Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
138
Merge Requests
138
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
erp5
Commits
add91892
Commit
add91892
authored
Apr 19, 2024
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fixup! fixup! oauth2_authorisation: py3
parent
71104054
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
22 additions
and
15 deletions
+22
-15
bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py
...nents/document.erp5.OAuth2AuthorisationServerConnector.py
+5
-5
bt5/erp5_oauth2_authorisation/TestTemplateItem/portal_components/test.erp5.testOAuth2Server.py
...plateItem/portal_components/test.erp5.testOAuth2Server.py
+6
-3
bt5/erp5_oauth2_resource/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationClientConnector.py
...nents/document.erp5.OAuth2AuthorisationClientConnector.py
+6
-3
product/ERP5/ERP5Site.py
product/ERP5/ERP5Site.py
+3
-2
product/ERP5Security/ERP5OAuth2ResourceServerPlugin.py
product/ERP5Security/ERP5OAuth2ResourceServerPlugin.py
+2
-2
No files found.
bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py
View file @
add91892
...
...
@@ -554,7 +554,7 @@ class _ERP5RequestValidator(RequestValidator):
return
token_callable
(
**
kw
)
except
jwt
.
InvalidTokenError
:
pass
raise
raise
# pylint:disable=misplaced-bare-raise
def
client_authentication_required
(
self
,
request
,
*
args
,
**
kwargs
):
# Use this method, which is called early on most endpoints, to setup request.client .
...
...
@@ -1288,7 +1288,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
ensure_ascii
(
token_dict
[
JWT_PAYLOAD_KEY
]),
)
return
token_dict
raise
raise
# pylint:disable=misplaced-bare-raise
def
_getRefreshTokenDict
(
self
,
value
,
request
):
for
_
,
algorithm
,
symetric_key
in
self
.
__getRefreshTokenKeyList
():
...
...
@@ -1310,7 +1310,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
continue
else
:
return
token_dict
raise
raise
# pylint:disable=misplaced-bare-raise
def
_checkCustomTokenPolicy
(
self
,
token
,
request
):
"""
...
...
@@ -1370,7 +1370,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
continue
else
:
return
token_dict
[
'iss'
]
raise
raise
# pylint:disable=misplaced-bare-raise
security
.
declarePrivate
(
'getRefreshTokenClientId'
)
def
getRefreshTokenClientId
(
self
,
value
,
request
):
...
...
@@ -1396,7 +1396,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
continue
else
:
return
token_dict
[
'iss'
]
raise
raise
# pylint:disable=misplaced-bare-raise
def
_getSessionValueFromTokenDict
(
self
,
token_dict
):
session_value
=
self
.
_getSessionValue
(
...
...
bt5/erp5_oauth2_authorisation/TestTemplateItem/portal_components/test.erp5.testOAuth2Server.py
View file @
add91892
...
...
@@ -43,6 +43,7 @@ import random
import
pprint
from
time
import
time
import
unittest
import
six.moves.urllib
as
urllib
from
six.moves.urllib.parse
import
parse_qsl
,
quote
,
urlencode
,
urlsplit
,
urlunsplit
from
AccessControl.SecurityManagement
import
getSecurityManager
,
setSecurityManager
from
DateTime
import
DateTime
...
...
@@ -69,12 +70,13 @@ _HTML_FIELD_TAG_SET = {
# Very incomplete, but enough for this tests' purpose: ignores "select"s...
}
class
FormExtractor
(
HTMLParser
):
# pylint:disable=abstract-method
def
reset
(
self
):
self
.
__in_form
=
False
self
.
form_list
=
[]
HTMLParser
.
reset
(
self
)
def
handle_starttag
(
self
,
tag
,
attribute_item_list
):
def
handle_starttag
(
self
,
tag
,
attribute_item_list
):
# pylint:disable=arguments-renamed
attr_dict
=
dict
(
attribute_item_list
)
if
tag
==
'form'
:
assert
not
self
.
__in_form
...
...
@@ -91,6 +93,7 @@ class FormExtractor(HTMLParser):
self
.
__in_form
=
False
class
TestOAuth2
(
ERP5TypeTestCase
):
# pylint:disable=unused-private-member
__cleanup_list
=
None
__port
=
None
__query_trace
=
None
...
...
@@ -428,7 +431,7 @@ class TestOAuth2(ERP5TypeTestCase):
cookie_value
,
cookie_attributes
=
cookie_body
.
split
(
';'
,
1
)
cookie_value
=
cookie_value
.
strip
(
'"'
)
cookie_value_dict
=
{
'value'
:
six
.
moves
.
urllib
.
parse
.
unquote
(
cookie_value
),
'value'
:
urllib
.
parse
.
unquote
(
cookie_value
),
}
for
cookie_attribute
in
cookie_attributes
.
split
(
';'
):
cookie_attribute
=
cookie_attribute
.
lstrip
()
...
...
@@ -497,7 +500,7 @@ class TestOAuth2(ERP5TypeTestCase):
b''
,
# XXX: Tolerate the redirect URL being returned in the body.
# This is a bug, body should really be empty.
header_dict
.
get
(
'location'
,
b''
),
str2bytes
(
header_dict
.
get
(
'location'
,
''
)
),
),
)
parsed_location
=
urlsplit
(
header_dict
.
get
(
'location'
,
''
))
...
...
bt5/erp5_oauth2_resource/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationClientConnector.py
View file @
add91892
...
...
@@ -227,13 +227,16 @@ class _OAuth2AuthorisationServerProxy(object):
)
else
:
Connection
=
HTTPConnection
if
six
.
PY2
:
# Changed in version 3.4: The strict parameter was removed.
# HTTP 0.9-style “Simple Responses” are no longer supported.
Connection
=
functools
.
partial
(
Connection
,
strict
=
True
)
timeout
=
getTimeLeft
()
if
timeout
is
None
or
timeout
>
self
.
_timeout
:
timeout
=
self
.
_timeout
http_connection
=
Connection
(
host
=
parsed_url
.
hostname
,
port
=
parsed_url
.
port
,
strict
=
True
,
timeout
=
timeout
,
source_address
=
self
.
_bind_address
,
)
...
...
@@ -274,7 +277,7 @@ class _OAuth2AuthorisationServerProxy(object):
def
_queryOAuth2
(
self
,
method
,
REQUEST
,
RESPONSE
):
header_dict
,
body
,
status
=
self
.
_query
(
method
,
body
=
urlencode
(
REQUEST
.
form
.
items
()
),
body
=
urlencode
(
REQUEST
.
form
),
header_dict
=
{
'CONTENT_TYPE'
:
REQUEST
.
environ
[
'CONTENT_TYPE'
],
},
...
...
@@ -864,7 +867,7 @@ class OAuth2AuthorisationClientConnector(
try
:
state_dict
=
json
.
loads
(
self
.
__getMultiFernet
().
decrypt
(
st
ate
,
st
r2bytes
(
state
)
,
ttl
=
self
.
_SESSION_STATE_VALIDITY
,
),
)
...
...
product/ERP5/ERP5Site.py
View file @
add91892
...
...
@@ -46,6 +46,7 @@ from Products.ERP5Type.TransactionalVariable import \
getTransactionalVariable
,
TransactionalResource
from
Products.ERP5Type.dynamic.portal_type_class
import
synchronizeDynamicModules
from
Products.ERP5Type.mixin.response_header_generator
import
ResponseHeaderGenerator
from
Products.ERP5Type.Utils
import
str2bytes
,
bytes2str
from
zLOG
import
LOG
,
INFO
,
WARNING
,
ERROR
from
zExceptions
import
BadRequest
...
...
@@ -248,10 +249,10 @@ class AutorisationExtractorBeforeTraverseHook(object):
ERP5_AUTHORISATION_EXTRACTOR_PASSWORD_NAME
in
form_dict
):
username
=
form_dict
[
ERP5_AUTHORISATION_EXTRACTOR_USERNAME_NAME
]
request
.
_auth
=
'Basic '
+
b
ase64
.
b64encode
(
'%s:%s'
%
(
request
.
_auth
=
'Basic '
+
b
ytes2str
(
base64
.
b64encode
(
str2bytes
(
'%s:%s'
%
(
username
,
form_dict
[
ERP5_AUTHORISATION_EXTRACTOR_PASSWORD_NAME
],
))
))
))
request
.
response
.
_auth
=
1
_setUserNameForAccessLog
(
username
,
request
)
...
...
product/ERP5Security/ERP5OAuth2ResourceServerPlugin.py
View file @
add91892
...
...
@@ -48,7 +48,7 @@ from Products.PluggableAuthService.interfaces.plugins import (
)
from
Products.ERP5Security
import
_setUserNameForAccessLog
from
Products.ERP5Type.Globals
import
InitializeClass
from
Products.ERP5Type.Utils
import
bytes2str
,
str2bytes
,
unicode2str
from
Products.ERP5Type.Utils
import
bytes2str
,
str2bytes
,
str2unicode
,
unicode2str
# Public constants. Must not change once deployed.
...
...
@@ -426,7 +426,7 @@ class ERP5OAuth2ResourceServerPlugin(BasePlugin):
The schema of this dictionary is purely an internal implementation detail
of this plugin.
"""
client_address
=
request
.
getClientAddr
().
decode
(
'utf-8'
)
client_address
=
str2unicode
(
request
.
getClientAddr
()
)
token
=
self
.
__checkTokenSignature
(
access_token
)
if
token
is
None
and
can_update_key
:
self
.
__updateAccessTokenSignatureKeyList
(
request
=
request
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment