Skip to content
This repository was archived by the owner on Jun 23, 2023. It is now read-only.

Commit a640a2a

Browse files
roherohe
committed
Old Default tokens had clear text sids.
This takes care of that.
1 parent e895053 commit a640a2a

2 files changed

Lines changed: 26 additions & 1 deletion

File tree

src/oidcop/session/manager.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ def __init__(
7676
self, handler: TokenHandler, conf: Optional[dict] = None,
7777
sub_func: Optional[dict] = None,
7878
):
79+
super(SessionManager, self).__init__()
7980
self.conf = conf or {}
8081

8182
# these won't change runtime
@@ -467,6 +468,11 @@ def get_session_info_by_token(
467468
if not sid:
468469
raise WrongTokenClass
469470

471+
# To be backward compatible is this an oldtime sid
472+
p = self.unpack_session_key(sid)
473+
if len(p) == 3:
474+
sid = self.encrypted_session_id(*p)
475+
470476
return self.get_session_info(
471477
sid,
472478
user_session_info=user_session_info,

tests/test_35_oidc_token_endpoint.py

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,14 @@
22
import json
33
import os
44

5-
import pytest
65
from cryptojwt import JWT
76
from cryptojwt.key_jar import build_keyjar
87
from oidcmsg.oidc import AccessTokenRequest
98
from oidcmsg.oidc import AuthorizationRequest
109
from oidcmsg.oidc import RefreshAccessTokenRequest
1110
from oidcmsg.oidc import TokenErrorResponse
1211
from oidcmsg.time_util import utc_time_sans_frac
12+
import pytest
1313

1414
from oidcop import JWT_BEARER
1515
from oidcop.authn_event import create_authn_event
@@ -813,6 +813,25 @@ def test_old_default_token(self):
813813
_info = self.session_manager.token_handler.info(_old_type_value)
814814
assert _info["token_class"] == "authorization_code"
815815

816+
def test_old_default_token_sid_unencrypted(self):
817+
session_id = self._create_session(AUTH_REQ)
818+
grant = self.session_manager[session_id]
819+
code = self._mint_code(grant, AUTH_REQ["client_id"])
820+
821+
# pack and unpack
822+
_handler = self.session_manager.token_handler.handler["authorization_code"]
823+
_res = dict(zip(["_id", "token_class", "sid", "exp"], _handler.split_token(code.value)))
824+
825+
_clear_txt_sid = self.session_manager.session_key(
826+
*self.session_manager.decrypt_session_id(_res["sid"]))
827+
828+
_old_type_token = base64.b64encode(
829+
_handler.crypt.encrypt(lv_pack(_res["_id"], "A", _clear_txt_sid, _res["exp"]).encode())
830+
).decode("utf-8")
831+
832+
_session_info = self.session_manager.get_session_info_by_token(_old_type_token)
833+
assert _session_info["user_id"] == "diana"
834+
816835
def test_old_jwt_token(self):
817836
session_id = self._create_session(AUTH_REQ)
818837
grant = self.session_manager[session_id]

0 commit comments

Comments
 (0)