franceconnect_data: add a hash of the identite_pivot to returned data (#55155)

2021-06-24 15:12:29 +02:00 · 2021-06-24 15:12:29 +02:00 · 98973b0a7e
parent 5c32723a10
commit 98973b0a7e
2 changed files with 18 additions and 0 deletions
--- a/passerelle/apps/franceconnect_data/fc.py
+++ b/passerelle/apps/franceconnect_data/fc.py
@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import base64
+import hashlib
 import json
 import urllib.parse
 import uuid
@ -113,8 +114,18 @@ class FranceConnect:
            platform.user_info_endpoint_url,
            headers={'Authorization': 'Bearer %s' % self.fc_access_token},
        )
+        fc_user_info['hash'] = self.make_identite_pivot_sha256(fc_user_info)
        self.add('fc_user_info', fc_user_info)

+    def make_identite_pivot_sha256(self, user_info):
+        parts = []
+        for key in ['given_name', 'family_name', 'birthdate', 'gender', 'birthplace', 'birthcountry']:
+            if not user_info.get(key):
+                return None
+            parts.append('%s=%s' % (key, user_info.get(key) or ''))
+        data = '\n'.join(parts)
+        return hashlib.sha256(data.encode()).hexdigest().lower()
+
    def request_dgfip_access_token(self, dgfip_username, dgfip_password, scope=None):
        data = {
            'grant_type': 'client_credentials',
--- a/tests/test_franceconnect_data.py
+++ b/tests/test_franceconnect_data.py
@ -63,6 +63,8 @@ def test_init_request(app, fc):
            'given_name': 'John',
            'family_name': 'Doe',
            'birthdate': '2001-04-28',
+            'birthplace': '13055',
+            'birthcountry': '99100',
            'gender': 'male',
        },
    ],
@ -83,8 +85,11 @@ def test_callback(app, fc):
            'birthdate': '2001-04-28',
            'family_name': 'Doe',
            'gender': 'male',
+            'birthplace': '13055',
+            'birthcountry': '99100',
            'given_name': 'John',
            'sub': 'sub-1234',
+            'hash': '50a8c11bcafc175d2571029b29ace5f3bcb3e06643ff4ac8b291772f788e4153',
        },
        'id': None,
        'text': 'John Doe né le April 28, 2001',
@ -99,6 +104,8 @@ def test_callback(app, fc):
            'sub': 'sub-1234',
            'given_name': 'John',
            'family_name': 'Doe',
+            'birthplace': '13055',
+            'birthcountry': '99100',
            'birthdate': '2001-04-28',
            'gender': 'male',
        },