From 8495ff9fc0c962fae87c9d0f0ef529c3d0b4c0aa Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 29 Jul 2021 21:22:31 +0200 Subject: [PATCH] providers/oauth2: fix error when requesting jwks keys with no rs256 aet Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/tests/test_jwks.py | 54 +++++++++++++++++++ authentik/providers/oauth2/views/jwks.py | 2 +- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 authentik/providers/oauth2/tests/test_jwks.py diff --git a/authentik/providers/oauth2/tests/test_jwks.py b/authentik/providers/oauth2/tests/test_jwks.py new file mode 100644 index 000000000..cede1014b --- /dev/null +++ b/authentik/providers/oauth2/tests/test_jwks.py @@ -0,0 +1,54 @@ +"""JWKS tests""" +import json + +from django.test import RequestFactory +from django.urls.base import reverse +from django.utils.encoding import force_str + +from authentik.core.models import Application +from authentik.crypto.models import CertificateKeyPair +from authentik.flows.models import Flow +from authentik.providers.oauth2.models import OAuth2Provider +from authentik.providers.oauth2.tests.utils import OAuthTestCase + + +class TestJWKS(OAuthTestCase): + """Test JWKS view""" + + def setUp(self) -> None: + super().setUp() + self.factory = RequestFactory() + + def test_rs256(self): + """Test JWKS request with RS256""" + provider = OAuth2Provider.objects.create( + name="test", + client_id="test", + authorization_flow=Flow.objects.first(), + redirect_uris="http://local.invalid", + rsa_key=CertificateKeyPair.objects.first(), + ) + app = Application.objects.create(name="test", slug="test", provider=provider) + response = self.client.get( + reverse( + "authentik_providers_oauth2:jwks", kwargs={"application_slug": app.slug} + ) + ) + body = json.loads(force_str(response.content)) + self.assertEqual(len(body["keys"]), 1) + + def test_hs256(self): + """Test JWKS request with HS256""" + provider = OAuth2Provider.objects.create( + name="test", + client_id="test", + authorization_flow=Flow.objects.first(), + redirect_uris="http://local.invalid", + ) + app = Application.objects.create(name="test", slug="test", provider=provider) + response = self.client.get( + reverse( + "authentik_providers_oauth2:jwks", kwargs={"application_slug": app.slug} + ) + ) + self.assertJSONEqual(force_str(response.content), {}) diff --git a/authentik/providers/oauth2/views/jwks.py b/authentik/providers/oauth2/views/jwks.py index 14bc90014..a1d0fe56c 100644 --- a/authentik/providers/oauth2/views/jwks.py +++ b/authentik/providers/oauth2/views/jwks.py @@ -30,7 +30,7 @@ class JWKSView(View): response_data = {} - if provider.jwt_alg == JWTAlgorithms.RS256: + if provider.jwt_alg == JWTAlgorithms.RS256 and provider.rsa_key: public_key: RSAPublicKey = provider.rsa_key.private_key.public_key() public_numbers = public_key.public_numbers() response_data["keys"] = [