Hello community,
here is the log from the commit of package python-oauthlib for openSUSE:Factory
checked in at 2019-07-30 13:03:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-oauthlib (Old)
and /work/SRC/openSUSE:Factory/.python-oauthlib.new.4126 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-oauthlib"
Tue Jul 30 13:03:36 2019 rev:25 rq:717381 version:3.0.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-oauthlib/python-oauthlib.changes
2019-02-24 20:46:06.391895464 +0100
+++
/work/SRC/openSUSE:Factory/.python-oauthlib.new.4126/python-oauthlib.changes
2019-07-30 13:03:37.782411594 +0200
@@ -1,0 +2,15 @@
+Sun Jul 21 16:58:02 UTC 2019 - Arun Persaud <[email protected]>
+
+- specfile:
+ * be more specific in %files section
+
+- update to version 3.0.2:
+ * #650: Fixed space encoding in base string URI used in the
+ signature base string.
+ * #652: Fixed OIDC /token response which wrongly returned
+ "&state=None"
+ * #654: Doc: The value state must not be stored by the AS, only
+ returned in /authorize response.
+ * #656: Fixed OIDC "nonce" checks: raise errors when it's mandatory
+
+-------------------------------------------------------------------
Old:
----
oauthlib-3.0.1.tar.gz
New:
----
oauthlib-3.0.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-oauthlib.spec ++++++
--- /var/tmp/diff_new_pack.UTmIg1/_old 2019-07-30 13:03:38.766411396 +0200
+++ /var/tmp/diff_new_pack.UTmIg1/_new 2019-07-30 13:03:38.778411394 +0200
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-oauthlib
-Version: 3.0.1
+Version: 3.0.2
Release: 0
Summary: A Generic Implementation of the OAuth Request-Signing Logic
License: BSD-3-Clause
@@ -72,6 +72,9 @@
%files %{python_files}
%license LICENSE
%doc README.rst CHANGELOG.rst
-%{python_sitelib}/*
+%dir %{python_sitelib}/oauthlib
+%{python_sitelib}/oauthlib/*
+%dir %{python_sitelib}/oauthlib-%{version}-py*.egg-info
+%{python_sitelib}/oauthlib-%{version}-py*.egg-info/*
%changelog
++++++ oauthlib-3.0.1.tar.gz -> oauthlib-3.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oauthlib-3.0.1/CHANGELOG.rst
new/oauthlib-3.0.2/CHANGELOG.rst
--- old/oauthlib-3.0.1/CHANGELOG.rst 2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/CHANGELOG.rst 2019-07-04 11:48:07.000000000 +0200
@@ -1,6 +1,17 @@
Changelog
=========
+3.0.2 (2019-07-04)
+------------------
+* #650: Fixed space encoding in base string URI used in the signature base
string.
+* #652: Fixed OIDC /token response which wrongly returned "&state=None"
+* #654: Doc: The value `state` must not be stored by the AS, only returned in
/authorize response.
+* #656: Fixed OIDC "nonce" checks: raise errors when it's mandatory
+
+3.0.1 (2019-01-24)
+------------------
+* Fixed OAuth2.0 regression introduced in 3.0.0: Revocation with Basic auth no
longer possible #644
+
3.0.0 (2019-01-01)
------------------
OAuth2.0 Provider - outstanding Features
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oauthlib-3.0.1/PKG-INFO new/oauthlib-3.0.2/PKG-INFO
--- old/oauthlib-3.0.1/PKG-INFO 2019-01-24 14:34:18.000000000 +0100
+++ new/oauthlib-3.0.2/PKG-INFO 2019-07-04 11:48:54.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: oauthlib
-Version: 3.0.1
+Version: 3.0.2
Summary: A generic, spec-compliant, thorough implementation of the OAuth
request-signing logic
Home-page: https://github.com/oauthlib/oauthlib
Author: The OAuthlib Community
@@ -162,6 +162,6 @@
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*
-Provides-Extra: signals
-Provides-Extra: rsa
Provides-Extra: signedtoken
+Provides-Extra: rsa
+Provides-Extra: signals
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oauthlib-3.0.1/oauthlib/__init__.py
new/oauthlib-3.0.2/oauthlib/__init__.py
--- old/oauthlib-3.0.1/oauthlib/__init__.py 2019-01-24 14:33:33.000000000
+0100
+++ new/oauthlib-3.0.2/oauthlib/__init__.py 2019-07-04 11:48:07.000000000
+0200
@@ -12,6 +12,6 @@
from logging import NullHandler
__author__ = 'The OAuthlib Community'
-__version__ = '3.0.1'
+__version__ = '3.0.2'
logging.getLogger('oauthlib').addHandler(NullHandler())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
---
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
2019-01-24 14:33:33.000000000 +0100
+++
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
2019-07-04 11:48:07.000000000 +0200
@@ -305,9 +305,11 @@
headers.update(e.headers)
return headers, e.json, e.status_code
- token = token_handler.create_token(request,
refresh_token=self.refresh_token, save_token=False)
+ token = token_handler.create_token(request,
refresh_token=self.refresh_token)
+
for modifier in self._token_modifiers:
token = modifier(token, token_handler, request)
+
self.request_validator.save_token(token, request)
self.request_validator.invalidate_authorization_code(
request.client_id, request.code, request)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
---
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
2019-01-24 14:33:33.000000000 +0100
+++
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
2019-07-04 11:48:07.000000000 +0200
@@ -76,10 +76,11 @@
headers.update(e.headers)
return headers, e.json, e.status_code
- token = token_handler.create_token(request, refresh_token=False,
save_token=False)
+ token = token_handler.create_token(request, refresh_token=False)
for modifier in self._token_modifiers:
token = modifier(token)
+
self.request_validator.save_token(token, request)
log.debug('Issuing token to client id %r (%r), %r.',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/implicit.py
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/implicit.py
--- old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/implicit.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/implicit.py
2019-07-04 11:48:07.000000000 +0200
@@ -237,10 +237,13 @@
# "id_token token" - return the access token and the id token
# "id_token" - don't return the access token
if "token" in request.response_type.split():
- token = token_handler.create_token(request, refresh_token=False,
save_token=False)
+ token = token_handler.create_token(request, refresh_token=False)
else:
token = {}
+ if request.state is not None:
+ token['state'] = request.state
+
for modifier in self._token_modifiers:
token = modifier(token, token_handler, request)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
--- old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
2019-07-04 11:48:07.000000000 +0200
@@ -64,10 +64,11 @@
return headers, e.json, e.status_code
token = token_handler.create_token(request,
-
refresh_token=self.issue_new_refresh_tokens, save_token=False)
+
refresh_token=self.issue_new_refresh_tokens)
for modifier in self._token_modifiers:
token = modifier(token)
+
self.request_validator.save_token(token, request)
log.debug('Issuing new token to client id %r (%r), %r.',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
---
old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
2019-01-24 14:33:33.000000000 +0100
+++
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
2019-07-04 11:48:07.000000000 +0200
@@ -104,10 +104,11 @@
headers.update(e.headers)
return headers, e.json, e.status_code
- token = token_handler.create_token(request, self.refresh_token,
save_token=False)
+ token = token_handler.create_token(request, self.refresh_token)
for modifier in self._token_modifiers:
token = modifier(token)
+
self.request_validator.save_token(token, request)
log.debug('Issuing token %r to client id %r (%r) and username %s.',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/tokens.py
new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/tokens.py
--- old/oauthlib-3.0.1/oauthlib/oauth2/rfc6749/tokens.py 2019-01-24
14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/oauth2/rfc6749/tokens.py 2019-07-04
11:48:07.000000000 +0200
@@ -12,6 +12,7 @@
import hashlib
import hmac
from binascii import b2a_base64
+import warnings
from oauthlib import common
from oauthlib.common import add_params_to_qs, add_params_to_uri, unicode_type
@@ -296,15 +297,18 @@
)
self.expires_in = expires_in or 3600
- def create_token(self, request, refresh_token=False, save_token=True):
+ def create_token(self, request, refresh_token=False, **kwargs):
"""
Create a BearerToken, by default without refresh token.
-
+
:param request: OAuthlib request.
:type request: oauthlib.common.Request
:param refresh_token:
- :param save_token:
"""
+ if "save_token" in kwargs:
+ warnings.warn("`save_token` has been deprecated, it was not called
internally."
+ "If you do, call `request_validator.save_token()`
instead.",
+ DeprecationWarning)
if callable(self.expires_in):
expires_in = self.expires_in(request)
@@ -325,9 +329,6 @@
if request.scopes is not None:
token['scope'] = ' '.join(request.scopes)
- if request.state is not None:
- token['state'] = request.state
-
if refresh_token:
if (request.refresh_token and
not self.request_validator.rotate_refresh_token(request)):
@@ -336,10 +337,7 @@
token['refresh_token'] = self.refresh_token_generator(request)
token.update(request.extra_credentials or {})
- token = OAuth2Token(token)
- if save_token:
- self.request_validator.save_bearer_token(token, request)
- return token
+ return OAuth2Token(token)
def validate_request(self, request):
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/openid/connect/core/grant_types/base.py
new/oauthlib-3.0.2/oauthlib/openid/connect/core/grant_types/base.py
--- old/oauthlib-3.0.1/oauthlib/openid/connect/core/grant_types/base.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/openid/connect/core/grant_types/base.py
2019-07-04 11:48:07.000000000 +0200
@@ -58,9 +58,6 @@
if request.response_type and 'id_token' not in request.response_type:
return token
- if 'state' not in token:
- token['state'] = request.state
-
if request.max_age:
d = datetime.datetime.utcnow()
token['auth_time'] = d.isoformat("T") + "Z"
@@ -250,28 +247,5 @@
return request_info
- def openid_implicit_authorization_validator(self, request):
- """Additional validation when following the implicit flow.
- """
- # Undefined in OpenID Connect, fall back to OAuth2 definition.
- if request.response_type == 'token':
- return {}
-
- # Treat it as normal OAuth 2 auth code request if openid is not present
- if not request.scopes or 'openid' not in request.scopes:
- return {}
-
- # REQUIRED. String value used to associate a Client session with an ID
- # Token, and to mitigate replay attacks. The value is passed through
- # unmodified from the Authentication Request to the ID Token.
- # Sufficient entropy MUST be present in the nonce values used to
- # prevent attackers from guessing values. For implementation notes, see
- # Section 15.5.2.
- if not request.nonce:
- desc = 'Request is missing mandatory nonce parameter.'
- raise InvalidRequestError(request=request, description=desc)
-
- return {}
-
OpenIDConnectBase = GrantTypeBase
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/openid/connect/core/grant_types/hybrid.py
new/oauthlib-3.0.2/oauthlib/openid/connect/core/grant_types/hybrid.py
--- old/oauthlib-3.0.1/oauthlib/openid/connect/core/grant_types/hybrid.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/openid/connect/core/grant_types/hybrid.py
2019-07-04 11:48:07.000000000 +0200
@@ -8,6 +8,7 @@
import logging
from oauthlib.oauth2.rfc6749.grant_types.authorization_code import
AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant
+from oauthlib.oauth2.rfc6749.errors import InvalidRequestError
from .base import GrantTypeBase
from ..request_validator import RequestValidator
@@ -34,3 +35,27 @@
self.register_code_modifier(self.add_token)
self.register_code_modifier(self.add_id_token)
self.register_token_modifier(self.add_id_token)
+
+ def openid_authorization_validator(self, request):
+ """Additional validation when following the Authorization Code flow.
+ """
+ request_info = super(HybridGrant,
self).openid_authorization_validator(request)
+ if not request_info: # returns immediately if OAuth2.0
+ return request_info
+
+ # REQUIRED if the Response Type of the request is `code
+ # id_token` or `code id_token token` and OPTIONAL when the
+ # Response Type of the request is `code token`. It is a string
+ # value used to associate a Client session with an ID Token,
+ # and to mitigate replay attacks. The value is passed through
+ # unmodified from the Authentication Request to the ID
+ # Token. Sufficient entropy MUST be present in the `nonce`
+ # values used to prevent attackers from guessing values. For
+ # implementation notes, see Section 15.5.2.
+ if request.response_type in ["code id_token", "code id_token token"]:
+ if not request.nonce:
+ raise InvalidRequestError(
+ request=request,
+ description='Request is missing mandatory nonce parameter.'
+ )
+ return request_info
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/openid/connect/core/grant_types/implicit.py
new/oauthlib-3.0.2/oauthlib/openid/connect/core/grant_types/implicit.py
--- old/oauthlib-3.0.1/oauthlib/openid/connect/core/grant_types/implicit.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/openid/connect/core/grant_types/implicit.py
2019-07-04 11:48:07.000000000 +0200
@@ -10,6 +10,7 @@
from .base import GrantTypeBase
from oauthlib.oauth2.rfc6749.grant_types.implicit import ImplicitGrant as
OAuth2ImplicitGrant
+from oauthlib.oauth2.rfc6749.errors import InvalidRequestError
log = logging.getLogger(__name__)
@@ -23,6 +24,29 @@
self.register_response_type('id_token token')
self.custom_validators.post_auth.append(
self.openid_authorization_validator)
- self.custom_validators.post_auth.append(
- self.openid_implicit_authorization_validator)
self.register_token_modifier(self.add_id_token)
+
+ def add_id_token(self, token, token_handler, request):
+ if 'state' not in token:
+ token['state'] = request.state
+ return super(ImplicitGrant, self).add_id_token(token, token_handler,
request)
+
+ def openid_authorization_validator(self, request):
+ """Additional validation when following the implicit flow.
+ """
+ request_info = super(ImplicitGrant,
self).openid_authorization_validator(request)
+ if not request_info: # returns immediately if OAuth2.0
+ return request_info
+
+ # REQUIRED. String value used to associate a Client session with an ID
+ # Token, and to mitigate replay attacks. The value is passed through
+ # unmodified from the Authentication Request to the ID Token.
+ # Sufficient entropy MUST be present in the nonce values used to
+ # prevent attackers from guessing values. For implementation notes, see
+ # Section 15.5.2.
+ if not request.nonce:
+ raise InvalidRequestError(
+ request=request,
+ description='Request is missing mandatory nonce parameter.'
+ )
+ return request_info
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/oauthlib/openid/connect/core/tokens.py
new/oauthlib-3.0.2/oauthlib/openid/connect/core/tokens.py
--- old/oauthlib-3.0.1/oauthlib/openid/connect/core/tokens.py 2019-01-24
14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib/openid/connect/core/tokens.py 2019-07-04
11:48:07.000000000 +0200
@@ -25,7 +25,7 @@
)
self.expires_in = expires_in or 3600
- def create_token(self, request, refresh_token=False, save_token=False):
+ def create_token(self, request, refresh_token=False):
"""Create a JWT Token, using requestvalidator method."""
if callable(self.expires_in):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oauthlib-3.0.1/oauthlib.egg-info/PKG-INFO
new/oauthlib-3.0.2/oauthlib.egg-info/PKG-INFO
--- old/oauthlib-3.0.1/oauthlib.egg-info/PKG-INFO 2019-01-24
14:34:18.000000000 +0100
+++ new/oauthlib-3.0.2/oauthlib.egg-info/PKG-INFO 2019-07-04
11:48:54.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: oauthlib
-Version: 3.0.1
+Version: 3.0.2
Summary: A generic, spec-compliant, thorough implementation of the OAuth
request-signing logic
Home-page: https://github.com/oauthlib/oauthlib
Author: The OAuthlib Community
@@ -162,6 +162,6 @@
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*
-Provides-Extra: signals
-Provides-Extra: rsa
Provides-Extra: signedtoken
+Provides-Extra: rsa
+Provides-Extra: signals
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
new/oauthlib-3.0.2/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
---
old/oauthlib-3.0.1/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
2019-01-24 14:33:33.000000000 +0100
+++
new/oauthlib-3.0.2/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
2019-07-04 11:48:07.000000000 +0200
@@ -29,12 +29,6 @@
self.web = WebApplicationServer(self.validator)
self.mobile = MobileApplicationServer(self.validator)
- def set_state(self, state):
- def set_request_state(client_id, code, client, request):
- request.state = state
- return True
- return set_request_state
-
def set_client(self, request):
request.client = mock.MagicMock()
request.client.client_id = 'mocked'
@@ -42,18 +36,13 @@
def test_state_preservation(self):
auth_uri =
'http://example.com/path?state=xyz&client_id=abc&response_type='
- token_uri = 'http://example.com/path'
# authorization grant
h, _, s = self.web.create_authorization_response(
auth_uri + 'code', scopes=['random'])
self.assertEqual(s, 302)
self.assertIn('Location', h)
- code = get_query_credentials(h['Location'])['code'][0]
- self.validator.validate_code.side_effect = self.set_state('xyz')
- _, body, _ = self.web.create_token_response(token_uri,
- body='grant_type=authorization_code&code=%s' % code)
- self.assertEqual(json.loads(body)['state'], 'xyz')
+ self.assertEqual(get_query_credentials(h['Location'])['state'][0],
'xyz')
# implicit grant
h, _, s = self.mobile.create_authorization_response(
@@ -133,7 +122,7 @@
# was not given in the authorization AND not in the token request.
self.validator.confirm_redirect_uri.return_value = True
code = get_query_credentials(h['Location'])['code'][0]
- self.validator.validate_code.side_effect = self.set_state('xyz')
+ self.validator.validate_code.return_value = True
_, body, s = self.web.create_token_response(token_uri,
body='grant_type=authorization_code&code=%s' % code)
self.assertEqual(s, 200)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oauthlib-3.0.1/tests/oauth2/rfc6749/test_server.py
new/oauthlib-3.0.2/tests/oauth2/rfc6749/test_server.py
--- old/oauthlib-3.0.1/tests/oauth2/rfc6749/test_server.py 2019-01-24
14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/tests/oauth2/rfc6749/test_server.py 2019-07-04
11:48:07.000000000 +0200
@@ -144,7 +144,7 @@
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
- body =
'grant_type=authorization_code&code=abc&scope=all+of+them&state=xyz'
+ body = 'grant_type=authorization_code&code=abc&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
@@ -152,23 +152,27 @@
'expires_in': self.expires_in,
'access_token': 'abc',
'refresh_token': 'abc',
- 'scope': 'all of them',
- 'state': 'xyz'
+ 'scope': 'all of them'
}
self.assertEqual(json.loads(body), token)
- body = 'grant_type=authorization_code&code=abc&state=xyz'
+ body = 'grant_type=authorization_code&code=abc'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': 'abc',
- 'refresh_token': 'abc',
- 'state': 'xyz'
+ 'refresh_token': 'abc'
}
self.assertEqual(json.loads(body), token)
+ # try with additional custom variables
+ body = 'grant_type=authorization_code&code=abc&state=foobar'
+ headers, body, status_code = self.endpoint.create_token_response(
+ '', body=body)
+ self.assertEqual(json.loads(body), token)
+
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_password_grant(self):
body =
'grant_type=password&username=a&password=hello&scope=all+of+them'
@@ -277,7 +281,7 @@
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
- body =
'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc&scope=all+of+them&state=xyz'
+ body =
'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
@@ -286,12 +290,11 @@
'expires_in': self.expires_in,
'access_token': body['access_token'],
'refresh_token': 'abc',
- 'scope': 'all of them',
- 'state': 'xyz'
+ 'scope': 'all of them'
}
self.assertEqual(body, token)
- body =
'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc&state=xyz'
+ body =
'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
@@ -299,8 +302,20 @@
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': body['access_token'],
- 'refresh_token': 'abc',
- 'state': 'xyz'
+ 'refresh_token': 'abc'
+ }
+ self.assertEqual(body, token)
+
+ # try with additional custom variables
+ body =
'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc&state=foobar'
+ headers, body, status_code = self.endpoint.create_token_response(
+ '', body=body)
+ body = json.loads(body)
+ token = {
+ 'token_type': 'Bearer',
+ 'expires_in': self.expires_in,
+ 'access_token': body['access_token'],
+ 'refresh_token': 'abc'
}
self.assertEqual(body, token)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/tests/openid/connect/core/grant_types/test_authorization_code.py
new/oauthlib-3.0.2/tests/openid/connect/core/grant_types/test_authorization_code.py
---
old/oauthlib-3.0.1/tests/openid/connect/core/grant_types/test_authorization_code.py
2019-01-24 14:33:33.000000000 +0100
+++
new/oauthlib-3.0.2/tests/openid/connect/core/grant_types/test_authorization_code.py
2019-07-04 11:48:07.000000000 +0200
@@ -40,6 +40,7 @@
self.request.grant_type = 'authorization_code'
self.request.redirect_uri = 'https://a.b/cb'
self.request.state = 'abc'
+ self.request.nonce = None
self.mock_validator = mock.MagicMock()
self.mock_validator.authenticate_client.side_effect = self.set_client
@@ -148,3 +149,16 @@
self.assertIn('scope', token)
self.assertNotIn('id_token', token)
self.assertNotIn('openid', token['scope'])
+
+ @mock.patch('oauthlib.common.generate_token')
+ def test_optional_nonce(self, generate_token):
+ generate_token.return_value = 'abc'
+ self.request.nonce = 'xyz'
+ scope, info = self.auth.validate_authorization_request(self.request)
+
+ bearer = BearerToken(self.mock_validator)
+ self.request.response_mode = 'query'
+ h, b, s = self.auth.create_authorization_response(self.request, bearer)
+ self.assertURLEqual(h['Location'], self.url_query)
+ self.assertEqual(b, None)
+ self.assertEqual(s, 302)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/tests/openid/connect/core/grant_types/test_hybrid.py
new/oauthlib-3.0.2/tests/openid/connect/core/grant_types/test_hybrid.py
--- old/oauthlib-3.0.1/tests/openid/connect/core/grant_types/test_hybrid.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/tests/openid/connect/core/grant_types/test_hybrid.py
2019-07-04 11:48:07.000000000 +0200
@@ -1,9 +1,14 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
-from oauthlib.openid.connect.core.grant_types.hybrid import HybridGrant
+import mock
+
+from oauthlib.oauth2.rfc6749 import errors
+from oauthlib.oauth2.rfc6749.tokens import BearerToken
+from oauthlib.openid.connect.core.grant_types.hybrid import HybridGrant
from tests.oauth2.rfc6749.grant_types.test_authorization_code import \
AuthorizationCodeGrantTest
+from .test_authorization_code import OpenIDAuthCodeTest
class OpenIDHybridInterferenceTest(AuthorizationCodeGrantTest):
@@ -12,3 +17,76 @@
def setUp(self):
super(OpenIDHybridInterferenceTest, self).setUp()
self.auth = HybridGrant(request_validator=self.mock_validator)
+
+
+class OpenIDHybridCodeTokenTest(OpenIDAuthCodeTest):
+
+ def setUp(self):
+ super(OpenIDHybridCodeTokenTest, self).setUp()
+ self.request.response_type = 'code token'
+ self.request.nonce = None
+ self.auth = HybridGrant(request_validator=self.mock_validator)
+ self.url_query =
'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
+ self.url_fragment =
'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
+
+ @mock.patch('oauthlib.common.generate_token')
+ def test_optional_nonce(self, generate_token):
+ generate_token.return_value = 'abc'
+ self.request.nonce = 'xyz'
+ scope, info = self.auth.validate_authorization_request(self.request)
+
+ bearer = BearerToken(self.mock_validator)
+ h, b, s = self.auth.create_authorization_response(self.request, bearer)
+ self.assertURLEqual(h['Location'], self.url_fragment,
parse_fragment=True)
+ self.assertEqual(b, None)
+ self.assertEqual(s, 302)
+
+
+class OpenIDHybridCodeIdTokenTest(OpenIDAuthCodeTest):
+
+ def setUp(self):
+ super(OpenIDHybridCodeIdTokenTest, self).setUp()
+ self.mock_validator.get_code_challenge.return_value = None
+ self.request.response_type = 'code id_token'
+ self.request.nonce = 'zxc'
+ self.auth = HybridGrant(request_validator=self.mock_validator)
+ token = 'MOCKED_TOKEN'
+ self.url_query = 'https://a.b/cb?code=abc&state=abc&id_token=%s' %
token
+ self.url_fragment = 'https://a.b/cb#code=abc&state=abc&id_token=%s' %
token
+
+ @mock.patch('oauthlib.common.generate_token')
+ def test_required_nonce(self, generate_token):
+ generate_token.return_value = 'abc'
+ self.request.nonce = None
+ self.assertRaises(errors.InvalidRequestError,
self.auth.validate_authorization_request, self.request)
+
+ bearer = BearerToken(self.mock_validator)
+ h, b, s = self.auth.create_authorization_response(self.request, bearer)
+ self.assertIn('error=invalid_request', h['Location'])
+ self.assertEqual(b, None)
+ self.assertEqual(s, 302)
+
+
+class OpenIDHybridCodeIdTokenTokenTest(OpenIDAuthCodeTest):
+
+ def setUp(self):
+ super(OpenIDHybridCodeIdTokenTokenTest, self).setUp()
+ self.mock_validator.get_code_challenge.return_value = None
+ self.request.response_type = 'code id_token token'
+ self.request.nonce = 'xyz'
+ self.auth = HybridGrant(request_validator=self.mock_validator)
+ token = 'MOCKED_TOKEN'
+ self.url_query =
'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s'
% token
+ self.url_fragment =
'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s'
% token
+
+ @mock.patch('oauthlib.common.generate_token')
+ def test_required_nonce(self, generate_token):
+ generate_token.return_value = 'abc'
+ self.request.nonce = None
+ self.assertRaises(errors.InvalidRequestError,
self.auth.validate_authorization_request, self.request)
+
+ bearer = BearerToken(self.mock_validator)
+ h, b, s = self.auth.create_authorization_response(self.request, bearer)
+ self.assertIn('error=invalid_request', h['Location'])
+ self.assertEqual(b, None)
+ self.assertEqual(s, 302)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/tests/openid/connect/core/grant_types/test_implicit.py
new/oauthlib-3.0.2/tests/openid/connect/core/grant_types/test_implicit.py
--- old/oauthlib-3.0.1/tests/openid/connect/core/grant_types/test_implicit.py
2019-01-24 14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/tests/openid/connect/core/grant_types/test_implicit.py
2019-07-04 11:48:07.000000000 +0200
@@ -4,13 +4,13 @@
import mock
from oauthlib.common import Request
+from oauthlib.oauth2.rfc6749 import errors
from oauthlib.oauth2.rfc6749.tokens import BearerToken
from oauthlib.openid.connect.core.grant_types.exceptions import OIDCNoPrompt
-from oauthlib.openid.connect.core.grant_types.hybrid import HybridGrant
from oauthlib.openid.connect.core.grant_types.implicit import ImplicitGrant
from tests.oauth2.rfc6749.grant_types.test_implicit import ImplicitGrantTest
from tests.unittest import TestCase
-from .test_authorization_code import get_id_token_mock, OpenIDAuthCodeTest
+from .test_authorization_code import get_id_token_mock
class OpenIDImplicitInterferenceTest(ImplicitGrantTest):
@@ -30,8 +30,8 @@
self.request.client_id = 'abcdef'
self.request.response_type = 'id_token token'
self.request.redirect_uri = 'https://a.b/cb'
- self.request.nonce = 'zxc'
self.request.state = 'abc'
+ self.request.nonce = 'xyz'
self.mock_validator = mock.MagicMock()
self.mock_validator.get_id_token.side_effect = get_id_token_mock
@@ -61,12 +61,6 @@
self.assertEqual(b, None)
self.assertEqual(s, 302)
- self.request.nonce = None
- h, b, s = self.auth.create_authorization_response(self.request, bearer)
- self.assertIn('error=invalid_request', h['Location'])
- self.assertEqual(b, None)
- self.assertEqual(s, 302)
-
@mock.patch('oauthlib.common.generate_token')
def test_no_prompt_authorization(self, generate_token):
generate_token.return_value = 'abc'
@@ -105,36 +99,35 @@
h, b, s = self.auth.create_authorization_response(self.request, bearer)
self.assertIn('error=login_required', h['Location'])
+ @mock.patch('oauthlib.common.generate_token')
+ def test_required_nonce(self, generate_token):
+ generate_token.return_value = 'abc'
+ self.request.nonce = None
+ self.assertRaises(errors.InvalidRequestError,
self.auth.validate_authorization_request, self.request)
-class OpenIDHybridCodeTokenTest(OpenIDAuthCodeTest):
-
- def setUp(self):
- super(OpenIDHybridCodeTokenTest, self).setUp()
- self.request.response_type = 'code token'
- self.auth = HybridGrant(request_validator=self.mock_validator)
- self.url_query =
'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
- self.url_fragment =
'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
-
+ bearer = BearerToken(self.mock_validator)
+ h, b, s = self.auth.create_authorization_response(self.request, bearer)
+ self.assertIn('error=invalid_request', h['Location'])
+ self.assertEqual(b, None)
+ self.assertEqual(s, 302)
-class OpenIDHybridCodeIdTokenTest(OpenIDAuthCodeTest):
+class OpenIDImplicitNoAccessTokenTest(OpenIDImplicitTest):
def setUp(self):
- super(OpenIDHybridCodeIdTokenTest, self).setUp()
- self.mock_validator.get_code_challenge.return_value = None
- self.request.response_type = 'code id_token'
- self.auth = HybridGrant(request_validator=self.mock_validator)
+ super(OpenIDImplicitNoAccessTokenTest, self).setUp()
+ self.request.response_type = 'id_token'
token = 'MOCKED_TOKEN'
- self.url_query = 'https://a.b/cb?code=abc&state=abc&id_token=%s' %
token
- self.url_fragment = 'https://a.b/cb#code=abc&state=abc&id_token=%s' %
token
-
+ self.url_query = 'https://a.b/cb?state=abc&id_token=%s' % token
+ self.url_fragment = 'https://a.b/cb#state=abc&id_token=%s' % token
-class OpenIDHybridCodeIdTokenTokenTest(OpenIDAuthCodeTest):
+ @mock.patch('oauthlib.common.generate_token')
+ def test_required_nonce(self, generate_token):
+ generate_token.return_value = 'abc'
+ self.request.nonce = None
+ self.assertRaises(errors.InvalidRequestError,
self.auth.validate_authorization_request, self.request)
- def setUp(self):
- super(OpenIDHybridCodeIdTokenTokenTest, self).setUp()
- self.mock_validator.get_code_challenge.return_value = None
- self.request.response_type = 'code id_token token'
- self.auth = HybridGrant(request_validator=self.mock_validator)
- token = 'MOCKED_TOKEN'
- self.url_query =
'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s'
% token
- self.url_fragment =
'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s'
% token
+ bearer = BearerToken(self.mock_validator)
+ h, b, s = self.auth.create_authorization_response(self.request, bearer)
+ self.assertIn('error=invalid_request', h['Location'])
+ self.assertEqual(b, None)
+ self.assertEqual(s, 302)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oauthlib-3.0.1/tests/openid/connect/core/test_server.py
new/oauthlib-3.0.2/tests/openid/connect/core/test_server.py
--- old/oauthlib-3.0.1/tests/openid/connect/core/test_server.py 2019-01-24
14:33:33.000000000 +0100
+++ new/oauthlib-3.0.2/tests/openid/connect/core/test_server.py 2019-07-04
11:48:07.000000000 +0200
@@ -143,7 +143,7 @@
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
- body =
'grant_type=authorization_code&code=abc&scope=all+of+them&state=xyz'
+ body = 'grant_type=authorization_code&code=abc&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
@@ -151,23 +151,27 @@
'expires_in': self.expires_in,
'access_token': 'abc',
'refresh_token': 'abc',
- 'scope': 'all of them',
- 'state': 'xyz'
+ 'scope': 'all of them'
}
self.assertEqual(json.loads(body), token)
- body = 'grant_type=authorization_code&code=abc&state=xyz'
+ body = 'grant_type=authorization_code&code=abc'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': 'abc',
- 'refresh_token': 'abc',
- 'state': 'xyz'
+ 'refresh_token': 'abc'
}
self.assertEqual(json.loads(body), token)
+ # ignore useless fields
+ body = 'grant_type=authorization_code&code=abc&state=foobar'
+ headers, body, status_code = self.endpoint.create_token_response(
+ '', body=body)
+ self.assertEqual(json.loads(body), token)
+
def test_missing_type(self):
_, body, _ = self.endpoint.create_token_response('', body='')
token = {'error': 'unsupported_grant_type'}
