Skip to content

Commit

Permalink
feat(pro_connect): decode user_data
Browse files Browse the repository at this point in the history
  • Loading branch information
vincentporte committed Jul 31, 2024
1 parent e794662 commit 98dd522
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
5 changes: 4 additions & 1 deletion lacommunaute/openid_connect/tests/tests_views.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from urllib.parse import urlencode

import httpx
import jwt
import respx
from django.contrib import auth
from django.contrib.sessions.middleware import SessionMiddleware
Expand Down Expand Up @@ -69,7 +70,9 @@ def mock_oauth_dance(
user_info = OIDC_USERINFO.copy()
if user_info_email:
user_info["email"] = user_info_email
respx.get(constants.PRO_CONNECT_ENDPOINT_USERINFO).mock(return_value=httpx.Response(200, json=user_info))
user_info = user_info | {"aud": constants.PRO_CONNECT_CLIENT_ID}
user_info_jwt = jwt.encode(payload=user_info, key=constants.PRO_CONNECT_CLIENT_SECRET, algorithm="HS256")
respx.get(constants.PRO_CONNECT_ENDPOINT_USERINFO).mock(return_value=httpx.Response(200, content=user_info_jwt))

csrf_signed = OpenID_State.create_signed_csrf_token()
url = reverse("openid_connect:callback")
Expand Down
12 changes: 7 additions & 5 deletions lacommunaute/openid_connect/views.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import dataclasses
import json
import logging

import httpx
import jwt
from django.contrib import messages
from django.contrib.auth import login, logout
from django.http import HttpResponseRedirect
Expand Down Expand Up @@ -123,10 +123,12 @@ def openid_connect_callback(request): # pylint: disable=too-many-return-stateme
if response.status_code != 200:
return _redirect_to_login_page_on_error(error_msg="Impossible to get user infos.", request=request)

try:
user_data = json.loads(response.content.decode("utf-8"))
except json.decoder.JSONDecodeError:
return _redirect_to_login_page_on_error(error_msg="Impossible to decode user infos.", request=request)
user_data = jwt.decode(
response.content,
key=constants.PRO_CONNECT_CLIENT_SECRET,
algorithms=["HS256"],
audience=constants.PRO_CONNECT_CLIENT_ID,
)

if "sub" not in user_data:
# 'sub' is the unique identifier from Inclusion Connect, we need that to match a user later on.
Expand Down

0 comments on commit 98dd522

Please sign in to comment.