forked from Github-Mirrors/canaille
Merge branch 'issue-71-consent-larger-scope' into 'master'
Updated consents when a larger scope is required Closes #71 See merge request yaal/canaille!13
This commit is contained in:
commit
b03b81ff23
2 changed files with 70 additions and 1 deletions
|
@ -135,7 +135,7 @@ def authorize():
|
||||||
oauthScope=scopes,
|
oauthScope=scopes,
|
||||||
oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%M%SZ"),
|
oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%M%SZ"),
|
||||||
)
|
)
|
||||||
consent.save()
|
consent.save()
|
||||||
|
|
||||||
response = authorization.create_authorization_response(grant_user=grant_user)
|
response = authorization.create_authorization_response(grant_user=grant_user)
|
||||||
current_app.logger.debug(
|
current_app.logger.debug(
|
||||||
|
|
|
@ -369,6 +369,75 @@ def test_authorization_code_flow_when_consent_already_given(
|
||||||
assert "code" in params
|
assert "code" in params
|
||||||
|
|
||||||
|
|
||||||
|
def test_authorization_code_flow_when_consent_already_given_but_for_a_smaller_scope(
|
||||||
|
testclient, slapd_connection, logged_user, client
|
||||||
|
):
|
||||||
|
assert not Consent.filter(conn=slapd_connection)
|
||||||
|
|
||||||
|
res = testclient.get(
|
||||||
|
"/oauth/authorize",
|
||||||
|
params=dict(
|
||||||
|
response_type="code",
|
||||||
|
client_id=client.oauthClientID,
|
||||||
|
scope="profile",
|
||||||
|
nonce="somenonce",
|
||||||
|
),
|
||||||
|
status=200,
|
||||||
|
)
|
||||||
|
|
||||||
|
res = res.form.submit(name="answer", value="accept", status=302)
|
||||||
|
|
||||||
|
assert res.location.startswith(client.oauthRedirectURIs[0])
|
||||||
|
params = parse_qs(urlsplit(res.location).query)
|
||||||
|
code = params["code"][0]
|
||||||
|
authcode = AuthorizationCode.get(code, conn=slapd_connection)
|
||||||
|
assert authcode is not None
|
||||||
|
|
||||||
|
consents = Consent.filter(
|
||||||
|
oauthClient=client.dn, oauthSubject=logged_user.dn, conn=slapd_connection
|
||||||
|
)
|
||||||
|
assert "profile" in consents[0].oauthScope
|
||||||
|
assert "groups" not in consents[0].oauthScope
|
||||||
|
|
||||||
|
res = testclient.post(
|
||||||
|
"/oauth/token",
|
||||||
|
params=dict(
|
||||||
|
grant_type="authorization_code",
|
||||||
|
code=code,
|
||||||
|
scope="profile",
|
||||||
|
redirect_uri=client.oauthRedirectURIs[0],
|
||||||
|
),
|
||||||
|
headers={"Authorization": f"Basic {client_credentials(client)}"},
|
||||||
|
status=200,
|
||||||
|
)
|
||||||
|
assert "access_token" in res.json
|
||||||
|
|
||||||
|
res = testclient.get(
|
||||||
|
"/oauth/authorize",
|
||||||
|
params=dict(
|
||||||
|
response_type="code",
|
||||||
|
client_id=client.oauthClientID,
|
||||||
|
scope="profile groups",
|
||||||
|
nonce="somenonce",
|
||||||
|
),
|
||||||
|
status=200,
|
||||||
|
)
|
||||||
|
|
||||||
|
res = res.form.submit(name="answer", value="accept", status=302)
|
||||||
|
|
||||||
|
assert res.location.startswith(client.oauthRedirectURIs[0])
|
||||||
|
params = parse_qs(urlsplit(res.location).query)
|
||||||
|
code = params["code"][0]
|
||||||
|
authcode = AuthorizationCode.get(code, conn=slapd_connection)
|
||||||
|
assert authcode is not None
|
||||||
|
|
||||||
|
consents = Consent.filter(
|
||||||
|
oauthClient=client.dn, oauthSubject=logged_user.dn, conn=slapd_connection
|
||||||
|
)
|
||||||
|
assert "profile" in consents[0].oauthScope
|
||||||
|
assert "groups" in consents[0].oauthScope
|
||||||
|
|
||||||
|
|
||||||
def test_prompt_none(testclient, slapd_connection, logged_user, client):
|
def test_prompt_none(testclient, slapd_connection, logged_user, client):
|
||||||
Consent(
|
Consent(
|
||||||
oauthClient=client.dn,
|
oauthClient=client.dn,
|
||||||
|
|
Loading…
Reference in a new issue