From 029ff6e35a3723e43158a9889b80ec009aaa644c Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Oct 06 2016 14:15:00 +0000 Subject: Make sure that OpenID extensions don't return anything when not requested This makes sure that our OpenID extensions don't provide any responses if they were not requested, instead of providing empty responses. Some Relying Parties don't like to get responses for extensions they didn't ask for. Signed-off-by: Patrick Uiterwijk Reviewed-by: Pierre-Yves Chibon --- diff --git a/ipsilon/providers/openid/extensions/cla.py b/ipsilon/providers/openid/extensions/cla.py index 129a403..fceacfc 100644 --- a/ipsilon/providers/openid/extensions/cla.py +++ b/ipsilon/providers/openid/extensions/cla.py @@ -18,13 +18,13 @@ class OpenidExtension(OpenidExtensionBase): req = cla.CLARequest.fromOpenIDRequest(request) self.debug(req) if req is None: - return {} + return None data = userdata.get('_extras', {}).get('cla', []) return cla.CLAResponse.extractResponse(req, data) def _display(self, request, userdata): resp = self._resp(request, userdata) - if resp.clas: + if resp and resp.clas: return {'CLA': 'yes'} return {} diff --git a/ipsilon/providers/openid/extensions/fas_teams.py b/ipsilon/providers/openid/extensions/fas_teams.py index 67a92b9..7584f92 100644 --- a/ipsilon/providers/openid/extensions/fas_teams.py +++ b/ipsilon/providers/openid/extensions/fas_teams.py @@ -14,7 +14,7 @@ class OpenidExtension(Teams): def _resp(self, request, userdata): req = teams.TeamsRequest.fromOpenIDRequest(request) if req is None: - return {} + return None if '_FAS_ALL_GROUPS_' in req.requested: # We will send all groups the user is a member of req.requested = userdata.get('_groups', []) diff --git a/ipsilon/providers/openid/extensions/sreg.py b/ipsilon/providers/openid/extensions/sreg.py index 6cb3962..0292386 100644 --- a/ipsilon/providers/openid/extensions/sreg.py +++ b/ipsilon/providers/openid/extensions/sreg.py @@ -17,6 +17,8 @@ class OpenidExtension(OpenidExtensionBase): def _resp(self, request, userdata): req = sreg.SRegRequest.fromOpenIDRequest(request) + if req is None: + return None data = dict() for name in sreg.data_fields: if name in userdata: @@ -25,7 +27,9 @@ class OpenidExtension(OpenidExtensionBase): def _display(self, request, userdata): resp = self._resp(request, userdata) - return resp.data + if resp and resp.data: + return resp.data + return {} def _response(self, request, userdata): return self._resp(request, userdata) diff --git a/ipsilon/providers/openid/extensions/teams.py b/ipsilon/providers/openid/extensions/teams.py index 846fc8b..c4a661a 100644 --- a/ipsilon/providers/openid/extensions/teams.py +++ b/ipsilon/providers/openid/extensions/teams.py @@ -17,13 +17,13 @@ class Teams(OpenidExtensionBase): def _resp(self, request, userdata): req = teams.TeamsRequest.fromOpenIDRequest(request) if req is None: - return {} + return None data = userdata.get('_groups', []) return teams.TeamsResponse.extractResponse(req, data) def _display(self, request, userdata): resp = self._resp(request, userdata) - if resp.teams: + if resp and resp.teams: return {'Groups': resp.teams} return {}