globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Explicitely set Consent cn

Browse source
This commit is contained in:
Éloi Rivard 2023-01-23 18:55:27 +01:00
parent 4f23dd07df
commit c470e7f134
4 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
canaille/oidc/endpoints.py
View file

@ -1,4 +1,5 @@
import datetime import datetime
import uuid
from authlib.integrations.flask_oauth2 import current_token from authlib.integrations.flask_oauth2 import current_token
from authlib.jose import JsonWebKey from authlib.jose import JsonWebKey
@ -141,6 +142,7 @@ def authorize():
).split(" ") ).split(" ")
else: else:
consent = Consent( consent = Consent(
cn=str(uuid.uuid4()),
client=client.dn, client=client.dn,
subject=user.dn, subject=user.dn,
scope=scopes, scope=scopes,

7
canaille/oidc/models.py
View file

@ -1,5 +1,4 @@
import datetime import datetime
import uuid
from authlib.oauth2.rfc6749 import AuthorizationCodeMixin from authlib.oauth2.rfc6749 import AuthorizationCodeMixin
from authlib.oauth2.rfc6749 import ClientMixin from authlib.oauth2.rfc6749 import ClientMixin
@ -209,12 +208,6 @@ class Consent(LDAPObject):
"revokation_date": "oauthRevokationDate", "revokation_date": "oauthRevokationDate",
} }
def __init__(self, *args, **kwargs):
if "cn" not in kwargs:
kwargs["cn"] = str(uuid.uuid4())
super().__init__(*args, **kwargs)
def revoke(self): def revoke(self):
self.revokation_date = datetime.datetime.now() self.revokation_date = datetime.datetime.now()
self.save() self.save()

2
tests/oidc/conftest.py
View file

@ -1,5 +1,6 @@
import datetime import datetime
import os import os
import uuid
import pytest import pytest
from authlib.oidc.core.grants.util import generate_id_token from authlib.oidc.core.grants.util import generate_id_token
@ -205,6 +206,7 @@ def id_token(testclient, client, user, slapd_connection):
@pytest.fixture @pytest.fixture
def consent(testclient, client, user, slapd_connection): def consent(testclient, client, user, slapd_connection):
t = Consent( t = Consent(
cn=str(uuid.uuid4()),
client=client.dn, client=client.dn,
subject=user.dn, subject=user.dn,
scope=["openid", "profile"], scope=["openid", "profile"],

3
tests/oidc/test_authorization_code_flow.py
View file

@ -1,3 +1,4 @@
import uuid
from urllib.parse import parse_qs from urllib.parse import parse_qs
from urllib.parse import urlsplit from urllib.parse import urlsplit
@ -604,6 +605,7 @@ def test_authorization_code_flow_but_user_cannot_use_oidc(
def test_prompt_none(testclient, logged_user, client): def test_prompt_none(testclient, logged_user, client):
consent = Consent( consent = Consent(
cn=str(uuid.uuid4()),
client=client.dn, client=client.dn,
subject=logged_user.dn, subject=logged_user.dn,
scope=["openid", "profile"], scope=["openid", "profile"],
@ -630,6 +632,7 @@ def test_prompt_none(testclient, logged_user, client):
def test_prompt_not_logged(testclient, user, client): def test_prompt_not_logged(testclient, user, client):
consent = Consent( consent = Consent(
cn=str(uuid.uuid4()),
client=client.dn, client=client.dn,
subject=user.dn, subject=user.dn,
scope=["openid", "profile"], scope=["openid", "profile"],