Fixed cookie_info().

rohe · rohe · commit 3abbb14d4a77 · 2021-09-07T13:44:00.000+02:00
Added tests and fixed a test result.
diff --git a/src/oidcop/user_authn/user.py b/src/oidcop/user_authn/user.py
@@ -102,17 +102,14 @@ def done(self, areq):
 
     def cookie_info(self, cookie: List[dict], client_id: str) -> dict:
         _context = self.server_get("endpoint_context")
-        if cookie and "value" in cookie[0]:
-            vals = cookie
-        else:
-            try:
-                logger.debug("parse_cookie@UserAuthnMethod")
-                vals = _context.cookie_handler.parse_cookie(
-                    cookies=cookie, name=_context.cookie_handler.name["session"]
-                )
-            except (InvalidCookieSign, AssertionError, AttributeError) as err:
-                logger.warning(err)
-                vals = None
+        try:
+            logger.debug("parse_cookie@UserAuthnMethod")
+            vals = _context.cookie_handler.parse_cookie(
+                cookies=cookie, name=_context.cookie_handler.name["session"]
+            )
+        except (InvalidCookieSign, AssertionError, AttributeError) as err:
+            logger.warning(err)
+            vals = []
 
         logger.debug("Value cookies: {}".format(vals))
 
diff --git a/tests/test_12_user_authn.py b/tests/test_12_user_authn.py
@@ -100,7 +100,8 @@ def test_authenticated_as_with_cookie(self):
         )
 
         _info, _time_stamp = method.authenticated_as("client 12345", [_cookie])
-        assert set(_info.keys()) == {"sub", "sid", "state", "client_id"}
+        assert set(_info.keys()) == {'sub', 'uid', 'state', 'grant_id', 'timestamp', 'sid',
+                                     'client_id'}
         assert _info["sub"] == "diana"
 
     def test_userpassjinja2(self):
diff --git a/tests/test_24_oauth2_token_endpoint.py b/tests/test_24_oauth2_token_endpoint.py
@@ -648,3 +648,53 @@ def test_configure_grant_types(self):
         assert len(self.token_endpoint.helper) == 1
         assert "access_token" in self.token_endpoint.helper
         assert "refresh_token" not in self.token_endpoint.helper
+
+    def test_token_request_other_client(self):
+        _context = self.endpoint_context
+        _context.cdb["client_2"] = _context.cdb["client_1"]
+        session_id = self._create_session(AUTH_REQ)
+        grant = self.session_manager[session_id]
+        code = self._mint_code(grant, AUTH_REQ["client_id"])
+
+        _token_request = TOKEN_REQ_DICT.copy()
+        _token_request["client_id"] = "client_2"
+        _token_request["code"] = code.value
+
+        _req = self.token_endpoint.parse_request(_token_request)
+        _resp = self.token_endpoint.process_request(request=_req)
+
+        assert isinstance(_resp, TokenErrorResponse)
+        assert _resp.to_dict() == {
+            "error": "invalid_grant", "error_description": "Wrong client"
+        }
+
+    def test_refresh_token_request_other_client(self):
+        _context = self.endpoint_context
+        _context.cdb["client_2"] = _context.cdb["client_1"]
+        session_id = self._create_session(AUTH_REQ)
+        grant = self.session_manager[session_id]
+        code = self._mint_code(grant, AUTH_REQ["client_id"])
+
+        _token_request = TOKEN_REQ_DICT.copy()
+        _token_request["code"] = code.value
+
+        _req = self.token_endpoint.parse_request(_token_request)
+        _resp = self.token_endpoint.process_request(
+            request=_req, issue_refresh=True
+        )
+
+        _request = REFRESH_TOKEN_REQ.copy()
+        _request["client_id"] = "client_2"
+        _request["refresh_token"] = _resp["response_args"]["refresh_token"]
+
+        _token_value = _resp["response_args"]["refresh_token"]
+        _session_info = self.session_manager.get_session_info_by_token(_token_value)
+        _token = self.session_manager.find_token(_session_info["session_id"], _token_value)
+        _token.usage_rules["supports_minting"] = ["access_token", "refresh_token"]
+
+        _req = self.token_endpoint.parse_request(_request.to_json())
+        _resp = self.token_endpoint.process_request(request=_req, )
+        assert isinstance(_resp, TokenErrorResponse)
+        assert _resp.to_dict() == {
+            "error": "invalid_grant", "error_description": "Wrong client"
+        }
diff --git a/tests/test_35_oidc_token_endpoint.py b/tests/test_35_oidc_token_endpoint.py
@@ -838,6 +838,55 @@ def test_access_token_lifetime(self):
 
         assert access_token["exp"] - access_token["iat"] == lifetime
 
+    def test_token_request_other_client(self):
+        _context = self.endpoint_context
+        _context.cdb["client_2"] = _context.cdb["client_1"]
+        session_id = self._create_session(AUTH_REQ)
+        grant = self.session_manager[session_id]
+        code = self._mint_code(grant, AUTH_REQ["client_id"])
+
+        _token_request = TOKEN_REQ_DICT.copy()
+        _token_request["client_id"] = "client_2"
+        _token_request["code"] = code.value
+
+        _req = self.token_endpoint.parse_request(_token_request)
+        _resp = self.token_endpoint.process_request(request=_req)
+
+        assert isinstance(_resp, TokenErrorResponse)
+        assert _resp.to_dict() == {
+            "error": "invalid_grant", "error_description": "Wrong client"
+        }
+
+    def test_refresh_token_request_other_client(self):
+        _context = self.endpoint_context
+        _context.cdb["client_2"] = _context.cdb["client_1"]
+        session_id = self._create_session(AUTH_REQ)
+        grant = self.session_manager[session_id]
+        code = self._mint_code(grant, AUTH_REQ["client_id"])
+
+        _token_request = TOKEN_REQ_DICT.copy()
+        _token_request["code"] = code.value
+
+        _req = self.token_endpoint.parse_request(_token_request)
+        _resp = self.token_endpoint.process_request(
+            request=_req, issue_refresh=True
+        )
+
+        _request = REFRESH_TOKEN_REQ.copy()
+        _request["client_id"] = "client_2"
+        _request["refresh_token"] = _resp["response_args"]["refresh_token"]
+
+        _token_value = _resp["response_args"]["refresh_token"]
+        _session_info = self.session_manager.get_session_info_by_token(_token_value)
+        _token = self.session_manager.find_token(_session_info["session_id"], _token_value)
+        _token.usage_rules["supports_minting"] = ["access_token", "refresh_token"]
+
+        _req = self.token_endpoint.parse_request(_request.to_json())
+        _resp = self.token_endpoint.process_request(request=_req,)
+        assert isinstance(_resp, TokenErrorResponse)
+        assert _resp.to_dict() == {
+            "error": "invalid_grant", "error_description": "Wrong client"
+        }
 
 class TestOldTokens(object):
     @pytest.fixture(autouse=True)

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,8 @@ def test_authenticated_as_with_cookie(self):`
`100`	`100`	`)`
`101`	`101`
`102`	`102`	`_info, _time_stamp = method.authenticated_as("client 12345", [_cookie])`
`103`		`- assert set(_info.keys()) == {"sub", "sid", "state", "client_id"}`
	`103`	`+ assert set(_info.keys()) == {'sub', 'uid', 'state', 'grant_id', 'timestamp', 'sid',`
	`104`	`+ 'client_id'}`
`104`	`105`	`assert _info["sub"] == "diana"`
`105`	`106`
`106`	`107`	`def test_userpassjinja2(self):`