idp_oidc: fix erroneous exception-handling at client authn time (#73990)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
3a6aa92e56
commit
e59226cb5b
|
@ -599,7 +599,7 @@ def authenticate_client(request, ratelimit=False, client=None):
|
|||
raise InvalidClient(_('Empty client identifier'))
|
||||
|
||||
if not client_secret:
|
||||
raise InvalidRequest('missing client_secret', client=client_id)
|
||||
raise InvalidRequest('missing client_secret', client=client)
|
||||
|
||||
client = get_client(client_id)
|
||||
if not client:
|
||||
|
|
|
@ -1959,3 +1959,42 @@ def test_token_endpoint_code_timeout(oidc_client, oidc_settings, simple_user, ap
|
|||
freezer.move_to(datetime.timedelta(seconds=1.1))
|
||||
response = resolve_code(status=400)
|
||||
assert 'access_token' not in response.json
|
||||
|
||||
|
||||
def test_authenticate_client_exception_handling(app, oidc_client, simple_user, rf):
|
||||
from authentic2_idp_oidc.views import (
|
||||
InvalidClient,
|
||||
InvalidRequest,
|
||||
WrongClientSecret,
|
||||
authenticate_client,
|
||||
)
|
||||
|
||||
request = rf.get('/')
|
||||
|
||||
# missing client id
|
||||
with pytest.raises(InvalidRequest):
|
||||
authenticate_client(request, client=oidc_client)
|
||||
|
||||
# empty client id
|
||||
request.POST = {'client_id': '', 'client_secret': ''}
|
||||
with pytest.raises(InvalidClient):
|
||||
authenticate_client(request, client=oidc_client)
|
||||
|
||||
# empty client secret
|
||||
request.POST['client_id'] = 'abc'
|
||||
with pytest.raises(InvalidRequest):
|
||||
authenticate_client(request, client=oidc_client)
|
||||
|
||||
# wrong client id
|
||||
request.POST['client_secret'] = 'def'
|
||||
with pytest.raises(InvalidClient):
|
||||
authenticate_client(request, client=oidc_client)
|
||||
|
||||
# wrong client secret
|
||||
request.POST['client_id'] = oidc_client.client_id
|
||||
with pytest.raises(WrongClientSecret):
|
||||
authenticate_client(request, client=oidc_client)
|
||||
|
||||
# OK
|
||||
request.POST['client_secret'] = oidc_client.client_secret
|
||||
assert authenticate_client(request, client=oidc_client) == oidc_client
|
||||
|
|
Loading…
Reference in New Issue