Fixed hybrid grant

2020-08-21 10:06:53 +02:00 · 2020-08-21 10:06:53 +02:00 · 7cd6cef5be
commit 7cd6cef5be
parent 4a22f19b44
3 changed files with 10 additions and 18 deletions
--- a/tests/test_hybrid_flow.py
+++ b/tests/test_hybrid_flow.py
@ -7,7 +7,7 @@ def test_success(testclient, slapd_connection, user, client):
    res = testclient.get(
        "/oauth/authorize",
        params=dict(
-            response_type=["code", "token"],
+            response_type="code token",
            client_id=client.oauthClientID,
            scope="openid profile",
            nonce="somenonce",
@ -27,24 +27,13 @@ def test_success(testclient, slapd_connection, user, client):
    assert 302 == res.status_code

    assert res.location.startswith(client.oauthRedirectURIs[0])
-    params = parse_qs(urlsplit(res.location).query)
+    params = parse_qs(urlsplit(res.location).fragment)
+
    code = params["code"][0]
    authcode = AuthorizationCode.get(code, conn=slapd_connection)
    assert authcode is not None

-    res = testclient.post(
-        "/oauth/token",
-        params=dict(
-            grant_type="authorization_code",
-            code=code,
-            scope="profile",
-            redirect_uri=client.oauthRedirectURIs[0],
-        ),
-        headers={"Authorization": f"Basic {client_credentials(client)}"},
-    )
-    assert 200 == res.status_code
-    access_token = res.json["access_token"]
-
+    access_token = params["access_token"][0]
    token = Token.get(access_token, conn=slapd_connection)
    assert token is not None

--- a/web/models.py
+++ b/web/models.py
@ -89,7 +89,7 @@ class Client(LDAPObjectHelper, ClientMixin):
        return method == self.oauthTokenEndpointAuthMethod

    def check_response_type(self, response_type):
-        return response_type in self.oauthResponseType
+        return all(r in self.oauthResponseType for r in response_type.split(" "))

    def check_grant_type(self, grant_type):
        return grant_type in self.oauthGrantType
--- a/web/oauth2utils.py
+++ b/web/oauth2utils.py
@ -14,6 +14,7 @@ from authlib.oidc.core.grants import (
    OpenIDHybridGrant as _OpenIDHybridGrant,
 )
 from authlib.oidc.core import UserInfo
+from werkzeug.security import gen_salt
 from .models import Client, AuthorizationCode, Token, User

 DUMMY_JWT_CONFIG = {
@ -115,12 +116,14 @@ class OpenIDImplicitGrant(_OpenIDImplicitGrant):


 class OpenIDHybridGrant(_OpenIDHybridGrant):
+    def create_authorization_code(self, client, grant_user, request):
+        code = gen_salt(48)
+        return self.save_authorization_code(code, request)
+
    def save_authorization_code(self, code, request):
-        raise NotImplementedError()
        return save_authorization_code(code, request)

    def exists_nonce(self, nonce, request):
-        raise NotImplementedError()
        return exists_nonce(nonce, request)

    def get_jwt_config(self):