From 90024ac2e635135e1177e2c251e28d43a99014fe Mon Sep 17 00:00:00 2001 From: Christophe Henry Date: Tue, 15 Feb 2022 15:56:39 +0100 Subject: [PATCH] Bump PyJWT --- .pre-commit-config.yaml | 1 - aidants_connect_web/tests/test_views/test_FC_as_FS.py | 8 ++++---- aidants_connect_web/tests/test_views/test_id_provider.py | 9 +++++++-- aidants_connect_web/views/FC_as_FS.py | 2 +- aidants_connect_web/views/id_provider.py | 9 +++++++-- requirements.txt | 2 +- 6 files changed, 20 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 986ac7e2c..3353e1a94 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,4 +17,3 @@ repos: rev: 5.6.4 hooks: - id: isort - args: ["--check"] diff --git a/aidants_connect_web/tests/test_views/test_FC_as_FS.py b/aidants_connect_web/tests/test_views/test_FC_as_FS.py index 0a8659411..d291c1966 100644 --- a/aidants_connect_web/tests/test_views/test_FC_as_FS.py +++ b/aidants_connect_web/tests/test_views/test_FC_as_FS.py @@ -182,12 +182,12 @@ def test_request_existing_user_redirects_to_recap( self.assertEqual(connection.access_token, "test_access_token") url = ( - "https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?id_token_hint=b'e" + "https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?id_token_hint=e" "yJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIyMTEyODY0MzNlMzljY2UwMWRi" "NDQ4ZDgwMTgxYmRmZDAwNTU1NGIxOWNkNTFiM2ZlNzk0M2Y2YjNiODZhYjZlIiwiZXhwIjox" "NTQ3NDM2MDk0LjAsImlhdCI6MTU0NzQzNDg5NC4wLCJpc3MiOiJodHRwOi8vZnJhbmNlY29u" "bmVjdC5nb3V2LmZyIiwic3ViIjoiMTIzIiwibm9uY2UiOiJ0ZXN0X25vbmNlIn0.QGb2uhgG" - "wXvKaVT8FXwOzSObtuLrBRKigd7DVJwUG5s'&state=test_state" + "wXvKaVT8FXwOzSObtuLrBRKigd7DVJwUG5s&state=test_state" "&post_logout_redirect_uri=http://localhost:3000/logout-callback" ) self.assertRedirects(response, url, fetch_redirect_response=False) @@ -256,13 +256,13 @@ def test_request_new_user_redirects_to_recap(self, mock_get_user_info, mock_post self.assertEqual(connection.usager.given_name, "Joséphine") url = ( - "https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?id_token_hint=b'ey" + "https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?id_token_hint=ey" "J0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIyMTEyODY0MzNlMzljY2UwMWRiND" "Q4ZDgwMTgxYmRmZDAwNTU1NGIxOWNkNTFiM2ZlNzk0M2Y2YjNiODZhYjZlIiwiZXhwIjoxNTQ" "3NDM2MDk0LjAsImlhdCI6MTU0NzQzNDg5NC4wLCJpc3MiOiJodHRwOi8vZnJhbmNlY29ubmVj" "dC5nb3V2LmZyIiwic3ViIjoiOWI3NTQ3ODI3MDVjNTVlYmZlMTAzNzFjOTA5ZjYyZTczYTNlM" "DlmYjU2NmZjNWQyMzA0MGEyOWZhZTRlMGViYiIsIm5vbmNlIjoidGVzdF9ub25jZSJ9.J8048" - "J_B5MgwQkLzX28yXTDFPB4mTeoyUGW9RSW5YZ4'&state=test_state&post_logout_redi" + "J_B5MgwQkLzX28yXTDFPB4mTeoyUGW9RSW5YZ4&state=test_state&post_logout_redi" "rect_uri=http://localhost:3000/logout-callback" ) self.assertRedirects(response, url, fetch_redirect_response=False) diff --git a/aidants_connect_web/tests/test_views/test_id_provider.py b/aidants_connect_web/tests/test_views/test_id_provider.py index 7385ca1c9..454853a21 100644 --- a/aidants_connect_web/tests/test_views/test_id_provider.py +++ b/aidants_connect_web/tests/test_views/test_id_provider.py @@ -1,5 +1,6 @@ import json from datetime import date, datetime, timedelta +from unittest import mock from django.conf import settings from django.contrib.auth.hashers import make_password @@ -429,7 +430,11 @@ def test_token_url_triggers_token_view(self): date = datetime(2012, 1, 14, 3, 20, 34, 0, tzinfo=pytz_timezone("Europe/Paris")) @freeze_time(date) - def test_correct_info_triggers_200(self): + @mock.patch( + "aidants_connect_web.views.id_provider.get_random_string", + return_value="5ieq7Bg173y99tT6MA", + ) + def test_correct_info_triggers_200(self, _): response = self.client.post("/token/", self.fc_request) @@ -447,7 +452,7 @@ def test_correct_info_triggers_200(self): "dF9pZCIsImV4cCI6MTMyNjUxMDk5NCwiaWF0IjoxMzI2NTEwNjk0LCJpc3MiOiJsb2NhbGhvc" "3QiLCJzdWIiOiJhdmFsaWRzdWI3ODkiLCJub25jZSI6ImF2YWxpZG5vbmNlNDU2In0.a7nbGA" "-Ib9I1HaMb5iC9s4fDP1ZbIXUJpU-YbdYFcWA", - "refresh_token": "5ieq7Bg173y99tT6MA", + "refresh_token": "5ieq7bg173y99tt6ma", "token_type": "Bearer", } diff --git a/aidants_connect_web/views/FC_as_FS.py b/aidants_connect_web/views/FC_as_FS.py index 4975e5b39..7628ef164 100644 --- a/aidants_connect_web/views/FC_as_FS.py +++ b/aidants_connect_web/views/FC_as_FS.py @@ -127,7 +127,7 @@ def fc_error(log_msg): fc_id_token, settings.FC_AS_FS_SECRET, audience=settings.FC_AS_FS_ID, - algorithm="HS256", + algorithms=["HS256"], ) except ExpiredSignatureError: return fc_error("403: token signature has expired.") diff --git a/aidants_connect_web/views/id_provider.py b/aidants_connect_web/views/id_provider.py index 03c297a9b..220a32418 100644 --- a/aidants_connect_web/views/id_provider.py +++ b/aidants_connect_web/views/id_provider.py @@ -18,6 +18,7 @@ ) from django.shortcuts import redirect, render from django.urls import reverse +from django.utils.crypto import get_random_string from django.views.decorators.csrf import csrf_exempt import jwt @@ -237,6 +238,10 @@ def fi_select_demarche(request): ) +def _mock_refresh_token(): + return get_random_string(18).lower() + + # Due to `no_referer` error # https://docs.djangoproject.com/en/dev/ref/csrf/#django.views.decorators.csrf.csrf_exempt @csrf_exempt @@ -308,8 +313,8 @@ def token(request): response = { "access_token": access_token, "expires_in": 3600, - "id_token": encoded_id_token.decode("utf-8"), - "refresh_token": "5ieq7Bg173y99tT6MA", + "id_token": encoded_id_token, + "refresh_token": _mock_refresh_token(), "token_type": "Bearer", } diff --git a/requirements.txt b/requirements.txt index ec5331e7d..eb893fe44 100644 --- a/requirements.txt +++ b/requirements.txt @@ -30,7 +30,7 @@ mock==4.0.3 Pillow==9.0.1 psycopg2-binary==2.9.3 ptpython==3.0.20 -PyJWT==1.7.1 +PyJWT==2.3.0 python-dotenv==0.13.0 pytz==2021.3 qrcode==7.3.1