globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

fix: return a 403 error when users are missing permissions for OIDC authentication

Browse source
This commit is contained in:
Éloi Rivard 2023-12-22 16:39:20 +01:00
parent cccbafeb0e
commit 97394823bf
No known key found for this signature in database
GPG key ID: 7EDA204EA57DD184
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
canaille/oidc/endpoints.py
View file

@ -48,11 +48,11 @@ def authorize():
)
if "client_id" not in request.args:
abort(400)
abort(400, "client_id parameter is missing.")
client = models.Client.get(client_id=request.args["client_id"])
if not client:
abort(400)
abort(400, "Invalid client.")
user = current_user()
scopes = client.get_allowed_scope(request.args.get("scope", "").split(" ")).split(
@ -69,7 +69,7 @@ def authorize():
return redirect(url_for("core.auth.login"))
if not user.can_use_oidc:
abort(400)
abort(403, "User does not have the permission to achieve OIDC authentication.")
# CONSENT

2
tests/oidc/test_authorization_code_flow.py
View file

@ -607,7 +607,7 @@ def test_authorization_code_flow_but_user_cannot_use_oidc(
res.form["password"] = "correct horse battery staple"
res = res.form.submit(status=302)
res = res.follow(status=400)
res = res.follow(status=403)
def test_prompt_none(testclient, logged_user, client):