globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Implicit flow test

Browse source
This commit is contained in:
Éloi Rivard 2020-08-20 14:30:42 +02:00
parent 8d48e4bdd7
commit d845498832
5 changed files with 26 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tests/conftest.py
View file

@ -113,8 +113,8 @@ def client(app, slapd_connection):
oauthLogoURI="https://mydomain.tld/logo.png", oauthLogoURI="https://mydomain.tld/logo.png",
oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%S%MZ"), oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%S%MZ"),
oauthClientSecret=gen_salt(48), oauthClientSecret=gen_salt(48),
oauthGrantType=["password", "authorization_code"], oauthGrantType=["password", "authorization_code", "implicit", "hybrid"],
oauthResponseType=["code"], oauthResponseType=["code", "token", "id_token"],
oauthScope=["openid", "profile"], oauthScope=["openid", "profile"],
oauthTermsOfServiceURI="https://mydomain.tld/tos", oauthTermsOfServiceURI="https://mydomain.tld/tos",
oauthPolicyURI="https://mydomain.tld/policy", oauthPolicyURI="https://mydomain.tld/policy",

2
tests/test_password_flow.py
View file

@ -15,7 +15,7 @@ def test_success(testclient, slapd_connection, user, client):
) )
assert 200 == res.status_code assert 200 == res.status_code
assert res.json["scope"] == ["openid", "profile"] assert res.json["scope"] == "openid profile"
assert res.json["token_type"] == "Bearer" assert res.json["token_type"] == "Bearer"
access_token = res.json["access_token"] access_token = res.json["access_token"]

4
web/clients.py
View file

@ -46,6 +46,8 @@ class ClientAdd(FlaskForm):
choices=[ choices=[
("password", "password"), ("password", "password"),
("authorization_code", "authorization_code"), ("authorization_code", "authorization_code"),
("implicit", "implicit"),
("hybrid", "hybrid"),
], ],
default=["authorization_code"], default=["authorization_code"],
) )
@ -58,7 +60,7 @@ class ClientAdd(FlaskForm):
oauthResponseType = wtforms.SelectMultipleField( oauthResponseType = wtforms.SelectMultipleField(
gettext("Response types"), gettext("Response types"),
validators=[wtforms.validators.DataRequired()], validators=[wtforms.validators.DataRequired()],
choices=[("code", "code")], choices=[("code", "code"), ("token", "token"), ("id_token", "id_token")],
default=["code"], default=["code"],
) )
oauthTokenEndpointAuthMethod = wtforms.SelectField( oauthTokenEndpointAuthMethod = wtforms.SelectField(

3
web/models.py
View file

@ -6,6 +6,7 @@ from authlib.oauth2.rfc6749 import (
ClientMixin, ClientMixin,
TokenMixin, TokenMixin,
AuthorizationCodeMixin, AuthorizationCodeMixin,
util,
) )
from flask import current_app, session from flask import current_app, session
from .ldaputils import LDAPObjectHelper from .ldaputils import LDAPObjectHelper
@ -73,7 +74,7 @@ class Client(LDAPObjectHelper, ClientMixin):
return self.oauthRedirectURIs[0] return self.oauthRedirectURIs[0]
def get_allowed_scope(self, scope): def get_allowed_scope(self, scope):
return self.oauthScope return util.list_to_scope(self.oauthScope)
def check_redirect_uri(self, redirect_uri): def check_redirect_uri(self, redirect_uri):
return redirect_uri in self.oauthRedirectURIs return redirect_uri in self.oauthRedirectURIs

26
web/oauth2utils.py
View file

@ -4,6 +4,8 @@ from authlib.oauth2.rfc6749.grants import (
AuthorizationCodeGrant as _AuthorizationCodeGrant, AuthorizationCodeGrant as _AuthorizationCodeGrant,
ResourceOwnerPasswordCredentialsGrant as _ResourceOwnerPasswordCredentialsGrant, ResourceOwnerPasswordCredentialsGrant as _ResourceOwnerPasswordCredentialsGrant,
RefreshTokenGrant as _RefreshTokenGrant, RefreshTokenGrant as _RefreshTokenGrant,
ImplicitGrant,
ClientCredentialsGrant,
) )
from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator
from authlib.oidc.core.grants import ( from authlib.oidc.core.grants import (
@ -79,9 +81,7 @@ class OpenIDCode(_OpenIDCode):
class PasswordGrant(_ResourceOwnerPasswordCredentialsGrant): class PasswordGrant(_ResourceOwnerPasswordCredentialsGrant):
def authenticate_user(self, username, password): def authenticate_user(self, username, password):
user = User.get(username) return User.login(username, password)
if user is not None and user.check_password(password):
return user
class RefreshTokenGrant(_RefreshTokenGrant): class RefreshTokenGrant(_RefreshTokenGrant):
@ -100,28 +100,35 @@ class RefreshTokenGrant(_RefreshTokenGrant):
credential.revoked = True credential.revoked = True
class ImplicitGrant(_OpenIDImplicitGrant): class OpenIDImplicitGrant(_OpenIDImplicitGrant):
def exists_nonce(self, nonce, request): def exists_nonce(self, nonce, request):
raise NotImplementedError()
return exists_nonce(nonce, request) return exists_nonce(nonce, request)
def get_jwt_config(self, grant): def get_jwt_config(self, grant):
raise NotImplementedError()
return DUMMY_JWT_CONFIG return DUMMY_JWT_CONFIG
def generate_user_info(self, user, scope): def generate_user_info(self, user, scope):
raise NotImplementedError()
return generate_user_info(user, scope) return generate_user_info(user, scope)
class HybridGrant(_OpenIDHybridGrant): class OpenIDHybridGrant(_OpenIDHybridGrant):
def save_authorization_code(self, code, request): def save_authorization_code(self, code, request):
raise NotImplementedError()
return save_authorization_code(code, request) return save_authorization_code(code, request)
def exists_nonce(self, nonce, request): def exists_nonce(self, nonce, request):
raise NotImplementedError()
return exists_nonce(nonce, request) return exists_nonce(nonce, request)
def get_jwt_config(self): def get_jwt_config(self):
raise NotImplementedError()
return DUMMY_JWT_CONFIG return DUMMY_JWT_CONFIG
def generate_user_info(self, user, scope): def generate_user_info(self, user, scope):
raise NotImplementedError()
return generate_user_info(user, scope) return generate_user_info(user, scope)
@ -162,11 +169,14 @@ require_oauth = ResourceProtector()
def config_oauth(app): def config_oauth(app):
authorization.init_app(app, query_client=query_client, save_token=save_token) authorization.init_app(app, query_client=query_client, save_token=save_token)
authorization.register_grant(PasswordGrant)
authorization.register_grant(ImplicitGrant)
authorization.register_grant(ClientCredentialsGrant)
authorization.register_grant( authorization.register_grant(
AuthorizationCodeGrant, [OpenIDCode(require_nonce=True)] AuthorizationCodeGrant, [OpenIDCode(require_nonce=True)]
) )
authorization.register_grant(ImplicitGrant) authorization.register_grant(OpenIDImplicitGrant)
authorization.register_grant(HybridGrant) authorization.register_grant(OpenIDHybridGrant)
authorization.register_grant(PasswordGrant)
require_oauth.register_token_validator(BearerTokenValidator()) require_oauth.register_token_validator(BearerTokenValidator())