Skip to content

Commit

Permalink
Do not append cookie_header if there is nothing to append
Browse files Browse the repository at this point in the history
Close #592
  • Loading branch information
tpazderka committed Jan 18, 2019
1 parent e4d8404 commit 52e1281
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 6 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@ The format is based on the [KeepAChangeLog] project.

[KeepAChangeLog]: http://keepachangelog.com/

## Unreleased

### Fixed
- [#592] Do not append cookie header if there is nothing to append

[#592]: https://github.com/OpenIDC/pyoidc/issues/592

## 0.15.0 [2019-01-17]

### Fixed
Expand Down
10 changes: 4 additions & 6 deletions src/oic/oauth2/provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -754,14 +754,12 @@ def _complete_authz(self, user, areq, sid, **kwargs):
headers.append(tuple(x.split(": ", 1)))

if self.cookie_name not in _kaka: # Don't overwrite
headers.append(self.cookie_func(c_val, typ="sso",
cookie_name=self.sso_cookie_name,
ttl=self.sso_ttl))
cookie_header = self.cookie_func(c_val, typ="sso", cookie_name=self.sso_cookie_name, ttl=self.sso_ttl)
else:
headers.append(self.cookie_func(c_val, typ="sso",
cookie_name=self.sso_cookie_name,
ttl=self.sso_ttl))
cookie_header = self.cookie_func(c_val, typ="sso", cookie_name=self.sso_cookie_name, ttl=self.sso_ttl)

if cookie_header is not None:
headers.append(cookie_header)
# Now about the response_mode. Should not be set if it's obvious
# from the response_type. Knows about 'query', 'fragment' and
# 'form_post'.
Expand Down
49 changes: 49 additions & 0 deletions tests/test_oauth2_provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,13 @@ def authenticated_as(self, cookie=None, **kwargs):
return {"uid": self.user}, time.time()


class NoCookieAuthn(DummyAuthn):
"""Authn that doesn't create cookies."""

def create_cookie(self, value, typ, cookie_name=None, ttl=-1, kill=False):
pass


def verify_outcome(msg, prefix, lista):
"""
Number of permutations are dependent on number of claims
Expand All @@ -86,6 +93,8 @@ def verify_outcome(msg, prefix, lista):

AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add("UNDEFINED", DummyAuthn(None, "username"))
AUTHN_BROKER2 = AuthnBroker()
AUTHN_BROKER2.add('UNDEFINED', NoCookieAuthn(None, 'username'))
# dealing with authorization
AUTHZ = Implicit()

Expand Down Expand Up @@ -381,3 +390,43 @@ def test_response_types_fail(self, response_types):

_res = json.loads(res.message)
assert _res['error'] == 'invalid_request'

def test_complete_authz_no_cookie(self, session_db_factory):
provider = Provider("pyoicserver", session_db_factory(ISSUER), CDB, AUTHN_BROKER2, AUTHZ, verify_client,
baseurl='https://example.com/as')
areq = {'client_id': 'client1',
'response_type': ['code'],
'redirect_uri': 'http://localhost:8087/authz'}
sid = provider.sdb.access_token.key(user='sub', areq=areq)
access_code = provider.sdb.access_token(sid=sid)
provider.sdb[sid] = {'oauth_state': 'authz',
'sub': 'sub',
'client_id': 'client1',
'code': access_code,
'redirect_uri': 'http://localhost:8087/authz'}
response, header, redirect, fragment = provider._complete_authz('sub', areq, sid)
assert header == []
assert not fragment
assert redirect == 'http://localhost:8087/authz'
assert 'code' in response

def test_complete_authz_cookie(self, session_db_factory):
provider = Provider("pyoicserver", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client,
baseurl='https://example.com/as')
areq = {'client_id': 'client1',
'response_type': ['code'],
'redirect_uri': 'http://localhost:8087/authz'}
sid = provider.sdb.access_token.key(user='sub', areq=areq)
access_code = provider.sdb.access_token(sid=sid)
provider.sdb[sid] = {'oauth_state': 'authz',
'sub': 'sub',
'client_id': 'client1',
'code': access_code,
'redirect_uri': 'http://localhost:8087/authz'}
response, header, redirect, fragment = provider._complete_authz('sub', areq, sid)
cookie_header = header[0]
assert cookie_header[0] == 'Set-Cookie'
assert cookie_header[1].startswith('pyoidc_sso="sub][client1')
assert not fragment
assert redirect == 'http://localhost:8087/authz'
assert 'code' in response

0 comments on commit 52e1281

Please sign in to comment.