diff --git a/e2e/test_provider_oidc.py b/e2e/test_provider_oidc.py index ad9fef526..0c16c739d 100644 --- a/e2e/test_provider_oidc.py +++ b/e2e/test_provider_oidc.py @@ -77,6 +77,7 @@ class TestProviderOIDC(StaticLiveServerTestCase): def test_redirect_uri_error(self): """test OpenID Provider flow (invalid redirect URI, check error message)""" + sleep(1) # Bootstrap all needed objects authorization_flow = Flow.objects.get(slug="default-provider-authorization") client = Client.objects.create( @@ -113,10 +114,13 @@ class TestProviderOIDC(StaticLiveServerTestCase): "Redirect URI Error", ) - def test_authorization_no_consent(self): - """test OpenID Provider flow (default authorization flow without consent)""" + def test_authorization_consent_implied(self): + """test OpenID Provider flow (default authorization flow with implied consent)""" + sleep(1) # Bootstrap all needed objects - authorization_flow = Flow.objects.get(slug="default-provider-authorization") + authorization_flow = Flow.objects.get( + slug="default-provider-authorization-implicit-consent" + ) client = Client.objects.create( name="grafana", client_type="confidential", @@ -174,11 +178,12 @@ class TestProviderOIDC(StaticLiveServerTestCase): "root@localhost", ) - def test_authorization_consent(self): - """test OpenID Provider flow (default authorization flow with consent)""" + def test_authorization_consent_explicit(self): + """test OpenID Provider flow (default authorization flow with explicit consent)""" + sleep(1) # Bootstrap all needed objects authorization_flow = Flow.objects.get( - slug="default-provider-authorization-consent" + slug="default-provider-authorization-explicit-consent" ) client = Client.objects.create( name="grafana", diff --git a/passbook/flows/migrations/0005_provider_flows.py b/passbook/flows/migrations/0005_provider_flows.py index a197d0532..007f29475 100644 --- a/passbook/flows/migrations/0005_provider_flows.py +++ b/passbook/flows/migrations/0005_provider_flows.py @@ -17,17 +17,17 @@ def create_default_provider_authz_flow( db_alias = schema_editor.connection.alias - # Empty flow for providers where no consent is needed + # Empty flow for providers where consent is implicitly given Flow.objects.create( - name="default-provider-authorization", - slug="default-provider-authorization", + name="Authorize Application", + slug="default-provider-authorization-implicit-consent", designation=FlowDesignation.AUTHORIZATION, ) - # Flow with consent form to obtain user consent for authorization + # Flow with consent form to obtain explicit user consent flow = Flow.objects.create( - name="default-provider-authorization-consent", - slug="default-provider-authorization-consent", + name="Authorize Application", + slug="default-provider-authorization-explicit-consent", designation=FlowDesignation.AUTHORIZATION, ) stage = ConsentStage.objects.create(name="default-provider-authorization-consent") diff --git a/passbook/flows/planner.py b/passbook/flows/planner.py index f91bc08da..aee17ecd9 100644 --- a/passbook/flows/planner.py +++ b/passbook/flows/planner.py @@ -59,6 +59,7 @@ class FlowPlan: self.markers.remove(marker) if not self.has_stages: return None + # pylint: disable=not-callable return self.next() return marked_stage diff --git a/passbook/providers/oidc/views.py b/passbook/providers/oidc/views.py index 1cddbe524..b537222ed 100644 --- a/passbook/providers/oidc/views.py +++ b/passbook/providers/oidc/views.py @@ -1,5 +1,4 @@ """passbook OIDC Views""" -from passbook.stages.consent.stage import PLAN_CONTEXT_CONSENT_TEMPLATE from django.contrib import messages from django.contrib.auth.mixins import LoginRequiredMixin from django.http import HttpRequest, HttpResponse, JsonResponse @@ -24,12 +23,14 @@ from passbook.flows.stage import StageView from passbook.flows.views import SESSION_KEY_PLAN from passbook.lib.utils.urls import redirect_with_qs from passbook.providers.oidc.models import OpenIDProvider +from passbook.stages.consent.stage import PLAN_CONTEXT_CONSENT_TEMPLATE LOGGER = get_logger() PLAN_CONTEXT_PARAMS = "params" PLAN_CONTEXT_SCOPES = "scopes" + class AuthorizationFlowInitView(AccessMixin, LoginRequiredMixin, View): """OIDC Flow initializer, checks access to application and starts flow""" @@ -61,7 +62,7 @@ class AuthorizationFlowInitView(AccessMixin, LoginRequiredMixin, View): PLAN_CONTEXT_APPLICATION: application, PLAN_CONTEXT_PARAMS: endpoint.params, PLAN_CONTEXT_SCOPES: endpoint.get_scopes_information(), - PLAN_CONTEXT_CONSENT_TEMPLATE: "providers/oidc/consent.html" + PLAN_CONTEXT_CONSENT_TEMPLATE: "providers/oidc/consent.html", }, ) plan.append(in_memory_stage(OIDCStage)) diff --git a/passbook/stages/consent/stage.py b/passbook/stages/consent/stage.py index fc9afdf14..3a1fa14a2 100644 --- a/passbook/stages/consent/stage.py +++ b/passbook/stages/consent/stage.py @@ -1,5 +1,5 @@ """passbook consent stage""" -from typing import List, Dict, Any +from typing import Any, Dict, List from django.views.generic import FormView @@ -16,8 +16,8 @@ class ConsentStage(FormView, StageView): def get_context_data(self, **kwargs: Dict[str, Any]) -> Dict[str, Any]: kwargs = super().get_context_data(**kwargs) - kwargs['current_stage'] = self.executor.current_stage - kwargs['context'] = self.executor.plan.context + kwargs["current_stage"] = self.executor.current_stage + kwargs["context"] = self.executor.plan.context return kwargs def get_template_names(self) -> List[str]: