wip

2020-08-23 23:38:32 +02:00 · 2020-08-23 23:38:32 +02:00 · eedb578ab0
commit eedb578ab0
parent 3e453810ec
3 changed files with 31 additions and 6 deletions
--- a/tests/test_hybrid_flow.py
+++ b/tests/test_hybrid_flow.py
@ -70,8 +70,10 @@ def test_oidc_hybrid(testclient, slapd_connection, logged_user, client):

    id_token = params["id_token"][0]
    claims = jwt.decode(id_token, "secret-key")
-    assert logged_user.dn == claims['sub']
-    assert logged_user.sn == claims['name']
+    assert logged_user.uid[0] == claims['sub']
+    assert logged_user.cn[0] == claims['name']
+    assert "toto@yolo.com" == claims['email']
+    assert client.oauthClientID == claims['aud']

    res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"})
    assert 200 == res.status_code
--- a/tests/test_implicit_flow.py
+++ b/tests/test_implicit_flow.py
@ -84,8 +84,9 @@ def test_oidc_implicit(testclient, slapd_connection, user, client):

    id_token = params["id_token"][0]
    claims = jwt.decode(id_token, "secret-key")
-    assert user.dn == claims['sub']
-    assert user.sn == claims['name']
+    assert user.uid[0] == claims['sub']
+    assert user.sn[0] == claims['name']
+    assert client.oauthClientID == claims['aud']

    res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"})
    assert (200, "application/json") == (res.status_code, res.content_type)
--- a/web/oauth2utils.py
+++ b/web/oauth2utils.py
@ -31,7 +31,29 @@ def exists_nonce(nonce, req):


 def generate_user_info(user, scope):
-    return UserInfo(sub=str(user.dn), name=user.sn)
+    return UserInfo(
+        sub=user.uid[0],
+        name=user.sn[0],
+        email="toto@yolo.com",
+        phone_number=user.telephoneNumber,
+#        given_name
+#        family_name,
+#        middle_name,
+#        nickname,
+#        preferred_username,
+#        profile,
+#        picture,
+#        website,
+#        email,
+#        email_verified,
+#        gender,
+#        birthdate,
+#        zoneinfo,
+#        locale,
+#        phone_number_verified,
+#        address,
+#        updated_at,
+    )


 def save_authorization_code(code, request):
@ -144,7 +166,7 @@ def save_token(token, request):
        oauthIssueDate=now.strftime("%Y%m%d%H%M%SZ"),
        oauthTokenLifetime=str(token["expires_in"]),
        oauthScope=token["scope"],
-        oauthClientID=request.client.oauthClientID[0],
+        oauthClientID=request.client.oauthClientID,
    )
    if "refresh_token" in token:
        t.oauthRefreshToken = token["refresh_token"]