Skip to content
This repository was archived by the owner on Jun 23, 2023. It is now read-only.

Commit ff3ce22

Browse files
authored
Merge pull request #145 from IdentityPython/develop
v2.2.1
2 parents 754385f + ffeaefc commit ff3ce22

33 files changed

+90
-65
lines changed

docs/source/contents/conf.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -571,7 +571,7 @@ An example::
571571
"phone_number",
572572
"phone_number_verified"
573573
],
574-
"add_claim_by_scope": true,
574+
"add_claims_by_scope": true,
575575
"aud": ["https://example.org/appl"]
576576
}
577577
},

example/flask_op/config.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -311,7 +311,7 @@
311311
"phone_number",
312312
"phone_number_verified"
313313
],
314-
"add_claim_by_scope": true,
314+
"add_claims_by_scope": true,
315315
"aud": [
316316
"https://example.org/appl"
317317
]

example/flask_op/config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ op:
8888
- email_verified
8989
- phone_number
9090
- phone_number_verified
91-
add_claim_by_scope: True
91+
add_claims_by_scope: True
9292
aud:
9393
- https://example.org/appl
9494
refresh:

src/oidcop/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import secrets
22

3-
__version__ = "2.2.0"
3+
__version__ = "2.2.1"
44

55
DEF_SIGN_ALG = {
66
"id_token": "RS256",

src/oidcop/configure.py

Lines changed: 34 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@
1313
from oidcop.scopes import SCOPE2CLAIMS
1414
from oidcop.utils import load_yaml_config
1515

16+
logger = logging.getLogger(__name__)
17+
18+
1619
DEFAULT_FILE_ATTRIBUTE_NAMES = [
1720
"server_key",
1821
"server_cert",
@@ -84,7 +87,8 @@
8487

8588
AS_DEFAULT_CONFIG = copy.deepcopy(OP_DEFAULT_CONFIG)
8689
AS_DEFAULT_CONFIG["claims_interface"] = {
87-
"class": "oidcop.session.claims.OAuth2ClaimsInterface", "kwargs": {}}
90+
"class": "oidcop.session.claims.OAuth2ClaimsInterface", "kwargs": {}
91+
}
8892

8993

9094
def add_base_path(conf: Union[dict, str], base_path: str, file_attributes: List[str]):
@@ -203,12 +207,10 @@ class EntityConfiguration(Base):
203207
"httpc_params": {},
204208
"issuer": "",
205209
"keys": None,
206-
"session_key": None,
210+
"session_params": None,
207211
"template_dir": None,
208212
"token_handler_args": {},
209213
"userinfo": None,
210-
"password": None,
211-
"salt": None,
212214
}
213215

214216
def __init__(
@@ -243,6 +245,15 @@ def __init__(
243245
else:
244246
continue
245247

248+
if key not in DEFAULT_EXTENDED_CONF:
249+
logger.warning(
250+
f"{key} not seems to be a valid configuration parameter"
251+
)
252+
elif not _val:
253+
logger.warning(
254+
f"{key} not configured, using default configuration values"
255+
)
256+
246257
if key == "template_dir":
247258
_val = os.path.abspath(_val)
248259

@@ -585,4 +596,23 @@ def __init__(
585596
},
586597
},
587598
"userinfo": {"class": "oidcop.user_info.UserInfo", "kwargs": {"db_file": "users.json"}, },
599+
"scopes_to_claims": SCOPE2CLAIMS,
600+
"session_params": {
601+
"password": "ses_key",
602+
"salt": "ses_salt",
603+
"sub_func": {
604+
"public": {
605+
"class": "oidcop.session.manager.PublicID",
606+
"kwargs": {
607+
"salt": "mysalt"
608+
}
609+
},
610+
"pairwise": {
611+
"class": "oidcop.session.manager.PairWiseID",
612+
"kwargs": {
613+
"salt": "mysalt"
614+
}
615+
}
616+
}
617+
},
588618
}

tests/op_config.json

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -269,19 +269,19 @@
269269
}
270270
},
271271
"session_params": {
272-
"password": "__password_used_to_encrypt_access_token_sid_value",
273-
"salt": "salt involved in session sub hash ",
272+
"password": "ses_key",
273+
"salt": "ses_salt",
274274
"sub_func": {
275275
"public": {
276276
"class": "oidcop.session.manager.PublicID",
277277
"kwargs": {
278-
"salt": "sdfsdfdsf"
278+
"salt": "mysalt"
279279
}
280280
},
281281
"pairwise": {
282282
"class": "oidcop.session.manager.PairWiseID",
283283
"kwargs": {
284-
"salt": "sdfsdfsdf"
284+
"salt": "mysalt"
285285
}
286286
}
287287
}
@@ -325,7 +325,7 @@
325325
"phone_number",
326326
"phone_number_verified"
327327
],
328-
"add_claim_by_scope": true,
328+
"add_claims_by_scope": true,
329329
"aud": [
330330
"https://example.org/appl"
331331
]

tests/op_config_defaults.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@
133133
"kwargs": {
134134
"lifetime": 3600,
135135
"add_claims": ["email", "email_verified", "phone_number", "phone_number_verified",],
136-
"add_claim_by_scope": True,
136+
"add_claims_by_scope": True,
137137
"aud": ["https://example.org/appl"],
138138
},
139139
},

tests/srv_config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ op:
9696
- email_verified
9797
- phone_number
9898
- phone_number_verified
99-
add_claim_by_scope: True
99+
add_claims_by_scope: True
100100
aud:
101101
- https://example.org/appl
102102
refresh:

tests/test_00_configure.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,8 @@ def test_op_configure():
3737
args = dict(configuration.items())
3838
assert "add_on" in args
3939

40+
assert "session_params" in configuration
41+
4042

4143
def test_op_configure_from_file():
4244
configuration = create_from_config_file(

tests/test_00_server.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,7 @@ def full_path(local_file):
3636

3737
CONF = {
3838
"issuer": "https://example.com/",
39-
"password": "mycket hemligt",
40-
"verify_ssl": False,
39+
"httpc_params": {"verify": False, "timeout": 1},
4140
"capabilities": {},
4241
"keys": {"uri_path": "static/jwks.json", "key_defs": KEYDEFS, "read_only": True},
4342
"endpoint": {

tests/test_01_util.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,10 @@
1212

1313
conf = {
1414
"issuer": "https://example.com/",
15-
"password": "mycket hemligt",
15+
"httpc_params": {"verify": False, "timeout": 1},
1616
"token_expires_in": 600,
1717
"grant_expires_in": 300,
1818
"refresh_token_expires_in": 86400,
19-
"verify_ssl": False,
2019
"capabilities": {},
2120
"jwks_uri": "https://example.com/jwks.json",
2221
"keys": {"private_path": "own/jwks.json", "key_defs": KEYDEFS, "uri_path": "static/jwks.json",},

tests/test_02_client_authn.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,10 @@
3636

3737
CONF = {
3838
"issuer": "https://example.com/",
39-
"password": "mycket hemligt",
4039
"grant_expires_in": 300,
41-
"verify_ssl": False,
40+
"httpc_params": {
41+
"verify": False
42+
},
4243
"endpoint": {
4344
"token": {
4445
"path": "token",

tests/test_05_id_token.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,7 @@ def full_path(local_file):
6464

6565
conf = {
6666
"issuer": "https://example.com/",
67-
"password": "mycket hemligt",
68-
"verify_ssl": False,
67+
"httpc_params": {"verify": False, "timeout": 1},
6968
"keys": {"key_defs": KEYDEFS, "uri_path": "static/jwks.json"},
7069
"token_handler_args": {
7170
"jwks_def": {

tests/test_05_jwt_token.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,8 +99,7 @@ class TestEndpoint(object):
9999
def create_endpoint(self):
100100
conf = {
101101
"issuer": ISSUER,
102-
"password": "mycket hemligt",
103-
"verify_ssl": False,
102+
"httpc_params": {"verify": False, "timeout": 1},
104103
"capabilities": CAPABILITIES,
105104
"keys": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
106105
"token_handler_args": {

tests/test_06_session_manager.py

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,10 @@ class TestSessionManager:
3737
def create_session_manager(self):
3838
conf = {
3939
"issuer": "https://example.com/",
40-
"password": "mycket hemligt",
40+
"httpc_params": {"verify": False, "timeout": 1},
4141
"token_expires_in": 600,
4242
"grant_expires_in": 300,
4343
"refresh_token_expires_in": 86400,
44-
"verify_ssl": False,
4544
"keys": {"key_defs": KEYDEFS, "uri_path": "static/jwks.json"},
4645
"jwks_uri": "https://example.com/jwks.json",
4746
"token_handler_args": {
@@ -56,7 +55,7 @@ def create_session_manager(self):
5655
"kwargs": {
5756
"lifetime": 3600,
5857
"add_claims": True,
59-
"add_claim_by_scope": True,
58+
"add_claims_by_scope": True,
6059
"aud": ["https://example.org/appl"],
6160
},
6261
},
@@ -73,6 +72,10 @@ def create_session_manager(self):
7372
},
7473
"token_endpoint": {"path": "{}/token", "class": Token, "kwargs": {}},
7574
},
75+
"session_params": {
76+
"password": "ses_key",
77+
"salt": "ses_salt"
78+
},
7679
"template_dir": "template",
7780
"claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}},
7881
"userinfo": {
@@ -104,6 +107,11 @@ def _create_session(self, auth_req, sub_type="public", sector_identifier=""):
104107
ae, authz_req, USER_ID, client_id=client_id, sub_type=sub_type
105108
)
106109

110+
def test_session_manager_salt_key(self):
111+
sman = self.session_manager
112+
assert sman.key == "ses_key"
113+
assert sman.salt == "ses_salt"
114+
107115
@pytest.mark.parametrize(
108116
"sub_type, sector_identifier",
109117
[("pairwise", "https://all.example.com"), ("public", ""), ("ephemeral", "")],

tests/test_08_session_life.py

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -30,11 +30,10 @@ def setup_token_handler(self):
3030
password = "The longer the better. Is this close to enough ?"
3131
conf = {
3232
"issuer": "https://example.com/",
33-
"password": "mycket hemligt",
33+
"httpc_params": {"verify": False, "timeout": 1},
3434
"token_expires_in": 600,
3535
"grant_expires_in": 300,
3636
"refresh_token_expires_in": 86400,
37-
"verify_ssl": False,
3837
"keys": {"key_defs": KEYDEFS, "uri_path": "static/jwks.json"},
3938
"jwks_uri": "https://example.com/jwks.json",
4039
"token_handler_args": {
@@ -249,11 +248,10 @@ class TestSessionJWTToken:
249248
def setup_session_manager(self):
250249
conf = {
251250
"issuer": ISSUER,
252-
"password": "mycket hemligt",
251+
"httpc_params": {"verify": False, "timeout": 1},
253252
"token_expires_in": 600,
254253
"grant_expires_in": 300,
255254
"refresh_token_expires_in": 86400,
256-
"verify_ssl": False,
257255
"capabilities": CAPABILITIES,
258256
"keys": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
259257
"token_handler_args": {
@@ -269,7 +267,7 @@ def setup_session_manager(self):
269267
"phone_number",
270268
"phone_number_verified",
271269
],
272-
"add_claim_by_scope": True,
270+
"add_claims_by_scope": True,
273271
"aud": ["https://example.org/appl"],
274272
},
275273
},

tests/test_09_cookie_handler.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -249,7 +249,7 @@ def test_compute_session_state():
249249
#
250250
# conf = {
251251
# "issuer": "https://example.com/",
252-
# "password": "mycket hemligt",
252+
# "httpc_params": {"verify": False, "timeout": 1},
253253
# "token_expires_in": 600,
254254
# "grant_expires_in": 300,
255255
# "refresh_token_expires_in": 86400,

tests/test_12_user_authn.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,8 @@ class TestUserAuthn(object):
3030
def create_endpoint_context(self):
3131
conf = {
3232
"issuer": "https://example.com/",
33-
"password": "mycket hemligt",
33+
"httpc_params": {"verify": False, "timeout": 1},
3434
"grant_expires_in": 300,
35-
"verify_ssl": False,
3635
"endpoint": {
3736
"authorization": {
3837
"path": "{}/authorization",

tests/test_20_endpoint.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,11 +43,10 @@ class TestEndpoint(object):
4343
def create_endpoint(self):
4444
conf = {
4545
"issuer": "https://example.com/",
46-
"password": "mycket hemligt",
46+
"httpc_params": {"verify": False, "timeout": 1},
4747
"token_expires_in": 600,
4848
"grant_expires_in": 300,
4949
"refresh_token_expires_in": 86400,
50-
"verify_ssl": False,
5150
"endpoint": {"endpoint": {"path": "endpoint", "class": Endpoint, "kwargs": {}},},
5251
"keys": {
5352
"public_path": "jwks.json",

tests/test_21_oidc_discovery_endpoint.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,10 @@ class TestEndpoint(object):
2121
def create_endpoint(self):
2222
conf = {
2323
"issuer": "https://example.com/",
24-
"password": "mycket hemligt",
2524
"token_expires_in": 600,
2625
"grant_expires_in": 300,
2726
"refresh_token_expires_in": 86400,
28-
"verify_ssl": False,
27+
"httpc_params": {"verify": False, "timeout": 1},
2928
"endpoint": {
3029
"webfinger": {
3130
"path": ".well-known/webfinger",

tests/test_22_oidc_provider_config_endpoint.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,9 @@ class TestEndpoint(object):
5454
def conf(self):
5555
return {
5656
"issuer": "https://example.com/",
57-
"password": "mycket hemligt",
58-
"verify_ssl": False,
57+
"httpc_params": {
58+
"verify": False
59+
},
5960
"capabilities": CAPABILITIES,
6061
"keys": {"uri_path": "static/jwks.json", "key_defs": KEYDEFS},
6162
"endpoint": {

tests/test_23_oidc_registration_endpoint.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,7 @@ class TestEndpoint(object):
7676
def create_endpoint(self):
7777
conf = {
7878
"issuer": "https://example.com/",
79-
"password": "mycket hemligt",
80-
"verify_ssl": False,
79+
"httpc_params": {"verify": False, "timeout": 1},
8180
"capabilities": {
8281
"subject_types_supported": ["public", "pairwise", "ephemeral"],
8382
"grant_types_supported": [

tests/test_24_oauth2_token_endpoint.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,8 +80,9 @@ def full_path(local_file):
8080
def conf():
8181
return {
8282
"issuer": "https://example.com/",
83-
"password": "mycket hemligt",
84-
"verify_ssl": False,
83+
"httpc_params": {
84+
"verify": False
85+
},
8586
"capabilities": CAPABILITIES,
8687
"keys": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
8788
"token_handler_args": {

tests/test_24_oidc_authorization_endpoint.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1226,11 +1226,11 @@ class TestUserAuthn(object):
12261226
def create_endpoint_context(self):
12271227
conf = {
12281228
"issuer": "https://example.com/",
1229-
"password": "mycket hemligt",
1229+
"httpc_params": {"verify": False, "timeout": 1},
12301230
"token_expires_in": 600,
12311231
"grant_expires_in": 300,
12321232
"refresh_token_expires_in": 86400,
1233-
"verify_ssl": False,
1233+
"httpc_params": {"verify": False, "timeout": 1},
12341234
"endpoint": {
12351235
"authorization": {
12361236
"path": "{}/authorization",

0 commit comments

Comments
 (0)