Refactored

Author: rohe

flask_rp/views.py

@@ -11,6 +11,8 @@
 from flask.helpers import make_response
 from flask.helpers import send_from_directory
 
+import oidcrp
+
 logger = logging.getLogger(__name__)
 
 oidc_rp_views = Blueprint('oidc_rp', __name__, url_prefix='')
@@ -215,7 +217,7 @@ def logout():
 def backchannel_logout(op_hash):
     _rp = get_rp(op_hash)
     try:
-        _state = current_app.rph.backchannel_logout(request.data, _rp)
+        _state = oidcrp.backchannel_logout(request.data, _rp)
     except Exception as err:
         logger.error('Exception: {}'.format(err))
         return 'System error!', 400

src/oidcrp/__init__.py

@@ -874,49 +874,49 @@ def logout(self, state, client=None, post_logout_redirect_uri=''):
 
         return resp
 
-    @staticmethod
-    def backchannel_logout(client, request='', request_args=None):
-        """
+    def clear_session(self, state):
+        client = self.get_client_from_session_key(state)
+        client.session_interface.remove_state(state)
 
-        :param request: URL encoded logout request
-        :return:
-        """
 
-        if request:
-            req = BackChannelLogoutRequest().from_urlencoded(as_unicode(request))
-        else:
-            req = BackChannelLogoutRequest(**request_args)
+def backchannel_logout(client, request='', request_args=None):
+    """
 
-        kwargs = {
-            'aud': client.service_context.client_id,
-            'iss': client.service_context.issuer,
-            'keyjar': client.service_context.keyjar
-        }
+    :param request: URL encoded logout request
+    :return:
+    """
 
-        try:
-            req.verify(**kwargs)
-        except (MessageException, ValueError, NotForMe) as err:
-            raise MessageException('Bogus logout request: {}'.format(err))
+    if request:
+        req = BackChannelLogoutRequest().from_urlencoded(as_unicode(request))
+    else:
+        req = BackChannelLogoutRequest(**request_args)
 
-        # Find the subject through 'sid' or 'sub'
+    kwargs = {
+        'aud': client.service_context.client_id,
+        'iss': client.service_context.issuer,
+        'keyjar': client.service_context.keyjar
+    }
 
+    try:
+        req.verify(**kwargs)
+    except (MessageException, ValueError, NotForMe) as err:
+        raise MessageException('Bogus logout request: {}'.format(err))
+
+    # Find the subject through 'sid' or 'sub'
+
+    try:
+        sub = req[verified_claim_name('logout_token')]['sub']
+    except KeyError:
         try:
-            sub = req[verified_claim_name('logout_token')]['sub']
+            sid = req[verified_claim_name('logout_token')]['sid']
         except KeyError:
-            try:
-                sid = req[verified_claim_name('logout_token')]['sid']
-            except KeyError:
-                raise MessageException('Neither "sid" nor "sub"')
-            else:
-                _state = client.session_interface.get_state_by_sid(sid)
+            raise MessageException('Neither "sid" nor "sub"')
         else:
-            _state = client.session_interface.get_state_by_sub(sub)
-
-        return _state
+            _state = client.session_interface.get_state_by_sid(sid)
+    else:
+        _state = client.session_interface.get_state_by_sub(sub)
 
-    def clear_session(self, state):
-        client = self.get_client_from_session_key(state)
-        client.session_interface.remove_state(state)
+    return _state
 
 
 def get_provider_specific_service(service_provider, service, **kwargs):

src/oidcrp/oauth2/__init__.py

@@ -149,6 +149,9 @@ def service_request(self, service, url, method="GET", body=None,
         if not response_body_type:
             response_body_type = service.response_body_type
 
+        if 300 <= resp.status_code < 400:
+            return {'http_response': resp}
+
         if response_body_type == 'html':
             return resp.text