From ef2afa409c20cc2e2f971d94f586a87d801bd85e Mon Sep 17 00:00:00 2001 From: Guy Pilosof Date: Wed, 27 Jul 2022 09:17:36 +0300 Subject: [PATCH 1/2] remove cookies paramter on do_post and do_get --- descope/auth.py | 9 ++------- descope/authmethod/exchanger.py | 2 +- descope/authmethod/magiclink.py | 4 ++-- descope/authmethod/oauth.py | 2 +- descope/authmethod/otp.py | 4 ++-- descope/authmethod/saml.py | 2 +- descope/authmethod/totp.py | 2 +- descope/authmethod/webauthn.py | 2 +- descope/descope_client.py | 2 +- samples/webauthn_web_sample_app.py | 1 + 10 files changed, 13 insertions(+), 17 deletions(-) diff --git a/descope/auth.py b/descope/auth.py index 5b3a9744d..31b62c095 100644 --- a/descope/auth.py +++ b/descope/auth.py @@ -59,7 +59,6 @@ def __init__(self, project_id: str, public_key: str = None, base_uri: str = None def do_get( self, uri: str, - cookies=None, params=None, allow_redirects=None, pswd: str = None, @@ -67,7 +66,6 @@ def do_get( response = requests.get( f"{self.base_url}{uri}", headers=self._get_default_headers(pswd), - cookies=cookies, params=params, allow_redirects=allow_redirects, ) @@ -77,14 +75,11 @@ def do_get( ) return response - def do_post( - self, uri: str, body: dict, cookies=None, pswd: str = None - ) -> requests.Response: + def do_post(self, uri: str, body: dict, pswd: str = None) -> requests.Response: response = requests.post( f"{self.base_url}{uri}", headers=self._get_default_headers(pswd), data=json.dumps(body), - cookies=cookies, ) if not response.ok: raise AuthException( @@ -305,7 +300,7 @@ def _get_default_headers(self, pswd: str = None): def _refresh_token(self, refresh_token: str) -> dict: uri = Auth._compose_refresh_token_url() - response = self.do_get(uri, None, None, None, refresh_token) + response = self.do_get(uri, None, None, refresh_token) resp = response.json() auth_info = self._generate_auth_info( diff --git a/descope/authmethod/exchanger.py b/descope/authmethod/exchanger.py index 33da63fb9..0b06226cc 100644 --- a/descope/authmethod/exchanger.py +++ b/descope/authmethod/exchanger.py @@ -20,7 +20,7 @@ def exchange_token(self, code: str) -> dict: uri = EndpointsV1.exchangeTokenPath params = Exchanger._compose_exchange_params(code) - response = self._auth.do_get(uri, None, params, False) + response = self._auth.do_get(uri, params, False) resp = response.json() jwt_response = self._auth._generate_jwt_response( resp, response.cookies.get(REFRESH_SESSION_COOKIE_NAME, None) diff --git a/descope/authmethod/magiclink.py b/descope/authmethod/magiclink.py index 46e948417..2b67f30ff 100644 --- a/descope/authmethod/magiclink.py +++ b/descope/authmethod/magiclink.py @@ -151,7 +151,7 @@ def _update_user_email( identifier, email, cross_device ) uri = EndpointsV1.updateUserEmailOTPPath - return self._auth.do_post(uri, body, None, refresh_token) + return self._auth.do_post(uri, body, refresh_token) def _update_user_phone( self, @@ -172,7 +172,7 @@ def _update_user_phone( identifier, phone, cross_device ) uri = EndpointsV1.updateUserPhoneOTPPath - return self._auth.do_post(uri, body, None, refresh_token) + return self._auth.do_post(uri, body, refresh_token) @staticmethod def _compose_signin_url(method: DeliveryMethod) -> str: diff --git a/descope/authmethod/oauth.py b/descope/authmethod/oauth.py index 92908affc..723ead116 100644 --- a/descope/authmethod/oauth.py +++ b/descope/authmethod/oauth.py @@ -19,7 +19,7 @@ def start(self, provider: str, return_url: str = "") -> dict: uri = EndpointsV1.oauthStart params = OAuth._compose_start_params(provider, return_url) - response = self._auth.do_get(uri, None, params, False) + response = self._auth.do_get(uri, params, False) return response.json() diff --git a/descope/authmethod/otp.py b/descope/authmethod/otp.py index 87cc29b0d..b42901d8c 100644 --- a/descope/authmethod/otp.py +++ b/descope/authmethod/otp.py @@ -154,7 +154,7 @@ def update_user_email( uri = EndpointsV1.updateUserEmailOTPPath body = OTP._compose_update_user_email_body(identifier, email) - self._auth.do_post(uri, body, None, refresh_token) + self._auth.do_post(uri, body, refresh_token) def update_user_phone( self, method: DeliveryMethod, identifier: str, phone: str, refresh_token: str @@ -185,7 +185,7 @@ def update_user_phone( uri = OTP._compose_update_phone_url(method) body = OTP._compose_update_user_phone_body(identifier, phone) - self._auth.do_post(uri, body, None, refresh_token) + self._auth.do_post(uri, body, refresh_token) @staticmethod def _compose_signup_url(method: DeliveryMethod) -> str: diff --git a/descope/authmethod/saml.py b/descope/authmethod/saml.py index 41c292524..fb6132b53 100644 --- a/descope/authmethod/saml.py +++ b/descope/authmethod/saml.py @@ -24,7 +24,7 @@ def start(self, tenant: str, return_url: str = None) -> dict: uri = EndpointsV1.authSAMLStart params = SAML._compose_start_params(tenant, return_url) - response = self._auth.do_get(uri, None, params) + response = self._auth.do_get(uri, params) return response.json() diff --git a/descope/authmethod/totp.py b/descope/authmethod/totp.py index f5bbb5937..e917e50bd 100644 --- a/descope/authmethod/totp.py +++ b/descope/authmethod/totp.py @@ -72,7 +72,7 @@ def update_user(self, identifier: str, refresh_token: str) -> None: uri = EndpointsV1.updateTOTPPath body = TOTP._compose_update_user_body(identifier) - response = self._auth.do_post(uri, body, None, refresh_token) + response = self._auth.do_post(uri, body, refresh_token) return response.json() # Response should have these schema: diff --git a/descope/authmethod/webauthn.py b/descope/authmethod/webauthn.py index 3d9345b75..e5b137ebc 100644 --- a/descope/authmethod/webauthn.py +++ b/descope/authmethod/webauthn.py @@ -113,7 +113,7 @@ def add_device_start(self, identifier: str, refresh_token: str, origin: str): uri = EndpointsV1.deviceAddAuthWebauthnStart body = WebauthN._compose_add_device_start_body(identifier, origin) - response = self._auth.do_post(uri, body, None, refresh_token) + response = self._auth.do_post(uri, body, refresh_token) return response.json() diff --git a/descope/descope_client.py b/descope/descope_client.py index a7e9c16e5..64668d2ec 100644 --- a/descope/descope_client.py +++ b/descope/descope_client.py @@ -94,4 +94,4 @@ def logout(self, refresh_token: str) -> requests.Response: ) uri = EndpointsV1.logoutPath - return self._auth.do_get(uri, None, None, None, refresh_token) + return self._auth.do_get(uri, None, None, refresh_token) diff --git a/samples/webauthn_web_sample_app.py b/samples/webauthn_web_sample_app.py index 76c7f9730..55820ba9b 100644 --- a/samples/webauthn_web_sample_app.py +++ b/samples/webauthn_web_sample_app.py @@ -87,6 +87,7 @@ def webauthn_add_device_start(): def webauthn_add_device_finish(): data = request.get_json() descope_client.webauthn.add_device_finish(data["transactionId"], data["response"]) + return jsonify("{}") if __name__ == "__main__": From 211421c9b1821fb15b1f94994cd0e2fec0aa6a60 Mon Sep 17 00:00:00 2001 From: Guy Pilosof Date: Wed, 27 Jul 2022 09:24:40 +0300 Subject: [PATCH 2/2] adjust tests --- tests/test_exchanger.py | 1 - tests/test_magiclink.py | 3 --- tests/test_oauth.py | 1 - tests/test_saml.py | 1 - tests/test_totp.py | 1 - tests/test_webauthn.py | 6 ------ 6 files changed, 13 deletions(-) diff --git a/tests/test_exchanger.py b/tests/test_exchanger.py index 6b0aa9c14..ca7951379 100644 --- a/tests/test_exchanger.py +++ b/tests/test_exchanger.py @@ -53,7 +53,6 @@ def test_exchange_token(self): "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", }, - cookies=None, params={"code": "c1"}, allow_redirects=False, ) diff --git a/tests/test_magiclink.py b/tests/test_magiclink.py index fc79f1dc6..be9894465 100644 --- a/tests/test_magiclink.py +++ b/tests/test_magiclink.py @@ -247,7 +247,6 @@ def test_sign_in_cross_device(self): ) mock_post.assert_called_with( f"{DEFAULT_BASE_URL}{EndpointsV1.signInAuthMagicLinkPath}/email", - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", @@ -278,7 +277,6 @@ def test_sign_up_cross_device(self): ) mock_post.assert_called_with( f"{DEFAULT_BASE_URL}{EndpointsV1.signUpAuthMagicLinkPath}/email", - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", @@ -308,7 +306,6 @@ def test_sign_up_or_in_cross_device(self): ) mock_post.assert_called_with( f"{DEFAULT_BASE_URL}{EndpointsV1.signUpOrInAuthMagicLinkPath}/email", - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", diff --git a/tests/test_oauth.py b/tests/test_oauth.py index 3cbd1106d..6523e3594 100644 --- a/tests/test_oauth.py +++ b/tests/test_oauth.py @@ -68,7 +68,6 @@ def test_oauth_start(self): expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.oauthStart}" mock_get.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", diff --git a/tests/test_saml.py b/tests/test_saml.py index 30b139fe8..7f40394e8 100644 --- a/tests/test_saml.py +++ b/tests/test_saml.py @@ -50,7 +50,6 @@ def test_saml_start(self): expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.authSAMLStart}" mock_get.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", diff --git a/tests/test_totp.py b/tests/test_totp.py index 8d6da80d3..2d334dcbe 100644 --- a/tests/test_totp.py +++ b/tests/test_totp.py @@ -118,7 +118,6 @@ def test_update_user(self): expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.updateTOTPPath}" mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6ZXlKaGJHY2lPaUpGVXpNNE5DSXNJbXRwWkNJNklqSkNkRFZYVEdOalRGVmxlVEZFY0RkMWRIQjBXbUl6Um5nNVN5SXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkWFJvYjNKcGVtVmtWR1Z1WVc1MGN5STZleUlpT201MWJHeDlMQ0pqYjI5cmFXVkViMjFoYVc0aU9pSWlMQ0pqYjI5cmFXVkZlSEJwY21GMGFXOXVJam94TmpZd05qYzVNakE0TENKamIyOXJhV1ZOWVhoQloyVWlPakkxT1RFNU9Ua3NJbU52YjJ0cFpVNWhiV1VpT2lKRVUxSWlMQ0pqYjI5cmFXVlFZWFJvSWpvaUx5SXNJbVY0Y0NJNk1qQTVNREE0TnpJd09Dd2lhV0YwSWpveE5qVTRNRGczTWpBNExDSnBjM01pT2lJeVFuUTFWMHhqWTB4VlpYa3hSSEEzZFhSd2RGcGlNMFo0T1VzaUxDSnpkV0lpT2lJeVF6VTFkbmw0ZHpCelVrdzJSbVJOTmpoeFVuTkRSR1JTVDFZaWZRLmNXUDV1cDRSNXhlSWwycW9HMk50ZkxIM1E1blJKVktkei1GRG9BWGN0T1FXOWczY2VaUWk2clpRLVRQQmFYTUt3NjhiaWpOM2JMSlRxeFdXNVdIenFSVWVvcGZ1elRjTVltQzB3UDJYR0prcmRGNkE4RDVRVzZhY1NHcWdsRmd1", diff --git a/tests/test_webauthn.py b/tests/test_webauthn.py index 3b3f412eb..e73921d8d 100644 --- a/tests/test_webauthn.py +++ b/tests/test_webauthn.py @@ -92,7 +92,6 @@ def test_sign_up_start(self): expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.signUpAuthWebauthnStart}" mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", @@ -132,7 +131,6 @@ def test_sign_up_finish(self): webauthn.sign_up_finish("t01", "response01") mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", @@ -178,7 +176,6 @@ def test_sign_in_start(self): expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.signInAuthWebauthnStart}" mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", @@ -217,7 +214,6 @@ def test_sign_in_finish(self): webauthn.sign_in_finish("t01", "response01") mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6", @@ -283,7 +279,6 @@ def test_add_device_start(self): expected_uri = f"{DEFAULT_BASE_URL}{EndpointsV1.deviceAddAuthWebauthnStart}" mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6YXNkYXNk", @@ -325,7 +320,6 @@ def test_add_device_finish(self): webauthn.add_device_finish("t01", "response01") mock_post.assert_called_with( expected_uri, - cookies=None, headers={ "Content-Type": "application/json", "Authorization": "Basic ZHVtbXk6",