Merge pull request #120 from IdentityPython/ui_excp

Missing userinfo in Configuration now raises an exception

Author: peppelinux

src/oidcop/session/claims.py

@@ -5,6 +5,7 @@
 from oidcmsg.oidc import OpenIDSchema
 
 from oidcop.exception import ServiceError
+from oidcop.exception import ImproperlyConfigured
 from oidcop.scopes import convert_scopes2claims
 
 logger = logging.getLogger(__name__)
@@ -127,9 +128,14 @@ def get_user_claims(self, user_id: str, claims_restriction: dict) -> dict:
         :param claims_restriction: Specifies the upper limit of which claims can be returned
         :return:
         """
+        meth = self.server_get("endpoint_context").userinfo
+        if not meth:
+            raise ImproperlyConfigured(
+                "userinfo MUST be defined in the configuration"
+            )
         if claims_restriction:
             # Get all possible claims
-            user_info = self.server_get("endpoint_context").userinfo(user_id, client_id=None)
+            user_info = meth(user_id, client_id=None)
             # Filter out the claims that can be returned
             return {
                 k: user_info.get(k)

tests/__init__.py

@@ -0,0 +1,7 @@
+import os
+
+BASEDIR = os.path.abspath(os.path.dirname(__file__))
+
+
+def full_path(local_file):
+    return os.path.join(BASEDIR, local_file)

tests/test_01_grant.py

@@ -2,6 +2,7 @@
 from cryptojwt.key_jar import build_keyjar
 from oidcmsg.oidc import AuthorizationRequest
 
+from . import full_path
 from oidcop.authn_event import create_authn_event
 from oidcop.server import Server
 from oidcop.session.grant import TOKEN_MAP
@@ -20,6 +21,7 @@
 
 KEYJAR = build_keyjar(KEYDEFS)
 
+
 conf = {
     "issuer": "https://example.com/",
     "template_dir": "template",
@@ -40,6 +42,10 @@
         }
     },
     "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}},
+    "userinfo": {
+        "class": "oidcop.user_info.UserInfo",
+        "kwargs": {"db_file": full_path("users.json")},
+    },
 }
 
 USER_ID = "diana"

tests/test_06_session_manager.py

@@ -2,6 +2,7 @@
 from oidcmsg.time_util import time_sans_frac
 import pytest
 
+from . import full_path
 from oidcop.authn_event import AuthnEvent
 from oidcop.authn_event import create_authn_event
 from oidcop.authz import AuthzHandling
@@ -74,6 +75,10 @@ def create_session_manager(self):
             },
             "template_dir": "template",
             "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}},
+            "userinfo": {
+                "class": "oidcop.user_info.UserInfo",
+                "kwargs": {"db_file": full_path("users.json")},
+            },
         }
         server = Server(conf)
         self.server = server

tests/test_08_session_life.py

@@ -8,6 +8,7 @@
 from oidcmsg.oidc import RefreshAccessTokenRequest
 from oidcmsg.time_util import time_sans_frac
 
+from . import full_path
 from oidcop import user_info
 from oidcop.authn_event import create_authn_event
 from oidcop.client_authn import verify_client
@@ -50,6 +51,10 @@ def setup_token_handler(self):
                 "token_endpoint": {"path": "{}/token", "class": Token, "kwargs": {}},
             },
             "template_dir": "template",
+            "userinfo": {
+                "class": "oidcop.user_info.UserInfo",
+                "kwargs": {"db_file": full_path("users.json")},
+            },
         }
         server = Server(OPConfiguration(conf=conf, base_path=BASEDIR), cwd=BASEDIR)
 

tests/test_26_oidc_userinfo_endpoint.py

@@ -11,6 +11,7 @@
 from oidcop.authn_event import create_authn_event
 from oidcop.configure import OPConfiguration
 from oidcop.cookie_handler import CookieHandler
+from oidcop.exception import ImproperlyConfigured
 from oidcop.oidc import userinfo
 from oidcop.oidc.authorization import Authorization
 from oidcop.oidc.provider_config import ProviderConfiguration
@@ -439,3 +440,14 @@ def test_userinfo_claims_acr_none(self):
         res = self.endpoint.do_response(request=_req, **args)
         _response = json.loads(res["response"])
         assert _response["acr"] == _acr
+
+    def test_process_request_absent_userinfo_conf(self):
+        # consider to have a configuration without userinfo defined in
+        ec = self.endpoint.server_get('endpoint_context')
+        ec.userinfo = None
+
+        session_id = self._create_session(AUTH_REQ)
+        grant = self.session_manager[session_id]
+
+        with pytest.raises(ImproperlyConfigured):
+            code = self._mint_code(grant, session_id)

tests/test_33_oauth2_pkce.py

@@ -4,6 +4,7 @@
 import secrets
 import string
 
+from . import full_path
 from oidcop.configure import ASConfiguration
 import pytest
 import yaml
@@ -161,6 +162,10 @@ def conf():
                 },
             },
         },
+        "userinfo": {
+            "class": "oidcop.user_info.UserInfo",
+            "kwargs": {"db_file": full_path("users.json")},
+        },
     }
 
 

tests/test_34_oidc_sso.py

@@ -2,6 +2,7 @@
 import json
 import os
 
+from . import full_path
 from oidcop.configure import OPConfiguration
 import pytest
 import yaml
@@ -89,11 +90,11 @@ def full_path(local_file):
   client_1:
     client_secret: hemligtkodord,
     client_id: client_1,
-    "redirect_uris": 
+    "redirect_uris":
         - ['https://example.com/cb', '']
     "client_salt": "salted"
     'token_endpoint_auth_method': 'client_secret_post'
-    'response_types': 
+    'response_types':
         - 'code'
         - 'token'
         - 'code id_token'
@@ -158,6 +159,10 @@ def create_endpoint_context(self):
                 },
             },
             "template_dir": "template",
+            "userinfo": {
+                "class": "oidcop.user_info.UserInfo",
+                "kwargs": {"db_file": full_path("users.json")},
+            },
         }
         server = Server(OPConfiguration(conf=conf, base_path=BASEDIR), cwd=BASEDIR)