ipsilon

Clone
Source Code
GIT

#128 Make sure that OpenID extensions don't return anything when not requested
Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.
puiterwijk/ipsilon openid-extensions-noresp  into  master

file modified
+2 -2 
@@ -18,13 +18,13 @@ 
 

          req = cla.CLARequest.fromOpenIDRequest(request)
 

          self.debug(req)
 

          if req is None:
 

-             return {}
 

+             return None
 

          data = userdata.get('_extras', {}).get('cla', [])
 

          return cla.CLAResponse.extractResponse(req, data)
 

  

      def _display(self, request, userdata):
 

          resp = self._resp(request, userdata)
 

-         if resp.clas:
 

+         if resp and resp.clas:
 

              return {'CLA': 'yes'}
 

          return {}

{} or None?

For display, we return {}, for _resp we return None.

file modified
+1 -1 
@@ -14,7 +14,7 @@ 
 

      def _resp(self, request, userdata):
 

          req = teams.TeamsRequest.fromOpenIDRequest(request)
 

          if req is None:
 

-             return {}
 

+             return None
 

          if '_FAS_ALL_GROUPS_' in req.requested:
 

              # We will send all groups the user is a member of
 

              req.requested = userdata.get('_groups', [])

file modified
+5 -1 
@@ -17,6 +17,8 @@ 
 

  

      def _resp(self, request, userdata):
 

          req = sreg.SRegRequest.fromOpenIDRequest(request)
 

+         if req is None:
 

+             return None
 

          data = dict()
 

          for name in sreg.data_fields:
 

              if name in userdata:
 
@@ -25,7 +27,9 @@ 
 

  

      def _display(self, request, userdata):
 

          resp = self._resp(request, userdata)
 

-         return resp.data
 

+         if resp and resp.data:
 

+             return resp.data
 

+         return {}

{} or None?

 
  

      def _response(self, request, userdata):
 

          return self._resp(request, userdata)

file modified
+2 -2 
@@ -17,13 +17,13 @@ 
 

      def _resp(self, request, userdata):
 

          req = teams.TeamsRequest.fromOpenIDRequest(request)
 

          if req is None:
 

-             return {}
 

+             return None
 

          data = userdata.get('_groups', [])
 

          return teams.TeamsResponse.extractResponse(req, data)
 

  

      def _display(self, request, userdata):
 

          resp = self._resp(request, userdata)
 

-         if resp.teams:
 

+         if resp and resp.teams:
 

              return {'Groups': resp.teams}
 

          return {}

This makes sure that our OpenID extensions don't provide any responses if they were
not requested, instead of providing empty responses.
Some Relying Parties don't like to get responses for extensions they didn't ask for.

Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com

{} or None?

{} or None?

For display, we return {}, for _resp we return None.

:thumbsup: for me

rebased
7 years ago

Pull-Request has been merged by puiterwijk
7 years ago
Metadata
None
No Tags
Changes Summary 4
+2 -2
file changed
ipsilon/providers/openid/extensions/cla.py
+1 -1
file changed
ipsilon/providers/openid/extensions/fas_teams.py
+5 -1
file changed
ipsilon/providers/openid/extensions/sreg.py
+2 -2
file changed
ipsilon/providers/openid/extensions/teams.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.