">{{ client.name }}</a>
<a href="{{ client.uri }}" class="header">{{ client.client_name }}</a>
{% else %}
<div class="header">{{ client.name }}</div>
<div class="header">{{ client.client_name }}</div>
{% endif %}
<div class="meta">{% trans %}From:{% endtrans %} {{ consent.issue_date.strftime("%d/%m/%Y %H:%M:%S") }}</div>
{% if consent.revokation_date %}

2
canaille/templates/oidc/user/logout.html
View file

@ -13,7 +13,7 @@
<p>
{{ _("You are currently logged in as %(username)s.", username=user.name) }}
{% if client %}
{{ _("The application %(client_name)s want to disconnect your account.", client_name=client.name) }}
{{ _("The application %(client_name)s want to disconnect your account.", client_name=client.client_name) }}
{% endif %}
</p>
</div>

2
tests/oidc/__init__.py
View file

@ -3,5 +3,5 @@ import base64
def client_credentials(client):
return base64.b64encode(
client.client_id.encode("utf-8") + b":" + client.secret.encode("utf-8")
client.client_id.encode("utf-8") + b":" + client.client_secret.encode("utf-8")
).decode("utf-8")

32
tests/oidc/conftest.py
View file

@ -15,28 +15,28 @@ from werkzeug.security import gen_salt
def client(testclient, other_client, slapd_connection):
c = Client(
client_id=gen_salt(24),
name="Some client",
contact="contact@mydomain.tld",
uri="https://mydomain.tld",
client_name="Some client",
contacts="contact@mydomain.tld",
client_uri="https://mydomain.tld",
redirect_uris=[
"https://mydomain.tld/redirect1",
"https://mydomain.tld/redirect2",
],
logo_uri="https://mydomain.tld/logo.png",
issue_date=datetime.datetime.now(),
secret=gen_salt(48),
grant_type=[
client_id_issued_at=datetime.datetime.now(),
client_secret=gen_salt(48),
grant_types=[
"password",
"authorization_code",
"implicit",
"hybrid",
"refresh_token",
],
response_type=["code", "token", "id_token"],
response_types=["code", "token", "id_token"],
scope=["openid", "email", "profile", "groups", "address", "phone"],
tos_uri="https://mydomain.tld/tos",
policy_uri="https://mydomain.tld/policy",
jwk_uri="https://mydomain.tld/jwk",
jwks_uri="https://mydomain.tld/jwk",
token_endpoint_auth_method="client_secret_basic",
post_logout_redirect_uris=["https://mydomain.tld/disconnected"],
)
@ -54,28 +54,28 @@ def client(testclient, other_client, slapd_connection):
def other_client(testclient, slapd_connection):
c = Client(
client_id=gen_salt(24),
name="Some other client",
contact="contact@myotherdomain.tld",
uri="https://myotherdomain.tld",
client_name="Some other client",
contacts="contact@myotherdomain.tld",
client_uri="https://myotherdomain.tld",
redirect_uris=[
"https://myotherdomain.tld/redirect1",
"https://myotherdomain.tld/redirect2",
],
logo_uri="https://myotherdomain.tld/logo.png",
issue_date=datetime.datetime.now(),
secret=gen_salt(48),
grant_type=[
client_id_issued_at=datetime.datetime.now(),
client_secret=gen_salt(48),
grant_types=[
"password",
"authorization_code",
"implicit",
"hybrid",
"refresh_token",
],
response_type=["code", "token", "id_token"],
response_types=["code", "token", "id_token"],
scope=["openid", "profile", "groups"],
tos_uri="https://myotherdomain.tld/tos",
policy_uri="https://myotherdomain.tld/policy",
jwk_uri="https://myotherdomain.tld/jwk",
jwks_uri="https://myotherdomain.tld/jwk",
token_endpoint_auth_method="client_secret_basic",
post_logout_redirect_uris=["https://myotherdomain.tld/disconnected"],
)

30
tests/oidc/test_client_admin.py
View file

@ -15,19 +15,19 @@ def test_invalid_client_edition(testclient, logged_admin):
def test_client_list(testclient, client, logged_admin):
res = testclient.get("/admin/client")
assert client.name in res.text
assert client.client_name in res.text
def test_client_add(testclient, logged_admin):
res = testclient.get("/admin/client/add")
data = {
"name": "foobar",
"contact": "foo@bar.com",
"uri": "https://foo.bar",
"client_name": "foobar",
"contacts": "foo@bar.com",
"client_uri": "https://foo.bar",
"redirect_uris": ["https:/foo.bar/callback"],
"grant_type": ["password", "authorization_code"],
"grant_types": ["password", "authorization_code"],
"scope": "openid profile",
"response_type": ["code", "token"],
"response_types": ["code", "token"],
"token_endpoint_auth_method": "none",
"logo_uri": "https://foo.bar/logo.png",
"tos_uri": "https://foo.bar/tos",
@ -35,7 +35,7 @@ def test_client_add(testclient, logged_admin):
"software_id": "software",
"software_version": "1",
"jwk": "jwk",
"jwk_uri": "https://foo.bar/jwks.json",
"jwks_uri": "https://foo.bar/jwks.json",
"audience": [],
"preconsent": False,
"post_logout_redirect_uris": ["https://foo.bar/disconnected"],
@ -55,6 +55,8 @@ def test_client_add(testclient, logged_admin):
assert v == " ".join(client_value)
elif k == "preconsent":
assert v is False
elif k == "contacts":
assert [v] == client_value
else:
assert v == client_value
@ -62,13 +64,13 @@ def test_client_add(testclient, logged_admin):
def test_client_edit(testclient, client, logged_admin, other_client):
res = testclient.get("/admin/client/edit/" + client.client_id)
data = {
"name": "foobar",
"contact": "foo@bar.com",
"uri": "https://foo.bar",
"client_name": "foobar",
"contacts": "foo@bar.com",
"client_uri": "https://foo.bar",
"redirect_uris": ["https:/foo.bar/callback"],
"grant_type": ["password", "authorization_code"],
"grant_types": ["password", "authorization_code"],
"scope": "openid profile",
"response_type": ["code", "token"],
"response_types": ["code", "token"],
"token_endpoint_auth_method": "none",
"logo_uri": "https://foo.bar/logo.png",
"tos_uri": "https://foo.bar/tos",
@ -76,7 +78,7 @@ def test_client_edit(testclient, client, logged_admin, other_client):
"software_id": "software",
"software_version": "1",
"jwk": "jwk",
"jwk_uri": "https://foo.bar/jwks.json",
"jwks_uri": "https://foo.bar/jwks.json",
"audience": [client.dn, other_client.dn],
"preconsent": True,
"post_logout_redirect_uris": ["https://foo.bar/disconnected"],
@ -96,6 +98,8 @@ def test_client_edit(testclient, client, logged_admin, other_client):
assert v == " ".join(client_value)
elif k == "preconsent":
assert v is True
elif k == "contacts":
assert [v] == client_value
else:
assert v == client_value

4
tests/oidc/test_consent.py
View file

@ -4,13 +4,13 @@ def test_no_logged_no_access(testclient):
def test_consent_list(testclient, client, consent, logged_user, token):
res = testclient.get("/consent", status=200)
assert client.name in res.text
assert client.client_name in res.text
assert not token.revoked
res = testclient.get(f"/consent/delete/{consent.cn[0]}", status=302)
res = res.follow(status=200)
assert client.name not in res.text
assert client.client_name not in res.text
token.reload()
assert token.revoked

12
tests/oidc/test_implicit_flow.py
View file

@ -6,7 +6,7 @@ from canaille.oidc.models import Token
def test_oauth_implicit(testclient, user, client):
client.grant_type = ["token"]
client.grant_types = ["token"]
client.token_endpoint_auth_method = "none"
client.save()
@ -48,13 +48,13 @@ def test_oauth_implicit(testclient, user, client):
"family_name": "Doe",
} == res.json
client.grant_type = ["code"]
client.grant_types = ["code"]
client.token_endpoint_auth_method = "client_secret_basic"
client.save()
def test_oidc_implicit(testclient, keypair, user, client, other_client):
client.grant_type = ["token id_token"]
client.grant_types = ["token id_token"]
client.token_endpoint_auth_method = "none"
client.save()
@ -104,7 +104,7 @@ def test_oidc_implicit(testclient, keypair, user, client, other_client):
"family_name": "Doe",
} == res.json
client.grant_type = ["code"]
client.grant_types = ["code"]
client.token_endpoint_auth_method = "client_secret_basic"
client.save()
@ -112,7 +112,7 @@ def test_oidc_implicit(testclient, keypair, user, client, other_client):
def test_oidc_implicit_with_group(
testclient, keypair, user, client, foo_group, other_client
):
client.grant_type = ["token id_token"]
client.grant_types = ["token id_token"]
client.token_endpoint_auth_method = "none"
client.save()
@ -164,6 +164,6 @@ def test_oidc_implicit_with_group(
"groups": ["foo"],
} == res.json
client.grant_type = ["code"]
client.grant_types = ["code"]
client.token_endpoint_auth_method = "client_secret_basic"
client.save()

2
tests/oidc/test_password_flow.py
View file

@ -48,7 +48,7 @@ def test_password_flow_post(testclient, user, client):
password="correct horse battery staple",
scope="openid profile groups",
client_id=client.client_id,
client_secret=client.secret,
client_secret=client.client_secret,
),
status=200,
)