Skip to content

Commit

Permalink
fix: alignments with new idpy session schema
Browse files Browse the repository at this point in the history
  • Loading branch information
@peppelinux
peppelinux committed Jan 19, 2023
1 parent 61116d3 commit 1ec778f
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 34 deletions.
7 changes: 6 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,9 +110,14 @@ Each time a request is handled by an endpoint the oidcop session manager loads t
Before you run the tests mind that you've to start a local mongod instance, e.g. with:

```
docker run --rm -e ALLOW_EMPTY_PASSWORD=yes -e MONGODB_ENABLE_JOURNAL=false -p 27017:27017 --name mongodb bitnami/mongodb:latest
sudo docker run --rm -e ALLOW_EMPTY_PASSWORD=yes -e MONGODB_ENABLE_JOURNAL=false -p 27017:27017 --name mongodb bitnami/mongodb:latest
```

If you like you can use mongo-express as a management UI over the local mongo instance:
````
sudo docker run -e ME_CONFIG_MONGODB_SERVER=$MONGOHOST-OR-DOCKER-BRIDGE-LIKE-172.17.0.1 -p 8081:8081 mongo-express
````

Then run the tests:

````
Expand Down
4 changes: 2 additions & 2 deletions satosa_oidcop/core/storage/mongo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def store_session_to_db(self, session_manager: SessionManager, claims: dict):
classname = v[0]
field_name = self.session_attr_map[classname]
if field_name == "sub":
data["client_id"] = v[1]["subordinate"][0]
data["client_id"] = list(_db.keys())[1].split(";")[-1]
data[field_name] = _db[list(_db.keys())[2]][1]['sub']
elif field_name == "client_id":
data["grant_id"] = v[1]["subordinate"][0]
Expand Down Expand Up @@ -169,7 +169,7 @@ def insert_client(self, client_data: dict):
self._connect()
client_id = _client_data["client_id"]
if self.get_client_by_id(client_id):
logger.warning(
logger.debug(
f"OIDC Client {client_id} already present in the client db")
return
self.client_db.insert_one(_client_data)
Expand Down
21 changes: 13 additions & 8 deletions satosa_oidcop/idpy_oidcop.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,9 @@ def _parse_request(
"""
http_headers = http_headers or self._get_http_headers(context)
try:
parse_req = endpoint.parse_request(context.request, http_info=http_headers)
parse_req = endpoint.parse_request(
context.request, http_info=http_headers
)
except (InvalidClient, UnknownClient, UnAuthorizedClient) as err:
logger.error(err)
response = JsonResponse(
Expand Down Expand Up @@ -343,8 +345,7 @@ def token_endpoint(self, context: ExtendedContext):

ec = endpoint.server_get("endpoint_context")
self._load_claims(ec)
proc_req = self._process_request(
endpoint, context, parse_req, http_headers)
proc_req = self._process_request(endpoint, context, parse_req, http_headers)
# flush as soon as possible, otherwise in case of an exception it would be
# stored in the object ... until a next .load would happen ...
ec.userinfo.flush()
Expand Down Expand Up @@ -375,9 +376,9 @@ def userinfo_endpoint(self, context: ExtendedContext):

# everything depends by bearer access token here
self._load_session({}, endpoint, http_headers)

parse_req = self._parse_request(
endpoint, context, http_headers=http_headers)
endpoint, context, http_headers=http_headers
)

ec = endpoint.server_get("endpoint_context")
self._load_claims(ec)
Expand Down Expand Up @@ -409,13 +410,17 @@ def _load_claims(self, endpoint_context):
claims = {}
sman = endpoint_context.session_manager
for k, v in sman.dump()["db"].items():
if v[0] == "oidcop.session.grant.Grant":
if v[0] == "idpyoidc.server.session.grant.Grant":
sid = k
claims = self.app.storage.get_claims_from_sid(sid)
break
else: # pragma: no cover
logger.warning(
"Can't find any suitable sid/claims from stored session")
continue

if not claims:
logger.warning(
"Can't find any suitable sid/claims from stored session"
)

# That's a patchy runtime definition of userinfo db configuration
endpoint_context.userinfo.load(claims)
Expand Down
28 changes: 5 additions & 23 deletions tests/test_oidcop.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,13 +171,7 @@
"client_authn_method": None,
"request_object_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"A192KW",
"A256KW",
"ECDH-ES",
"ECDH-ES+A128KW",
"ECDH-ES+A192KW",
"ECDH-ES+A256KW"
"RSA-OAEP-256"
],
"request_parameter_supported": True,
"request_uri_parameter_supported": True,
Expand Down Expand Up @@ -214,13 +208,7 @@
],
"userinfo_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"A192KW",
"A256KW",
"ECDH-ES",
"ECDH-ES+A128KW",
"ECDH-ES+A192KW",
"ECDH-ES+A256KW"
"RSA-OAEP-256"
],
"userinfo_signing_alg_values_supported": [
"RS256",
Expand Down Expand Up @@ -332,13 +320,7 @@
"kwargs": {
"id_token_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"A192KW",
"A256KW",
"ECDH-ES",
"ECDH-ES+A128KW",
"ECDH-ES+A192KW",
"ECDH-ES+A256KW"
"RSA-OAEP-256"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
Expand All @@ -356,7 +338,6 @@
]
}
},
"jwks_file": "data/oidc_op/private/token_jwks.json",
"refresh": {
"kwargs": {
"lifetime": 86400
Expand Down Expand Up @@ -552,7 +533,7 @@ def test_handle_authn_response_authcode_flow(self, context, frontend, authn_req)
basic_auth = urlsafe_b64encode(credentials.encode("utf-8")).decode("utf-8")
_basic_auth = f"Basic {basic_auth}"
context.request_authorization = _basic_auth

# cleanup
self.clean_inmemory(frontend)

Expand All @@ -567,6 +548,7 @@ def test_handle_authn_response_authcode_flow(self, context, frontend, authn_req)
# Test Token endpoint without client ID
# start new authentication first
internal_response = self.setup_for_authn_response(context, frontend, authn_req)

http_resp = frontend.handle_authn_response(context, internal_response)
_res = urlparse(http_resp.message).query
resp = AuthorizationResponse().from_urlencoded(_res)
Expand Down

0 comments on commit 1ec778f

Please sign in to comment.