Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Serialize the AuthnEvent when adding to session #369

Merged
merged 3 commits into from
Jun 7, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,14 @@ The format is based on the [KeepAChangeLog] project.

## 0.11.0.0 [UNRELEASED]

### Changed
- [#324]: Make the Provider `symkey` argument optional.

### Fixed
- [#369]: The AuthnEvent object is now serialized to JSON for the session.

[#324]: https://github.com/OpenIDC/pyoidc/pull/324
[#369]: https://github.com/OpenIDC/pyoidc/pull/369

## 0.10.0.1 [UNRELEASED]

Expand Down
3 changes: 2 additions & 1 deletion README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,9 @@ Maintainers Needed
If you're interested in helping maintain and improve this package, we're
looking for you!

Please contact one of the current maintainers, `@lwm`_, `@rohe`_ or `@tpazderka`_.
Please contact one of the current maintainers, `@lwm`_, `@rohe`_, `@tpazderka`_ or `@schlenk`_.

.. _@lwm: https://github.com/lwm/
.. _@rohe: https://github.com/rohe/
.. _@tpazderka: https://github.com/tpazderka/
.. _@schlenk: https://github.com/schlenk
13 changes: 7 additions & 6 deletions src/oic/oic/provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -776,10 +776,11 @@ def authz_part2(self, user, areq, sid, **kwargs):

if "check_session_iframe" in self.capabilities:
salt = rndstr()
state = str(self.sdb.get_authentication_event(
sid).authn_time) # use the last session
authn_event = self.sdb.get_authentication_event(sid) # use the last session
state = str(authn_event["authn_time"])
aresp["session_state"] = self._compute_session_state(
state, salt, areq["client_id"], redirect_uri)
state, salt, areq["client_id"], redirect_uri
)
headers.append(self.write_session_cookie(state))

# as per the mix-up draft don't add iss and client_id if they are
Expand Down Expand Up @@ -888,9 +889,9 @@ def sign_encrypt_id_token(self, sinfo, client_info, areq, code=None,

_authn_event = sinfo["authn_event"]
id_token = self.id_token_as_signed_jwt(
sinfo, loa=_authn_event.authn_info, alg=alg, code=code,
sinfo, loa=_authn_event["authn_info"], alg=alg, code=code,
access_token=access_token, user_info=user_info,
auth_time=_authn_event.authn_time)
auth_time=_authn_event["authn_time"])

# Then encrypt
if "id_token_encrypted_response_alg" in client_info:
Expand Down Expand Up @@ -1110,7 +1111,7 @@ def _collect_user_info(self, session, userinfo_claims=None):

authn_event = session.get("authn_event")
if authn_event:
uid = authn_event.uid
uid = authn_event["uid"]
else:
uid = session['uid']

Expand Down
18 changes: 11 additions & 7 deletions src/oic/utils/sdb.py
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,8 @@ def get_type(self, token):


class AuthnEvent(object):
def __init__(self, uid, salt, valid=3600, authn_info=None, time_stamp=0):
def __init__(self, uid, salt, valid=3600, authn_info=None,
time_stamp=0, authn_time=None, valid_until=None):
"""
Creates a representation of an authentication event.

Expand All @@ -251,8 +252,8 @@ def __init__(self, uid, salt, valid=3600, authn_info=None, time_stamp=0):
"""
self.uid = uid
self.salt = salt
self.authn_time = int(time_stamp) or time_sans_frac()
self.valid_until = self.authn_time + int(valid)
self.authn_time = authn_time or (int(time_stamp) or time_sans_frac())
self.valid_until = valid_until or (self.authn_time + int(valid))
self.authn_info = authn_info

def valid(self):
Expand All @@ -261,6 +262,9 @@ def valid(self):
def valid_for(self):
return self.valid_until - time.time()

def to_json(self):
return self.__dict__


class RefreshDB(object):
"""
Expand Down Expand Up @@ -493,8 +497,8 @@ def do_sub(self, sid, client_salt, sector_id="", subject_type="public"):
:param client_salt: client specific salt - used in pairwise
:return:
"""
uid = self._db[sid]["authn_event"].uid
user_salt = self._db[sid]["authn_event"].salt
uid = self._db[sid]["authn_event"]["uid"]
user_salt = self._db[sid]["authn_event"]["salt"]

if subject_type == "public":
sub = hashlib.sha256(
Expand Down Expand Up @@ -537,7 +541,7 @@ def create_authz_session(self, aevent, areq, id_token=None, oidreq=None,
"client_id": areq["client_id"],
'response_type': areq['response_type'],
"revoked": False,
"authn_event": aevent
"authn_event": aevent.to_json()
}

_dic.update(kwargs)
Expand Down Expand Up @@ -613,7 +617,7 @@ def upgrade_to_token(self, token=None, issue_refresh=False, id_token="",
if issue_refresh:
authn_event = dic.get('authn_event')
if authn_event:
uid = authn_event.uid
uid = authn_event["uid"]
else:
uid = None

Expand Down
12 changes: 6 additions & 6 deletions tests/test_oic_provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,7 @@ def test_token_endpoint(self):
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
Expand Down Expand Up @@ -425,7 +425,7 @@ def test_token_endpoint_refresh(self):
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
Expand Down Expand Up @@ -462,7 +462,7 @@ def test_token_endpoint_malformed(self):
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
Expand Down Expand Up @@ -498,7 +498,7 @@ def test_token_endpoint_bad_code(self):
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
Expand Down Expand Up @@ -534,7 +534,7 @@ def test_token_endpoint_unauth(self):
access_grant = _sdb.access_token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"authn_event": ae,
"authn_event": ae.to_json(),
"oauth_state": "authz",
"authzreq": "",
"client_id": "client_1",
Expand Down Expand Up @@ -1128,7 +1128,7 @@ def test_refresh_access_token_request(self):
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
Expand Down
2 changes: 1 addition & 1 deletion tests/test_sdb.py
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ def test_sub_to_authn_event(self):
# given the sub find out whether the authn event is still valid
sids = self.sdb.get_sids_by_sub(sub)
ae = self.sdb[sids[0]]["authn_event"]
assert ae.valid()
assert AuthnEvent(**ae).valid()

def test_do_sub_deterministic(self):
ae = AuthnEvent("tester", "random_value")
Expand Down
2 changes: 1 addition & 1 deletion tests/test_token.py
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@ def test_sub_to_authn_event(self):
# given the sub find out whether the authn event is still valid
sids = self.sdb.get_sids_by_sub(sub)
ae = self.sdb[sids[0]]["authn_event"]
assert ae.valid()
assert AuthnEvent(**ae).valid()

def test_do_sub_deterministic(self):
ae = AuthnEvent("tester", "random_value")
Expand Down