entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity

idp oidc: log invalid request's response error (#19837)

This commit is contained in:
Josue Kouka 2018-01-23 17:23:41 +01:00
parent fe64b1edef
commit bafb9dceb1
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/authentic2_idp_oidc/views.py
View File

@ -53,6 +53,7 @@ def certs(request, *args, **kwargs):
def authorization_error(request, redirect_uri, error, error_description=None, error_uri=None,
state=None, fragment=False):
logger = logging.getLogger(__name__)
params = {
'error': error,
}
@ -62,6 +63,8 @@ def authorization_error(request, redirect_uri, error, error_description=None, er
params['error_uri'] = error_uri
if state is not None:
params['state'] = state
logger.warning(u'idp_oidc: authorization request error redirect_uri=%r error=%r error_description=%r',
redirect_uri, error, error_description, extra={'redirect_uri': redirect_uri})
if fragment:
return redirect(request, redirect_uri + '#%s' % urlencode(params), resolve=False)
else:

7
tests/test_idp_oidc.py
View File

@ -274,7 +274,7 @@ def assert_authorization_response(response, fragment=False, **kwargs):
assert value in query[key][0]
def test_invalid_request(oidc_settings, oidc_client, simple_user, app):
def test_invalid_request(caplog, oidc_settings, oidc_client, simple_user, app):
redirect_uri = oidc_client.redirect_uris.split()[0]
if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
fragment = False
@ -317,6 +317,11 @@ def test_invalid_request(oidc_settings, oidc_client, simple_user, app):
response = app.get(authorize_url)
assert_oidc_error(response, 'invalid_request', 'missing parameter \'response_type\'',
fragment=fragment)
logrecord = [rec for rec in caplog.records if rec.funcName == 'authorization_error'][0]
assert logrecord.levelname == 'WARNING'
assert logrecord.redirect_uri == 'https://example.com/callback'
assert 'missing parameter \'response_type\'' in logrecord.message
# missing scope
authorize_url = make_url('oidc-authorize', params={
'client_id': oidc_client.client_id,