Skip to content

Commit 1a816fa

Browse files
author
tailor
committed
[project @ pape.Request.auth_levels => pape.Request.preferred_auth_level_types, and parsing]
1 parent 618a6cb commit 1a816fa

File tree

2 files changed

+80
-21
lines changed

2 files changed

+80
-21
lines changed

openid/extensions/draft/pape5.py

Lines changed: 36 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -55,31 +55,33 @@ class Request(Extension):
5555
re-authenticate
5656
@type max_auth_age: int or NoneType
5757
58-
@ivar auth_levels: Ordered list of authentication level namespace
59-
URIs
60-
@type auth_levels: [str]
58+
@ivar preferred_auth_level_types: Ordered list of authentication
59+
level namespace URIs
60+
61+
@type preferred_auth_level_types: [str]
6162
"""
6263

6364
ns_alias = 'pape'
6465

65-
def __init__(self, preferred_auth_policies=None, max_auth_age=None, auth_levels=None):
66+
def __init__(self, preferred_auth_policies=None, max_auth_age=None,
67+
preferred_auth_level_types=None):
6668
super(Request, self).__init__(self)
6769
if preferred_auth_policies is None:
6870
preferred_auth_policies = []
6971

7072
self.preferred_auth_policies = preferred_auth_policies
7173
self.max_auth_age = max_auth_age
72-
self.auth_levels = []
74+
self.preferred_auth_level_types = []
7375
self.auth_level_aliases = _default_auth_level_aliases.copy()
7476

75-
if auth_levels is not None:
76-
for auth_level in auth_levels:
77+
if preferred_auth_level_types is not None:
78+
for auth_level in preferred_auth_level_types:
7779
self.addAuthLevel(auth_level)
7880

7981
def __nonzero__(self):
8082
return bool(self.preferred_auth_policies or
8183
self.max_auth_age is not None or
82-
self.auth_levels)
84+
self.preferred_auth_level_types)
8385

8486
def addPolicyURI(self, policy_uri):
8587
"""Add an acceptable authentication policy URI to this request
@@ -115,8 +117,8 @@ def addAuthLevel(self, auth_level_uri, alias=None):
115117
alias, existing_uri, auth_level_uri)
116118

117119
self.auth_level_aliases[alias] = auth_level_uri
118-
if auth_level_uri not in self.auth_levels:
119-
self.auth_levels.append(auth_level_uri)
120+
if auth_level_uri not in self.preferred_auth_level_types:
121+
self.preferred_auth_level_types.append(auth_level_uri)
120122

121123
def _generateAlias(self):
122124
for i in xrange(1000):
@@ -143,10 +145,10 @@ def getExtensionArgs(self):
143145
if self.max_auth_age is not None:
144146
ns_args['max_auth_age'] = str(self.max_auth_age)
145147

146-
if self.auth_levels:
148+
if self.preferred_auth_level_types:
147149
preferred_types = []
148150

149-
for auth_level_uri in self.auth_levels:
151+
for auth_level_uri in self.preferred_auth_level_types:
150152
alias = self._getAlias(auth_level_uri)
151153
ns_args['auth_level.ns.%s' % (alias,)] = auth_level_uri
152154
preferred_types.append(alias)
@@ -170,12 +172,16 @@ def fromOpenIDRequest(cls, request):
170172

171173
fromOpenIDRequest = classmethod(fromOpenIDRequest)
172174

173-
def parseExtensionArgs(self, args):
175+
def parseExtensionArgs(self, args, strict=False):
174176
"""Set the state of this request to be that expressed in these
175177
PAPE arguments
176178
177179
@param args: The PAPE arguments without a namespace
178180
181+
@param strict: Whether to raise an exception if the input is
182+
out of spec or otherwise malformed. If strict is false,
183+
malformed input will be ignored.
184+
179185
@rtype: None
180186
181187
@raises ValueError: When the max_auth_age is not parseable as
@@ -199,7 +205,23 @@ def parseExtensionArgs(self, args):
199205
try:
200206
self.max_auth_age = int(max_auth_age_str)
201207
except ValueError:
202-
pass
208+
if strict:
209+
raise
210+
211+
# Parse auth level information
212+
preferred_auth_level_types = args.get('preferred_auth_level_types')
213+
if preferred_auth_level_types:
214+
aliases = preferred_auth_level_types.strip().split()
215+
216+
for alias in aliases:
217+
key = 'auth_level.ns.%s' % (alias,)
218+
uri = args.get(key)
219+
if uri is None:
220+
if strict:
221+
raise ValueError('preferred auth level %r is not '
222+
'defined in this message' % (alias,))
223+
else:
224+
self.addAuthLevel(uri, alias)
203225

204226
def preferredTypes(self, supported_types):
205227
"""Given a list of authentication policy URIs that a provider

openid/test/test_pape_draft5.py

Lines changed: 44 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,33 +13,34 @@ def test_construct(self):
1313
self.failUnlessEqual([], self.req.preferred_auth_policies)
1414
self.failUnlessEqual(None, self.req.max_auth_age)
1515
self.failUnlessEqual('pape', self.req.ns_alias)
16-
self.failIf(self.req.auth_levels)
16+
self.failIf(self.req.preferred_auth_level_types)
1717

1818
bogus_levels = ['http://janrain.com/our_levels']
1919
req2 = pape.Request(
2020
[pape.AUTH_MULTI_FACTOR], 1000, bogus_levels)
2121
self.failUnlessEqual([pape.AUTH_MULTI_FACTOR],
2222
req2.preferred_auth_policies)
2323
self.failUnlessEqual(1000, req2.max_auth_age)
24-
self.failUnlessEqual(bogus_levels, req2.auth_levels)
24+
self.failUnlessEqual(bogus_levels, req2.preferred_auth_level_types)
2525

2626
def test_addAuthLevel(self):
2727
self.req.addAuthLevel('http://example.com/', 'example')
28-
self.failUnlessEqual(['http://example.com/'], self.req.auth_levels)
28+
self.failUnlessEqual(['http://example.com/'],
29+
self.req.preferred_auth_level_types)
2930
self.failUnlessEqual('http://example.com/',
3031
self.req.auth_level_aliases['example'])
3132

3233
self.req.addAuthLevel('http://example.com/1', 'example1')
3334
self.failUnlessEqual(['http://example.com/', 'http://example.com/1'],
34-
self.req.auth_levels)
35+
self.req.preferred_auth_level_types)
3536

3637
self.req.addAuthLevel('http://example.com/', 'exmpl')
3738
self.failUnlessEqual(['http://example.com/', 'http://example.com/1'],
38-
self.req.auth_levels)
39+
self.req.preferred_auth_level_types)
3940

4041
self.req.addAuthLevel('http://example.com/', 'example')
4142
self.failUnlessEqual(['http://example.com/', 'http://example.com/1'],
42-
self.req.auth_levels)
43+
self.req.preferred_auth_level_types)
4344

4445
self.failUnlessRaises(KeyError,
4546
self.req.addAuthLevel,
@@ -109,12 +110,48 @@ def test_getExtensionArgsWithAuthLevels(self):
109110

110111
self.failUnlessEqual(expected_args, self.req.getExtensionArgs())
111112

113+
def test_parseExtensionArgsWithAuthLevels(self):
114+
uri = 'http://example.com/auth_level'
115+
alias = 'my_level'
116+
117+
uri2 = 'http://example.com/auth_level_2'
118+
alias2 = 'my_level_2'
119+
120+
request_args = {
121+
('auth_level.ns.%s' % alias): uri,
122+
('auth_level.ns.%s' % alias2): uri2,
123+
'preferred_auth_level_types': ' '.join([alias, alias2]),
124+
'preferred_auth_policies': '',
125+
}
126+
127+
# Check request object state
128+
self.req.parseExtensionArgs(request_args)
129+
130+
expected_auth_levels = [uri, uri2]
131+
132+
self.assertEqual(expected_auth_levels,
133+
self.req.preferred_auth_level_types)
134+
self.assertEqual(uri, self.req.auth_level_aliases[alias])
135+
self.assertEqual(uri2, self.req.auth_level_aliases[alias2])
136+
137+
def test_parseExtensionArgs_ignoreBadAuthLevels(self):
138+
request_args = {'preferred_auth_level_types':'monkeys'}
139+
self.req.parseExtensionArgs(request_args)
140+
self.assertEqual([], self.req.preferred_auth_level_types)
141+
142+
def test_parseExtensionArgs_strictBadAuthLevels(self):
143+
request_args = {'preferred_auth_level_types':'monkeys'}
144+
self.failUnlessRaises(ValueError, self.req.parseExtensionArgs,
145+
request_args, strict=True)
146+
112147
def test_parseExtensionArgs(self):
113148
args = {'preferred_auth_policies': 'http://foo http://bar',
114149
'max_auth_age': '9'}
115150
self.req.parseExtensionArgs(args)
116151
self.failUnlessEqual(9, self.req.max_auth_age)
117-
self.failUnlessEqual(['http://foo','http://bar'], self.req.preferred_auth_policies)
152+
self.failUnlessEqual(['http://foo','http://bar'],
153+
self.req.preferred_auth_policies)
154+
self.failUnlessEqual([], self.req.preferred_auth_level_types)
118155

119156
def test_parseExtensionArgs_empty(self):
120157
self.req.parseExtensionArgs({})

0 commit comments

Comments
 (0)