def _get_oidc_configuration_errors(id):
errors = []
configuration_url = settings.OIDC_CONFIGURATION_URL
parsed = urlparse(configuration_url)
if not parsed.path or parsed.path == "/":
default_path = "/.well-known/openid-configuration"
parsed._replace(path=default_path)
configuration_url = urljoin(configuration_url, default_path)
response = requests_retry_session().get(configuration_url)
response.raise_for_status()
openid_configuration = response.json()
for key, setting_key in (
("userinfo_endpoint", "OIDC_OP_USER_ENDPOINT"),
("authorization_endpoint", "OIDC_OP_AUTHORIZATION_ENDPOINT"),
("token_endpoint", "OIDC_OP_TOKEN_ENDPOINT"),
):
setting_value = getattr(settings, setting_key, None)
if key not in openid_configuration and setting_value:
errors.append(
Warning(
f"{setting_key} is set but {key!r} is not exposed in {configuration_url}",
id=id,
))
continue
config_value = openid_configuration[key]
if setting_value and config_value != setting_value:
errors.append(
Error(
f"{setting_key}'s value is different from that on {configuration_url}"
f" ({setting_value!r} != {config_value!r}",
id=id,
))
# settings.OIDC_RP_SCOPES can have less but not more that what's supported
scopes_requested = set(settings.OIDC_RP_SCOPES.split())
scopes_supported = set(openid_configuration["scopes_supported"])
if scopes_supported - scopes_requested:
errors.append(
Error(
f"Invalid settings.OIDC_RP_SCOPES ({settings.OIDC_RP_SCOPES!r}). "
f"Requested: {scopes_requested}, Supported: {scopes_supported}",
id=id,
))
if settings.OIDC_RP_SIGN_ALGO not in set(
openid_configuration["id_token_signing_alg_values_supported"]):
errors.append(
Error(
f"Invalid settings.OIDC_RP_SIGN_ALGO. "
f"{settings.OIDC_RP_SIGN_ALGO!r} not in "
f'{openid_configuration["id_token_signing_alg_values_supported"]}',
id=id,
))
return errors
def request(method, path, **kwargs):
return requests_retry_session().request(
method,
API_URL + path,
headers={
"api-key": settings.SENDINBLUE_API_KEY,
"accept": "application/json"
},
**kwargs,
)
def complete_login(self, request, app, token, **kwargs):
session = requests_retry_session()
params = {'access_token': token.token}
profile_data = session.get(self.profile_url, params=params)
profile_data.raise_for_status()
extra_data = profile_data.json()
email_data = session.get(self.email_url, params=params)
email_data.raise_for_status()
extra_data['email_addresses'] = email_data.json()
return self.get_provider().sociallogin_from_response(
request, extra_data)
def complete_login(self, request, app, token, **kwargs):
session = requests_retry_session()
headers = {"Authorization": f"token {token.token}"}
profile_data = session.get(self.profile_url, headers=headers)
profile_data.raise_for_status()
extra_data = profile_data.json()
email_data = session.get(self.email_url, headers=headers)
email_data.raise_for_status()
extra_data["email_addresses"] = email_data.json()
return self.get_provider().sociallogin_from_response(
request, extra_data)
def test_requests_retry_session(mock_requests):
def absolute_url(uri):
return "http://example.com" + uri
mock_requests.get(absolute_url("/a/ok"), text="hi")
mock_requests.get(absolute_url("/oh/noes"), text="bad!", status_code=504)
mock_requests.get(absolute_url("/oh/crap"), exc=ConnectionError)
session = requests_retry_session(status_forcelist=(504, ))
response_ok = session.get(absolute_url("/a/ok"))
assert response_ok.status_code == 200
response_bad = session.get(absolute_url("/oh/noes"))
assert response_bad.status_code == 504
with pytest.raises(ConnectionError):
session.get(absolute_url("/oh/crap"))
def test_requests_retry_session(mock_requests):
def absolute_url(uri):
return 'http://example.com' + uri
mock_requests.get(absolute_url('/a/ok'), text='hi')
mock_requests.get(absolute_url('/oh/noes'), text='bad!', status_code=504)
mock_requests.get(absolute_url('/oh/crap'), exc=ConnectionError)
session = requests_retry_session(status_forcelist=(504,))
response_ok = session.get(absolute_url('/a/ok'))
assert response_ok.status_code == 200
response_bad = session.get(absolute_url('/oh/noes'))
assert response_bad.status_code == 504
with pytest.raises(ConnectionError):
session.get(absolute_url('/oh/crap'))
def _download_from_url(url):
pdf_download = requests_retry_session().get(url)
pdf_download.raise_for_status()
return pdf_download.content