From 93b47c7fdb531a463ea4a5f43d36d9ffc8e1aec1 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Tue, 20 Nov 2018 10:20:59 +0100 Subject: Import OIDC main classes identically than OAuth2 import oauthlib.oauth2.Server must be replaced with oauthlib.openid.Server --- oauthlib/openid/__init__.py | 9 +++++++++ oauthlib/openid/connect/core/endpoints/__init__.py | 11 +++++++++++ 2 files changed, 20 insertions(+) diff --git a/oauthlib/openid/__init__.py b/oauthlib/openid/__init__.py index e69de29..03f0fa2 100644 --- a/oauthlib/openid/__init__.py +++ b/oauthlib/openid/__init__.py @@ -0,0 +1,9 @@ +# -*- coding: utf-8 -*- +""" +oauthlib.openid +~~~~~~~~~~~~~~ + +""" +from __future__ import absolute_import, unicode_literals + +from .connect.core.endpoints import Server diff --git a/oauthlib/openid/connect/core/endpoints/__init__.py b/oauthlib/openid/connect/core/endpoints/__init__.py index e69de29..719f883 100644 --- a/oauthlib/openid/connect/core/endpoints/__init__.py +++ b/oauthlib/openid/connect/core/endpoints/__init__.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +""" +oauthlib.oopenid.core +~~~~~~~~~~~~~~~~~~~~~~~ + +This module is an implementation of various logic needed +for consuming and providing OpenID Connect +""" +from __future__ import absolute_import, unicode_literals + +from .pre_configured import Server -- cgit v1.2.1 From 2a2e48a67105d99c8faad804650cf7a5c47a4ec4 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Tue, 20 Nov 2018 10:23:54 +0100 Subject: Replaced distinct classes by a more unified one. "default_grant" and "oidc_grant" must be two generic attributes of OpenID Connect Dispatcher. We should not leave each Dispatcher implementation have this own attributes names. --- .../connect/core/endpoints/pre_configured.py | 6 +-- .../openid/connect/core/grant_types/dispatchers.py | 49 ++++++++++++---------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/oauthlib/openid/connect/core/endpoints/pre_configured.py b/oauthlib/openid/connect/core/endpoints/pre_configured.py index 04bd628..9cf30db 100644 --- a/oauthlib/openid/connect/core/endpoints/pre_configured.py +++ b/oauthlib/openid/connect/core/endpoints/pre_configured.py @@ -72,8 +72,8 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint, jwt = JWTToken(request_validator, token_generator, token_expires_in, refresh_token_generator) - auth_grant_choice = AuthorizationCodeGrantDispatcher(default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth) - implicit_grant_choice = ImplicitTokenGrantDispatcher(default_implicit_grant=implicit_grant, oidc_implicit_grant=openid_connect_implicit) + auth_grant_choice = AuthorizationCodeGrantDispatcher(default_grant=auth_grant, oidc_grant=openid_connect_auth) + implicit_grant_choice = ImplicitTokenGrantDispatcher(default_grant=implicit_grant, oidc_grant=openid_connect_implicit) # See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations # internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination @@ -90,7 +90,7 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint, }, default_token_type=bearer) - token_grant_choice = AuthorizationTokenGrantDispatcher(request_validator, default_token_grant=auth_grant, oidc_token_grant=openid_connect_auth) + token_grant_choice = AuthorizationTokenGrantDispatcher(request_validator, default_grant=auth_grant, oidc_grant=openid_connect_auth) TokenEndpoint.__init__(self, default_grant_type='authorization_code', grant_types={ diff --git a/oauthlib/openid/connect/core/grant_types/dispatchers.py b/oauthlib/openid/connect/core/grant_types/dispatchers.py index 2c33406..be8e2f3 100644 --- a/oauthlib/openid/connect/core/grant_types/dispatchers.py +++ b/oauthlib/openid/connect/core/grant_types/dispatchers.py @@ -2,20 +2,25 @@ import logging log = logging.getLogger(__name__) -class AuthorizationCodeGrantDispatcher(object): +class Dispatcher(object): + default_grant = None + oidc_grant = None + + +class AuthorizationCodeGrantDispatcher(Dispatcher): """ This is an adapter class that will route simple Authorization Code requests, those that have response_type=code and a scope - including 'openid' to either the default_auth_grant or the oidc_auth_grant based on the scopes requested. + including 'openid' to either the default_grant or the oidc_grant based on the scopes requested. """ - def __init__(self, default_auth_grant=None, oidc_auth_grant=None): - self.default_auth_grant = default_auth_grant - self.oidc_auth_grant = oidc_auth_grant + def __init__(self, default_grant=None, oidc_grant=None): + self.default_grant = default_grant + self.oidc_grant = oidc_grant def _handler_for_request(self, request): - handler = self.default_auth_grant + handler = self.default_grant if request.scopes and "openid" in request.scopes: - handler = self.oidc_auth_grant + handler = self.oidc_grant log.debug('Selecting handler for request %r.', handler) return handler @@ -27,20 +32,20 @@ class AuthorizationCodeGrantDispatcher(object): return self._handler_for_request(request).validate_authorization_request(request) -class ImplicitTokenGrantDispatcher(object): +class ImplicitTokenGrantDispatcher(Dispatcher): """ This is an adapter class that will route simple Authorization Code requests, those that have response_type=code and a scope - including 'openid' to either the default_auth_grant or the oidc_auth_grant based on the scopes requested. + including 'openid' to either the default_grant or the oidc_grant based on the scopes requested. """ - def __init__(self, default_implicit_grant=None, oidc_implicit_grant=None): - self.default_implicit_grant = default_implicit_grant - self.oidc_implicit_grant = oidc_implicit_grant + def __init__(self, default_grant=None, oidc_grant=None): + self.default_grant = default_grant + self.oidc_grant = oidc_grant def _handler_for_request(self, request): - handler = self.default_implicit_grant + handler = self.default_grant if request.scopes and "openid" in request.scopes and 'id_token' in request.response_type: - handler = self.oidc_implicit_grant + handler = self.oidc_grant log.debug('Selecting handler for request %r.', handler) return handler @@ -52,31 +57,31 @@ class ImplicitTokenGrantDispatcher(object): return self._handler_for_request(request).validate_authorization_request(request) -class AuthorizationTokenGrantDispatcher(object): +class AuthorizationTokenGrantDispatcher(Dispatcher): """ This is an adapter class that will route simple Token requests, those that authorization_code have a scope - including 'openid' to either the default_token_grant or the oidc_token_grant based on the scopes requested. + including 'openid' to either the default_grant or the oidc_grant based on the scopes requested. """ - def __init__(self, request_validator, default_token_grant=None, oidc_token_grant=None): - self.default_token_grant = default_token_grant - self.oidc_token_grant = oidc_token_grant + def __init__(self, request_validator, default_grant=None, oidc_grant=None): + self.default_grant = default_grant + self.oidc_grant = oidc_grant self.request_validator = request_validator def _handler_for_request(self, request): - handler = self.default_token_grant + handler = self.default_grant scopes = () parameters = dict(request.decoded_body) client_id = parameters.get('client_id', None) code = parameters.get('code', None) redirect_uri = parameters.get('redirect_uri', None) - # If code is not pressent fallback to `default_token_grant` wich will + # If code is not pressent fallback to `default_grant` wich will # raise an error for the missing `code` in `create_token_response` step. if code: scopes = self.request_validator.get_authorization_code_scopes(client_id, code, redirect_uri, request) if 'openid' in scopes: - handler = self.oidc_token_grant + handler = self.oidc_grant log.debug('Selecting handler for request %r.', handler) return handler -- cgit v1.2.1 From 10acc015b7f9a5e166fa3a9afeed8c1b531fa026 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Tue, 20 Nov 2018 10:29:16 +0100 Subject: Fix unit tests for new Dispatch attributes names --- .../openid/connect/core/grant_types/test_dispatchers.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/openid/connect/core/grant_types/test_dispatchers.py b/tests/openid/connect/core/grant_types/test_dispatchers.py index e7dce45..9e45d65 100644 --- a/tests/openid/connect/core/grant_types/test_dispatchers.py +++ b/tests/openid/connect/core/grant_types/test_dispatchers.py @@ -28,8 +28,8 @@ class ImplicitTokenGrantDispatcherTest(TestCase): openid_connect_implicit = ImplicitGrant(request_validator) self.dispatcher = ImplicitTokenGrantDispatcher( - default_implicit_grant=implicit_grant, - oidc_implicit_grant=openid_connect_implicit + default_grant=implicit_grant, + oidc_grant=openid_connect_implicit ) def test_create_authorization_response_openid(self): @@ -76,8 +76,8 @@ class AuthTokenGrantDispatcherOpenIdTest(DispatcherTest): self.request_validator.get_authorization_code_scopes.return_value = ('hello', 'openid') self.dispatcher = AuthorizationTokenGrantDispatcher( self.request_validator, - default_token_grant=self.auth_grant, - oidc_token_grant=self.openid_connect_auth + default_grant=self.auth_grant, + oidc_grant=self.openid_connect_auth ) def test_create_token_response_openid(self): @@ -98,8 +98,8 @@ class AuthTokenGrantDispatcherOpenIdWithoutCodeTest(DispatcherTest): self.request_validator.get_authorization_code_scopes.return_value = ('hello', 'openid') self.dispatcher = AuthorizationTokenGrantDispatcher( self.request_validator, - default_token_grant=self.auth_grant, - oidc_token_grant=self.openid_connect_auth + default_grant=self.auth_grant, + oidc_grant=self.openid_connect_auth ) def test_create_token_response_openid_without_code(self): @@ -115,8 +115,8 @@ class AuthTokenGrantDispatcherOAuthTest(DispatcherTest): self.request_validator.get_authorization_code_scopes.return_value = ('hello', 'world') self.dispatcher = AuthorizationTokenGrantDispatcher( self.request_validator, - default_token_grant=self.auth_grant, - oidc_token_grant=self.openid_connect_auth + default_grant=self.auth_grant, + oidc_grant=self.openid_connect_auth ) def test_create_token_response_oauth(self): -- cgit v1.2.1