auth2_fc: set default scopes to profile and email (#39231)
And move default value to app_settings file. Support for FC data provider had to be modified.
This commit is contained in:
parent
fdc8098e5f
commit
27f4e2b13e
|
@ -128,7 +128,7 @@ class AppSettings(object):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def scopes(self):
|
def scopes(self):
|
||||||
return self._setting('SCOPES', [])
|
return self._setting('SCOPES', ['profile', 'email'])
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def popup(self):
|
def popup(self):
|
||||||
|
|
|
@ -159,7 +159,6 @@ def clean_fc_session(session):
|
||||||
|
|
||||||
class FcOAuthSessionViewMixin(LoggerMixin):
|
class FcOAuthSessionViewMixin(LoggerMixin):
|
||||||
'''Add the OAuth2 dance to a view'''
|
'''Add the OAuth2 dance to a view'''
|
||||||
scopes = ['openid', 'profile', 'birth', 'email']
|
|
||||||
redirect_field_name = REDIRECT_FIELD_NAME
|
redirect_field_name = REDIRECT_FIELD_NAME
|
||||||
in_popup = False
|
in_popup = False
|
||||||
token = None
|
token = None
|
||||||
|
@ -210,10 +209,7 @@ class FcOAuthSessionViewMixin(LoggerMixin):
|
||||||
return self.redirect(request, next_url=there, *args, **kwargs)
|
return self.redirect(request, next_url=there, *args, **kwargs)
|
||||||
|
|
||||||
def get_scopes(self):
|
def get_scopes(self):
|
||||||
if app_settings.scopes:
|
return list(set(['openid'] + app_settings.scopes))
|
||||||
return list(set(['openid'] + app_settings.scopes))
|
|
||||||
else:
|
|
||||||
return self.scopes
|
|
||||||
|
|
||||||
def get_ressource(self, url, verify):
|
def get_ressource(self, url, verify):
|
||||||
try:
|
try:
|
||||||
|
@ -327,11 +323,10 @@ class FcOAuthSessionViewMixin(LoggerMixin):
|
||||||
elif 'error' in request.GET:
|
elif 'error' in request.GET:
|
||||||
return self.authorization_error(request, *args, **kwargs)
|
return self.authorization_error(request, *args, **kwargs)
|
||||||
else:
|
else:
|
||||||
|
scopes = self.get_scopes()
|
||||||
if 'fd_scopes' in request.GET:
|
if 'fd_scopes' in request.GET:
|
||||||
scopes = request.GET.get('fd_scopes')
|
scopes = list(set(scopes) | set(request.GET['fd_scopes'].split()))
|
||||||
scopes = scopes.split()
|
return ask_authorization(request, scopes, self.logger)
|
||||||
self.scopes.extend(scopes)
|
|
||||||
return ask_authorization(request, self.get_scopes(), self.logger)
|
|
||||||
|
|
||||||
|
|
||||||
class PopupViewMixin(object):
|
class PopupViewMixin(object):
|
||||||
|
|
|
@ -78,7 +78,7 @@ def check_authorization_url(url):
|
||||||
assert 'client_id' in parsed
|
assert 'client_id' in parsed
|
||||||
assert parsed['client_id'] == 'xxx'
|
assert parsed['client_id'] == 'xxx'
|
||||||
assert 'scope' in parsed
|
assert 'scope' in parsed
|
||||||
assert set(parsed['scope'].split()) == set(['openid', 'profile', 'birth', 'email'])
|
assert set(parsed['scope'].split()) == set(['openid', 'profile', 'email'])
|
||||||
assert 'state' in parsed
|
assert 'state' in parsed
|
||||||
assert 'nonce' in parsed
|
assert 'nonce' in parsed
|
||||||
assert parsed['state'] == parsed['nonce']
|
assert parsed['state'] == parsed['nonce']
|
||||||
|
|
Loading…
Reference in New Issue