Merge pull request #145 from IdentityPython/develop

v2.2.1

Author: peppelinux

docs/source/contents/conf.rst

@@ -571,7 +571,7 @@ An example::
                 "phone_number",
                 "phone_number_verified"
               ],
-              "add_claim_by_scope": true,
+              "add_claims_by_scope": true,
               "aud": ["https://example.org/appl"]
            }
         },

example/flask_op/config.json

@@ -311,7 +311,7 @@
               "phone_number",
               "phone_number_verified"
             ],
-            "add_claim_by_scope": true,
+            "add_claims_by_scope": true,
             "aud": [
               "https://example.org/appl"
             ]

example/flask_op/config.yaml

@@ -88,7 +88,7 @@ op:
           - email_verified
           - phone_number
           - phone_number_verified
-        add_claim_by_scope: True
+        add_claims_by_scope: True
         aud:
           - https://example.org/appl
       refresh:

src/oidcop/__init__.py

@@ -1,6 +1,6 @@
 import secrets
 
-__version__ = "2.2.0"
+__version__ = "2.2.1"
 
 DEF_SIGN_ALG = {
     "id_token": "RS256",

src/oidcop/configure.py

@@ -13,6 +13,9 @@
 from oidcop.scopes import SCOPE2CLAIMS
 from oidcop.utils import load_yaml_config
 
+logger = logging.getLogger(__name__)
+
+
 DEFAULT_FILE_ATTRIBUTE_NAMES = [
     "server_key",
     "server_cert",
@@ -84,7 +87,8 @@
 
 AS_DEFAULT_CONFIG = copy.deepcopy(OP_DEFAULT_CONFIG)
 AS_DEFAULT_CONFIG["claims_interface"] = {
-    "class": "oidcop.session.claims.OAuth2ClaimsInterface", "kwargs": {}}
+    "class": "oidcop.session.claims.OAuth2ClaimsInterface", "kwargs": {}
+}
 
 
 def add_base_path(conf: Union[dict, str], base_path: str, file_attributes: List[str]):
@@ -203,12 +207,10 @@ class EntityConfiguration(Base):
         "httpc_params": {},
         "issuer": "",
         "keys": None,
-        "session_key": None,
+        "session_params": None,
         "template_dir": None,
         "token_handler_args": {},
         "userinfo": None,
-        "password": None,
-        "salt": None,
     }
 
     def __init__(
@@ -243,6 +245,15 @@ def __init__(
                 else:
                     continue
 
+            if key not in DEFAULT_EXTENDED_CONF:
+                logger.warning(
+                    f"{key} not seems to be a valid configuration parameter"
+                )
+            elif not _val:
+                logger.warning(
+                        f"{key} not configured, using default configuration values"
+                    )
+
             if key == "template_dir":
                 _val = os.path.abspath(_val)
 
@@ -585,4 +596,23 @@ def __init__(
         },
     },
     "userinfo": {"class": "oidcop.user_info.UserInfo", "kwargs": {"db_file": "users.json"}, },
+    "scopes_to_claims": SCOPE2CLAIMS,
+    "session_params": {
+      "password": "ses_key",
+      "salt": "ses_salt",
+      "sub_func": {
+        "public": {
+          "class": "oidcop.session.manager.PublicID",
+          "kwargs": {
+            "salt": "mysalt"
+          }
+        },
+        "pairwise": {
+          "class": "oidcop.session.manager.PairWiseID",
+          "kwargs": {
+            "salt": "mysalt"
+          }
+        }
+     }
+    },
 }

tests/op_config.json

@@ -269,19 +269,19 @@
     }
   },
   "session_params": {
-      "password": "__password_used_to_encrypt_access_token_sid_value",
-      "salt": "salt involved in session sub hash ",
+      "password": "ses_key",
+      "salt": "ses_salt",
       "sub_func": {
         "public": {
           "class": "oidcop.session.manager.PublicID",
           "kwargs": {
-            "salt": "sdfsdfdsf"
+            "salt": "mysalt"
           }
         },
         "pairwise": {
           "class": "oidcop.session.manager.PairWiseID",
           "kwargs": {
-            "salt": "sdfsdfsdf"
+            "salt": "mysalt"
           }
         }
      }
@@ -325,7 +325,7 @@
           "phone_number",
           "phone_number_verified"
         ],
-        "add_claim_by_scope": true,
+        "add_claims_by_scope": true,
         "aud": [
           "https://example.org/appl"
         ]

tests/op_config_defaults.py

@@ -133,7 +133,7 @@
             "kwargs": {
                 "lifetime": 3600,
                 "add_claims": ["email", "email_verified", "phone_number", "phone_number_verified",],
-                "add_claim_by_scope": True,
+                "add_claims_by_scope": True,
                 "aud": ["https://example.org/appl"],
             },
         },

tests/srv_config.yaml

@@ -96,7 +96,7 @@ op:
           - email_verified
           - phone_number
           - phone_number_verified
-        add_claim_by_scope: True
+        add_claims_by_scope: True
         aud:
           - https://example.org/appl
       refresh:

tests/test_00_configure.py

@@ -37,6 +37,8 @@ def test_op_configure():
     args = dict(configuration.items())
     assert "add_on" in args
 
+    assert "session_params" in configuration
+
 
 def test_op_configure_from_file():
     configuration = create_from_config_file(

tests/test_00_server.py

@@ -36,8 +36,7 @@ def full_path(local_file):
 
 CONF = {
     "issuer": "https://example.com/",
-    "password": "mycket hemligt",
-    "verify_ssl": False,
+    "httpc_params": {"verify": False, "timeout": 1},
     "capabilities": {},
     "keys": {"uri_path": "static/jwks.json", "key_defs": KEYDEFS, "read_only": True},
     "endpoint": {

tests/test_01_util.py

@@ -12,11 +12,10 @@
 
 conf = {
     "issuer": "https://example.com/",
-    "password": "mycket hemligt",
+    "httpc_params": {"verify": False, "timeout": 1},
     "token_expires_in": 600,
     "grant_expires_in": 300,
     "refresh_token_expires_in": 86400,
-    "verify_ssl": False,
     "capabilities": {},
     "jwks_uri": "https://example.com/jwks.json",
     "keys": {"private_path": "own/jwks.json", "key_defs": KEYDEFS, "uri_path": "static/jwks.json",},

tests/test_02_client_authn.py

@@ -36,9 +36,10 @@
 
 CONF = {
     "issuer": "https://example.com/",
-    "password": "mycket hemligt",
     "grant_expires_in": 300,
-    "verify_ssl": False,
+    "httpc_params": {
+        "verify": False
+    },
     "endpoint": {
         "token": {
             "path": "token",

tests/test_05_id_token.py

@@ -64,8 +64,7 @@ def full_path(local_file):
 
 conf = {
     "issuer": "https://example.com/",
-    "password": "mycket hemligt",
-    "verify_ssl": False,
+    "httpc_params": {"verify": False, "timeout": 1},
     "keys": {"key_defs": KEYDEFS, "uri_path": "static/jwks.json"},
     "token_handler_args": {
         "jwks_def": {

tests/test_05_jwt_token.py

@@ -99,8 +99,7 @@ class TestEndpoint(object):
     def create_endpoint(self):
         conf = {
             "issuer": ISSUER,
-            "password": "mycket hemligt",
-            "verify_ssl": False,
+            "httpc_params": {"verify": False, "timeout": 1},
             "capabilities": CAPABILITIES,
             "keys": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
             "token_handler_args": {

tests/test_06_session_manager.py

@@ -37,11 +37,10 @@ class TestSessionManager:
     def create_session_manager(self):
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
+            "httpc_params": {"verify": False, "timeout": 1},
             "token_expires_in": 600,
             "grant_expires_in": 300,
             "refresh_token_expires_in": 86400,
-            "verify_ssl": False,
             "keys": {"key_defs": KEYDEFS, "uri_path": "static/jwks.json"},
             "jwks_uri": "https://example.com/jwks.json",
             "token_handler_args": {
@@ -56,7 +55,7 @@ def create_session_manager(self):
                     "kwargs": {
                         "lifetime": 3600,
                         "add_claims": True,
-                        "add_claim_by_scope": True,
+                        "add_claims_by_scope": True,
                         "aud": ["https://example.org/appl"],
                     },
                 },
@@ -73,6 +72,10 @@ def create_session_manager(self):
                 },
                 "token_endpoint": {"path": "{}/token", "class": Token, "kwargs": {}},
             },
+            "session_params": {
+              "password": "ses_key",
+              "salt": "ses_salt"
+            },
             "template_dir": "template",
             "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}},
             "userinfo": {
@@ -104,6 +107,11 @@ def _create_session(self, auth_req, sub_type="public", sector_identifier=""):
             ae, authz_req, USER_ID, client_id=client_id, sub_type=sub_type
         )
 
+    def test_session_manager_salt_key(self):
+        sman = self.session_manager
+        assert sman.key == "ses_key"
+        assert sman.salt == "ses_salt"
+
     @pytest.mark.parametrize(
         "sub_type, sector_identifier",
         [("pairwise", "https://all.example.com"), ("public", ""), ("ephemeral", "")],

tests/test_08_session_life.py

@@ -30,11 +30,10 @@ def setup_token_handler(self):
         password = "The longer the better. Is this close to enough ?"
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
+            "httpc_params": {"verify": False, "timeout": 1},
             "token_expires_in": 600,
             "grant_expires_in": 300,
             "refresh_token_expires_in": 86400,
-            "verify_ssl": False,
             "keys": {"key_defs": KEYDEFS, "uri_path": "static/jwks.json"},
             "jwks_uri": "https://example.com/jwks.json",
             "token_handler_args": {
@@ -249,11 +248,10 @@ class TestSessionJWTToken:
     def setup_session_manager(self):
         conf = {
             "issuer": ISSUER,
-            "password": "mycket hemligt",
+            "httpc_params": {"verify": False, "timeout": 1},
             "token_expires_in": 600,
             "grant_expires_in": 300,
             "refresh_token_expires_in": 86400,
-            "verify_ssl": False,
             "capabilities": CAPABILITIES,
             "keys": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
             "token_handler_args": {
@@ -269,7 +267,7 @@ def setup_session_manager(self):
                             "phone_number",
                             "phone_number_verified",
                         ],
-                        "add_claim_by_scope": True,
+                        "add_claims_by_scope": True,
                         "aud": ["https://example.org/appl"],
                     },
                 },

tests/test_09_cookie_handler.py

@@ -249,7 +249,7 @@ def test_compute_session_state():
 #
 # conf = {
 #     "issuer": "https://example.com/",
-#     "password": "mycket hemligt",
+#     "httpc_params": {"verify": False, "timeout": 1},
 #     "token_expires_in": 600,
 #     "grant_expires_in": 300,
 #     "refresh_token_expires_in": 86400,

tests/test_12_user_authn.py

@@ -30,9 +30,8 @@ class TestUserAuthn(object):
     def create_endpoint_context(self):
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
+            "httpc_params": {"verify": False, "timeout": 1},
             "grant_expires_in": 300,
-            "verify_ssl": False,
             "endpoint": {
                 "authorization": {
                     "path": "{}/authorization",

tests/test_20_endpoint.py

@@ -43,11 +43,10 @@ class TestEndpoint(object):
     def create_endpoint(self):
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
+            "httpc_params": {"verify": False, "timeout": 1},
             "token_expires_in": 600,
             "grant_expires_in": 300,
             "refresh_token_expires_in": 86400,
-            "verify_ssl": False,
             "endpoint": {"endpoint": {"path": "endpoint", "class": Endpoint, "kwargs": {}},},
             "keys": {
                 "public_path": "jwks.json",

tests/test_21_oidc_discovery_endpoint.py

@@ -21,11 +21,10 @@ class TestEndpoint(object):
     def create_endpoint(self):
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
             "token_expires_in": 600,
             "grant_expires_in": 300,
             "refresh_token_expires_in": 86400,
-            "verify_ssl": False,
+            "httpc_params": {"verify": False, "timeout": 1},
             "endpoint": {
                 "webfinger": {
                     "path": ".well-known/webfinger",

tests/test_22_oidc_provider_config_endpoint.py

@@ -54,8 +54,9 @@ class TestEndpoint(object):
     def conf(self):
         return {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
-            "verify_ssl": False,
+            "httpc_params": {
+              "verify": False
+            },
             "capabilities": CAPABILITIES,
             "keys": {"uri_path": "static/jwks.json", "key_defs": KEYDEFS},
             "endpoint": {

tests/test_23_oidc_registration_endpoint.py

@@ -76,8 +76,7 @@ class TestEndpoint(object):
     def create_endpoint(self):
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
-            "verify_ssl": False,
+            "httpc_params": {"verify": False, "timeout": 1},
             "capabilities": {
                 "subject_types_supported": ["public", "pairwise", "ephemeral"],
                 "grant_types_supported": [

tests/test_24_oauth2_token_endpoint.py

@@ -80,8 +80,9 @@ def full_path(local_file):
 def conf():
     return {
         "issuer": "https://example.com/",
-        "password": "mycket hemligt",
-        "verify_ssl": False,
+        "httpc_params": {
+        "verify": False
+        },
         "capabilities": CAPABILITIES,
         "keys": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
         "token_handler_args": {

tests/test_24_oidc_authorization_endpoint.py

@@ -1226,11 +1226,11 @@ class TestUserAuthn(object):
     def create_endpoint_context(self):
         conf = {
             "issuer": "https://example.com/",
-            "password": "mycket hemligt",
+            "httpc_params": {"verify": False, "timeout": 1},
             "token_expires_in": 600,
             "grant_expires_in": 300,
             "refresh_token_expires_in": 86400,
-            "verify_ssl": False,
+            "httpc_params": {"verify": False, "timeout": 1},
             "endpoint": {
                 "authorization": {
                     "path": "{}/authorization",