From 8dc7bf0ba3514979284c2c187d605ba7359c909a Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Wed, 26 May 2021 09:59:11 +0200 Subject: [PATCH] BREAKAGE: seed param moved from global configuration to registration endpoint --- doc/source/contents/conf.rst | 16 ++++++++-------- src/oidcop/configure.py | 1 - src/oidcop/endpoint_context.py | 8 -------- src/oidcop/oidc/registration.py | 20 +++++++++++++++++--- 4 files changed, 25 insertions(+), 20 deletions(-) diff --git a/doc/source/contents/conf.rst b/doc/source/contents/conf.rst index 47680d4c..db25f1fa 100644 --- a/doc/source/contents/conf.rst +++ b/doc/source/contents/conf.rst @@ -8,12 +8,6 @@ issuer The issuer ID of the OP, a unique value in URI format. ----- -seed ----- - -Used in dynamic client registration endpoint when creating a new client_secret. -If unset it will be random. -------- password @@ -209,8 +203,14 @@ An example:: "path": "registration", "class": "oidcop.oidc.registration.Registration", "kwargs": { - "client_authn_method": null, - "client_secret_expiration_time": 432000 + "client_authn_method": None, + "client_secret_expiration_time": 432000, + "client_id_generator": { + "class": 'oidcop.oidc.registration.random_client_id', + "kwargs": { + "seed": "that-optional-random-value" + } + } } }, "registration_api": { diff --git a/src/oidcop/configure.py b/src/oidcop/configure.py index 567cab44..b2a44e7b 100755 --- a/src/oidcop/configure.py +++ b/src/oidcop/configure.py @@ -221,7 +221,6 @@ def __init__( self.token_handler_args = {} self.userinfo = None self.password = None - self.salt = None if file_attributes is None: file_attributes = DEFAULT_FILE_ATTRIBUTE_NAMES diff --git a/src/oidcop/endpoint_context.py b/src/oidcop/endpoint_context.py index dab66128..84dcc8f7 100755 --- a/src/oidcop/endpoint_context.py +++ b/src/oidcop/endpoint_context.py @@ -6,7 +6,6 @@ import requests from cryptojwt import KeyJar -from cryptojwt.utils import as_bytes from jinja2 import Environment from jinja2 import FileSystemLoader from oidcmsg.context import OidcContext @@ -111,7 +110,6 @@ class EndpointContext(OidcContext): "provider_info": {}, "registration_access_token": {}, "scope2claims": {}, - "seed": "", # "session_db": {}, "session_manager": SessionManager, "sso_ttl": None, @@ -139,12 +137,6 @@ def __init__( self.cwd = cwd - # Those that use seed wants bytes but I can only store str. - try: - self.seed = as_bytes(conf["seed"]) - except KeyError: - self.seed = as_bytes(rndstr(32)) - # Default values, to be changed below depending on configuration # arguments for endpoints add-ons self.args = {} diff --git a/src/oidcop/oidc/registration.py b/src/oidcop/oidc/registration.py index ac58ab2d..71aa7374 100755 --- a/src/oidcop/oidc/registration.py +++ b/src/oidcop/oidc/registration.py @@ -99,8 +99,14 @@ def comb_uri(args): val = [] for base, query_dict in args[param]: if query_dict: - query_string = urlencode([(key, v) for key in query_dict for v in query_dict[key]]) - val.append("%s?%s" % (base, query_string)) + query_string = urlencode( + [ + (key, v) + for key in query_dict + for v in query_dict[key] + ] + ) + val.append("{base}?{query_string}") else: val.append(base) @@ -139,6 +145,14 @@ class Registration(Endpoint): # default # response_placement = 'body' + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # Those that use seed wants bytes but I can only store str. + # seed + _seed = kwargs.get("seed") or rndstr(32) + self.seed = as_bytes(_seed) + def match_client_request(self, request): _context = self.server_get("endpoint_context") for _pref, _prov in PREFERENCE2PROVIDER.items(): @@ -358,7 +372,7 @@ def client_secret_expiration_time(self): return utc_time_sans_frac() + _expiration_time def add_client_secret(self, cinfo, client_id, context): - client_secret = secret(context.seed, client_id) + client_secret = secret(self.seed, client_id) cinfo["client_secret"] = client_secret _eat = self.client_secret_expiration_time() if _eat: