Merge pull request #1 from openid/master

Merge

Author: peppelinux

.pytest_cache/v/cache/lastfailed

@@ -1,5 +1,6 @@
 {
   "tests/test_14_oidc.py::TestClient::()::test_service_request": true,
   "tests/test_20_rp_handler.py::TestRPHandler::()::test_get_accesstoken": true,
-  "tests/test_20_rp_handler.py::TestRPHandler::()::test_get_userinfo": true
+  "tests/test_20_rp_handler.py::TestRPHandler::()::test_get_userinfo": true,
+  "tests/test_20_rp_handler.py::TestRPHandler::test_support_webfinger": true
 }

flask_rp/application.py

@@ -1,8 +1,8 @@
 import os
 
-from flask.app import Flask
-
 from cryptojwt.key_jar import init_key_jar
+from flask.app import Flask
+from oidcop.utils import load_yaml_config
 
 from oidcrp import RPHandler
 
@@ -34,7 +34,13 @@ def init_oidc_rp_handler(app):
 def oidc_provider_init_app(config_file, name=None, **kwargs):
     name = name or __name__
     app = Flask(name, static_url_path='', **kwargs)
-    app.config.from_pyfile(os.path.join(dir_path, config_file))
+
+    if config_file.endswith('.yaml'):
+        app.config.update(load_yaml_config(config_file))
+    elif config_file.endswith('.py'):
+        app.config.from_pyfile(os.path.join(dir_path, config_file))
+    else:
+        raise ValueError('Unknown configuration format')
 
     app.users = {'test_user': {'name': 'Testing Name'}}
 

flask_rp/conf.yaml

@@ -1,3 +1,4 @@
+PORT: 8090
 BASEURL: "https://127.0.0.1:8090"
 
 # If BASE is https these has to be specified
@@ -40,16 +41,16 @@ client_preferences: &id001
 
 services: &id002
   discovery:
-    class: oidcservice.rp.provider_info_discovery.ProviderInfoDiscovery
+    class: oidcservice.oidc.provider_info_discovery.ProviderInfoDiscovery
     kwargs: {}
   registration:
-    class: oidcservice.rp.registration.Registration
+    class: oidcservice.oidc.registration.Registration
     kwargs: {}
   authorization:
     class: oidcservice.oidc.authorization.Authorization
     kwargs: {}
   accesstoken:
-    class: oidcservice.oidc.accesstoken.Accesstoken
+    class: oidcservice.oidc.access_token.AccessToken
     kwargs: {}
   refresh_accesstoken:
     class: oidcservice.oidc.refresh_access_token.RefreshAccessToken
@@ -58,52 +59,14 @@ services: &id002
     class: oidcservice.oidc.userinfo.UserInfo
     kwargs: {}
   end_session:
-    class: oidcservice.oidc.session.EndSession
+    class: oidcservice.oidc.end_session.EndSession
     kwargs: {}
 
 
-client:
-  bobcat:
-    client_id: client3
-    client_preferences:
-      response_types: [code]
-      scope: [openid, offline_access]
-      token_endpoint_auth_method: client_secret_basic
-    client_secret: '2222222222222222222222222222222222222222'
-    issuer: https://127.0.0.1:8443/
-    redirect_uris: [['https://127.0.0.1:8090/authz_cb/bobcat', '']]
-    services:
-      authorization:
-        class: oidcservice.oidc.authorization.Authorization
-        kwargs: {}
-      accesstoken:
-        class: oidcservice.oidc.accesstoken.Accesstoken
-        kwargs: {}
-      discovery:
-        class: oidcservice.rp.provider_info_discovery.ProviderInfoDiscovery
-        kwargs: {}
-      refresh_accesstoken:
-        class: oidcservice.oidc.refresh_access_token.RefreshAccessToken
-        kwargs: {}
-  filip:
-    backchannel_logout_uri: https://127.0.0.1:8090/bc_logout
-    client_preferences: *id001
-    issuer: https://guarded-cliffs-8635.herokuapp.com/
-    post_logout_redirect_uris: ['https://127.0.0.1:8090/session_logout']
-    redirect_uris: ['https://127.0.0.1:8090/authz_cb/filip']
-    services: *id002
-  filip_local:
-    backchannel_logout_uri: https://127.0.0.1:8090/bc_logout
-    client_preferences: *id001
-    issuer: http://localhost:3000/
-    post_logout_redirect_uris: ['https://127.0.0.1:8090/session_logout']
-    redirect_uris: ['https://127.0.0.1:8090/authz_cb/filip_local']
-    services: *id002
+CLIENTS:
   flop:
-    backchannel_logout_uri: https://127.0.0.1:8090/bc_logout/flop
     client_preferences: *id001
     issuer: https://127.0.0.1:5000/
-    post_logout_redirect_uris: ['https://127.0.0.1:8090/session_logout']
     redirect_uris: ['https://127.0.0.1:8090/authz_cb/flop']
     services: *id002
 

src/oidcrp/__init__.py

@@ -226,12 +226,18 @@ def do_provider_info(self, client=None, state=''):
             return client.service_context.provider_info['issuer']
         else:
             _pi = client.service_context.provider_info
-            for endp in ['authorization_endpoint', 'token_endpoint',
-                         'userinfo_endpoint']:
-                if endp in _pi:
-                    for srv in client.service.values():
-                        if srv.endpoint_name == endp:
-                            srv.endpoint = _pi[endp]
+            for key, val in _pi.items():
+                # All service endpoint parameters in the provider info has
+                # a name ending in '_endpoint' so I can look specifically
+                # for those
+                if key.endswith("_endpoint"):
+                    for _srv in client.service_context.service.values():
+                        # Every service has an endpoint_name assigned
+                        # when initiated. This name *MUST* match the
+                        # endpoint names used in the provider info
+                        if _srv.endpoint_name == key:
+                            _srv.endpoint = val
+
             try:
                 return client.service_context.provider_info['issuer']
             except KeyError:

src/oidcrp/oauth2/__init__.py

@@ -1,6 +1,5 @@
 import logging
 
-import cherrypy
 from cryptojwt.key_jar import KeyJar
 from oidcmsg.exception import FormatError
 from oidcservice.client_auth import factory as ca_factory
@@ -211,16 +210,16 @@ def parse_request_response(self, service, reqresp, response_body_type='',
                         err_resp = service.parse_response(reqresp.text,
                                                           response_body_type)
                     except (OidcServiceError, FormatError):
-                        raise cherrypy.HTTPError("HTTP ERROR: %s [%s] on %s" % (
+                        raise OidcServiceError("HTTP ERROR: %s [%s] on %s" % (
                             reqresp.text, reqresp.status_code, reqresp.url))
                 else:
-                    raise cherrypy.HTTPError("HTTP ERROR: %s [%s] on %s" % (
+                    raise OidcServiceError("HTTP ERROR: %s [%s] on %s" % (
                         reqresp.text, reqresp.status_code, reqresp.url))
 
             err_resp['status_code'] = reqresp.status_code
             return err_resp
         else:
             logger.error('Error response ({}): {}'.format(reqresp.status_code,
                                                           reqresp.text))
-            raise cherrypy.HTTPError("HTTP ERROR: %s [%s] on %s" % (
+            raise OidcServiceError("HTTP ERROR: %s [%s] on %s" % (
                 reqresp.text, reqresp.status_code, reqresp.url))

src/oidcrp/util.py

@@ -241,3 +241,7 @@ def load_configuration(filename):
     elif filename.endswith('.py'):
         sys.path.insert(0, ".")
         conf = importlib.import_module(filename[:-3])
+    else:
+        raise ValueError('Wrong file type')
+
+    return conf