From c470e7f134496c4729e23446a9b0bb32e4832a0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi.rivard@nubla.fr>
Date: Mon, 23 Jan 2023 18:55:27 +0100
Subject: [PATCH] Explicitely set Consent cn

---
 canaille/oidc/endpoints.py                 | 2 ++
 canaille/oidc/models.py                    | 7 -------
 tests/oidc/conftest.py                     | 2 ++
 tests/oidc/test_authorization_code_flow.py | 3 +++
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/canaille/oidc/endpoints.py b/canaille/oidc/endpoints.py
index 2fe7b507..395ac612 100644
--- a/canaille/oidc/endpoints.py
+++ b/canaille/oidc/endpoints.py
@@ -1,4 +1,5 @@
 import datetime
+import uuid
 
 from authlib.integrations.flask_oauth2 import current_token
 from authlib.jose import JsonWebKey
@@ -141,6 +142,7 @@ def authorize():
             ).split(" ")
         else:
             consent = Consent(
+                cn=str(uuid.uuid4()),
                 client=client.dn,
                 subject=user.dn,
                 scope=scopes,
diff --git a/canaille/oidc/models.py b/canaille/oidc/models.py
index b5174f58..ed718fb5 100644
--- a/canaille/oidc/models.py
+++ b/canaille/oidc/models.py
@@ -1,5 +1,4 @@
 import datetime
-import uuid
 
 from authlib.oauth2.rfc6749 import AuthorizationCodeMixin
 from authlib.oauth2.rfc6749 import ClientMixin
@@ -209,12 +208,6 @@ class Consent(LDAPObject):
         "revokation_date": "oauthRevokationDate",
     }
 
-    def __init__(self, *args, **kwargs):
-        if "cn" not in kwargs:
-            kwargs["cn"] = str(uuid.uuid4())
-
-        super().__init__(*args, **kwargs)
-
     def revoke(self):
         self.revokation_date = datetime.datetime.now()
         self.save()
diff --git a/tests/oidc/conftest.py b/tests/oidc/conftest.py
index ca833e77..30c07bad 100644
--- a/tests/oidc/conftest.py
+++ b/tests/oidc/conftest.py
@@ -1,5 +1,6 @@
 import datetime
 import os
+import uuid
 
 import pytest
 from authlib.oidc.core.grants.util import generate_id_token
@@ -205,6 +206,7 @@ def id_token(testclient, client, user, slapd_connection):
 @pytest.fixture
 def consent(testclient, client, user, slapd_connection):
     t = Consent(
+        cn=str(uuid.uuid4()),
         client=client.dn,
         subject=user.dn,
         scope=["openid", "profile"],
diff --git a/tests/oidc/test_authorization_code_flow.py b/tests/oidc/test_authorization_code_flow.py
index 2b0ec81f..2d2bffb9 100644
--- a/tests/oidc/test_authorization_code_flow.py
+++ b/tests/oidc/test_authorization_code_flow.py
@@ -1,3 +1,4 @@
+import uuid
 from urllib.parse import parse_qs
 from urllib.parse import urlsplit
 
@@ -604,6 +605,7 @@ def test_authorization_code_flow_but_user_cannot_use_oidc(
 
 def test_prompt_none(testclient, logged_user, client):
     consent = Consent(
+        cn=str(uuid.uuid4()),
         client=client.dn,
         subject=logged_user.dn,
         scope=["openid", "profile"],
@@ -630,6 +632,7 @@ def test_prompt_none(testclient, logged_user, client):
 
 def test_prompt_not_logged(testclient, user, client):
     consent = Consent(
+        cn=str(uuid.uuid4()),
         client=client.dn,
         subject=user.dn,
         scope=["openid", "profile"],