auth2_fc: set default scopes to profile and email (#39231)

And move default value to app_settings file. Support for FC data provider had to be modified.
2020-01-24 11:50:18 +01:00 · 2020-01-24 11:50:18 +01:00 · 27f4e2b13e
parent fdc8098e5f
commit 27f4e2b13e
3 changed files with 6 additions and 11 deletions
--- a/src/authentic2_auth_fc/app_settings.py
+++ b/src/authentic2_auth_fc/app_settings.py
@ -128,7 +128,7 @@ class AppSettings(object):

    @property
    def scopes(self):
-        return self._setting('SCOPES', [])
+        return self._setting('SCOPES', ['profile', 'email'])

    @property
    def popup(self):
--- a/src/authentic2_auth_fc/views.py
+++ b/src/authentic2_auth_fc/views.py
@ -159,7 +159,6 @@ def clean_fc_session(session):

 class FcOAuthSessionViewMixin(LoggerMixin):
    '''Add the OAuth2 dance to a view'''
-    scopes = ['openid', 'profile', 'birth', 'email']
    redirect_field_name = REDIRECT_FIELD_NAME
    in_popup = False
    token = None
@ -210,10 +209,7 @@ class FcOAuthSessionViewMixin(LoggerMixin):
        return self.redirect(request, next_url=there, *args, **kwargs)

    def get_scopes(self):
-        if app_settings.scopes:
-            return list(set(['openid'] + app_settings.scopes))
-        else:
-            return self.scopes
+        return list(set(['openid'] + app_settings.scopes))

    def get_ressource(self, url, verify):
        try:
@ -327,11 +323,10 @@ class FcOAuthSessionViewMixin(LoggerMixin):
        elif 'error' in request.GET:
            return self.authorization_error(request, *args, **kwargs)
        else:
+            scopes = self.get_scopes()
            if 'fd_scopes' in request.GET:
-                scopes = request.GET.get('fd_scopes')
-                scopes = scopes.split()
-                self.scopes.extend(scopes)
-            return ask_authorization(request, self.get_scopes(), self.logger)
+                scopes = list(set(scopes) | set(request.GET['fd_scopes'].split()))
+            return ask_authorization(request, scopes, self.logger)


 class PopupViewMixin(object):
--- a/tests/auth_fc/test_auth_fc.py
+++ b/tests/auth_fc/test_auth_fc.py
@ -78,7 +78,7 @@ def check_authorization_url(url):
    assert 'client_id' in parsed
    assert parsed['client_id'] == 'xxx'
    assert 'scope' in parsed
-    assert set(parsed['scope'].split()) == set(['openid', 'profile', 'birth', 'email'])
+    assert set(parsed['scope'].split()) == set(['openid', 'profile', 'email'])
    assert 'state' in parsed
    assert 'nonce' in parsed
    assert parsed['state'] == parsed['nonce']