diff options
author | Jonathan Huot <JonathanHuot@users.noreply.github.com> | 2021-05-29 22:03:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-29 22:03:06 +0200 |
commit | e634ab9c6945ff9dab27c3d2577d8883aee306a5 (patch) | |
tree | 53857b442af03e5ce90f2ee7a1be03dc72026866 | |
parent | 78c4b748289e2892f78a6556c5af4b663f4a5621 (diff) | |
parent | 5c789757a2f5934964c3e96bce7f9d49f9e8de0d (diff) | |
download | oauthlib-e634ab9c6945ff9dab27c3d2577d8883aee306a5.tar.gz |
Merge pull request #760 from n2ygk/issue759/check_authz_type
Issue759/check authz type
-rw-r--r-- | oauthlib/openid/connect/core/tokens.py | 15 | ||||
-rw-r--r-- | tests/openid/connect/core/test_tokens.py | 26 |
2 files changed, 31 insertions, 10 deletions
diff --git a/oauthlib/openid/connect/core/tokens.py b/oauthlib/openid/connect/core/tokens.py index d24cb56..a312e2d 100644 --- a/oauthlib/openid/connect/core/tokens.py +++ b/oauthlib/openid/connect/core/tokens.py @@ -4,7 +4,7 @@ authlib.openid.connect.core.tokens This module contains methods for adding JWT tokens to requests. """ -from oauthlib.oauth2.rfc6749.tokens import TokenBase, random_token_generator +from oauthlib.oauth2.rfc6749.tokens import TokenBase, random_token_generator, get_token_from_header class JWTToken(TokenBase): @@ -35,17 +35,12 @@ class JWTToken(TokenBase): return self.request_validator.get_jwt_bearer_token(None, None, request) def validate_request(self, request): - token = None - if 'Authorization' in request.headers: - token = request.headers.get('Authorization')[7:] - else: - token = request.access_token + token = get_token_from_header(request) return self.request_validator.validate_jwt_bearer_token( token, request.scopes, request) def estimate_type(self, request): - token = request.headers.get('Authorization', '')[7:] - if token.startswith('ey') and token.count('.') in (2, 4): + token = get_token_from_header(request) + if token and token.startswith('ey') and token.count('.') in (2, 4): return 10 - else: - return 0 + return 0 diff --git a/tests/openid/connect/core/test_tokens.py b/tests/openid/connect/core/test_tokens.py index 5889df5..fe90142 100644 --- a/tests/openid/connect/core/test_tokens.py +++ b/tests/openid/connect/core/test_tokens.py @@ -76,6 +76,32 @@ class JWTTokenTestCase(TestCase): request.scopes, request) + def test_validate_request_token_from_headers_basic(self): + """ + Wrong kind of token (Basic) retrieved from headers. Confirm token is not parsed. + """ + + with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \ + mock.patch('oauthlib.openid.RequestValidator', + autospec=True) as RequestValidatorMock: + request_validator_mock = RequestValidatorMock() + + token = JWTToken(request_validator=request_validator_mock) + + request = RequestMock('/uri') + # Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch + # with autospec=True + request.scopes = mock.MagicMock() + request.headers = { + 'Authorization': 'Basic some-token-from-header' + } + + token.validate_request(request=request) + + request_validator_mock.validate_jwt_bearer_token.assert_called_once_with(None, + request.scopes, + request) + def test_validate_token_from_request(self): """ Token get retrieved from request object. |