Skip to content
This repository was archived by the owner on Jun 23, 2023. It is now read-only.

Commit 66f155f

Browse files
roherohe
committed
Store claims request in grant.
1 parent 9fbefc2 commit 66f155f

1 file changed

Lines changed: 49 additions & 46 deletions

File tree

src/oidcop/session/manager.py

Lines changed: 49 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ def __init__(self, salt: Optional[str] = "", filename: Optional[str] = ""):
3838
if os.path.isfile(filename):
3939
self.salt = open(filename).read()
4040
elif not os.path.isfile(filename) and os.path.exists(
41-
filename
41+
filename
4242
): # Not a file, Something else
4343
raise ConfigurationError("Salt filename points to something that is not a file")
4444
else:
@@ -73,7 +73,8 @@ class SessionManager(Database):
7373
init_args = ["handler"]
7474

7575
def __init__(
76-
self, handler: TokenHandler, conf: Optional[dict] = None, sub_func: Optional[dict] = None,
76+
self, handler: TokenHandler, conf: Optional[dict] = None,
77+
sub_func: Optional[dict] = None,
7778
):
7879
self.conf = conf or {}
7980

@@ -125,9 +126,9 @@ def __setattr__(self, key, value):
125126

126127
def _init_db(self):
127128
Database.__init__(
128-
self,
129-
key=self.load_key(),
130-
salt=self.load_salt()
129+
self,
130+
key=self.load_key(),
131+
salt=self.load_salt()
131132
)
132133

133134
def get_user_info(self, uid: str) -> UserSessionInfo:
@@ -153,14 +154,14 @@ def find_token(self, session_id: str, token_value: str) -> Optional[SessionToken
153154
return None # pragma: no cover
154155

155156
def create_grant(
156-
self,
157-
authn_event: AuthnEvent,
158-
auth_req: AuthorizationRequest,
159-
user_id: str,
160-
client_id: Optional[str] = "",
161-
sub_type: Optional[str] = "public",
162-
token_usage_rules: Optional[dict] = None,
163-
scopes: Optional[list] = None,
157+
self,
158+
authn_event: AuthnEvent,
159+
auth_req: AuthorizationRequest,
160+
user_id: str,
161+
client_id: Optional[str] = "",
162+
sub_type: Optional[str] = "public",
163+
token_usage_rules: Optional[dict] = None,
164+
scopes: Optional[list] = None,
164165
) -> str:
165166
"""
166167
@@ -175,29 +176,31 @@ def create_grant(
175176
"""
176177
sector_identifier = auth_req.get("sector_identifier_uri", "")
177178

179+
_claims = auth_req.get("claims", {})
180+
178181
grant = Grant(
179182
authorization_request=auth_req,
180183
authentication_event=authn_event,
181-
sub=self.sub_func[sub_type](
182-
user_id, salt=self.salt, sector_identifier=sector_identifier
183-
),
184+
sub=self.sub_func[sub_type](user_id, salt=self.salt,
185+
sector_identifier=sector_identifier),
184186
usage_rules=token_usage_rules,
185187
scope=scopes,
188+
claims=_claims
186189
)
187190

188191
self.set([user_id, client_id, grant.id], grant)
189192

190193
return self.encrypted_session_id(user_id, client_id, grant.id)
191194

192195
def create_session(
193-
self,
194-
authn_event: AuthnEvent,
195-
auth_req: AuthorizationRequest,
196-
user_id: str,
197-
client_id: Optional[str] = "",
198-
sub_type: Optional[str] = "public",
199-
token_usage_rules: Optional[dict] = None,
200-
scopes: Optional[list] = None,
196+
self,
197+
authn_event: AuthnEvent,
198+
auth_req: AuthorizationRequest,
199+
user_id: str,
200+
client_id: Optional[str] = "",
201+
sub_type: Optional[str] = "public",
202+
token_usage_rules: Optional[dict] = None,
203+
scopes: Optional[list] = None,
201204
) -> str:
202205
"""
203206
Create part of a user session. The parts added are user- and client
@@ -309,10 +312,10 @@ def revoke_token(self, session_id: str, token_value: str, recursive: bool = Fals
309312
self._revoke_dependent(grant, token)
310313

311314
def get_authentication_events(
312-
self,
313-
session_id: Optional[str] = "",
314-
user_id: Optional[str] = "",
315-
client_id: Optional[str] = "",
315+
self,
316+
session_id: Optional[str] = "",
317+
user_id: Optional[str] = "",
318+
client_id: Optional[str] = "",
316319
) -> List[AuthnEvent]:
317320
"""
318321
Return the authentication events that exists for a user/client combination.
@@ -371,10 +374,10 @@ def revoke_grant(self, session_id: str):
371374
self.set(_path, _info)
372375

373376
def grants(
374-
self,
375-
session_id: Optional[str] = "",
376-
user_id: Optional[str] = "",
377-
client_id: Optional[str] = "",
377+
self,
378+
session_id: Optional[str] = "",
379+
user_id: Optional[str] = "",
380+
client_id: Optional[str] = "",
378381
) -> List[Grant]:
379382
"""
380383
Find all grant connected to a user session
@@ -395,13 +398,13 @@ def grants(
395398
return [self.get([user_id, client_id, gid]) for gid in _csi.subordinate]
396399

397400
def get_session_info(
398-
self,
399-
session_id: str,
400-
user_session_info: bool = False,
401-
client_session_info: bool = False,
402-
grant: bool = False,
403-
authentication_event: bool = False,
404-
authorization_request: bool = False,
401+
self,
402+
session_id: str,
403+
user_session_info: bool = False,
404+
client_session_info: bool = False,
405+
grant: bool = False,
406+
authentication_event: bool = False,
407+
authorization_request: bool = False,
405408
) -> dict:
406409
"""
407410
Returns information connected to a session.
@@ -449,13 +452,13 @@ def get_session_info(
449452
return res
450453

451454
def get_session_info_by_token(
452-
self,
453-
token_value: str,
454-
user_session_info: bool = False,
455-
client_session_info: bool = False,
456-
grant: bool = False,
457-
authentication_event: bool = False,
458-
authorization_request: bool = False,
455+
self,
456+
token_value: str,
457+
user_session_info: bool = False,
458+
client_session_info: bool = False,
459+
grant: bool = False,
460+
authentication_event: bool = False,
461+
authorization_request: bool = False,
459462
) -> dict:
460463
_token_info = self.token_handler.info(token_value)
461464
sid = _token_info.get("sid")

0 commit comments

Comments
 (0)