def parse_request(self, message_factory, request=None, request_args=None): _cli = self.conv.entity kwargs = { 'aud': _cli.client_id, 'iss': _cli.provider_info['issuer'], 'keyjar': _cli.keyjar } try: req = self.deserialize(message_factory, request, request_args, **kwargs) except NotForMe: # just ignore return '' if isinstance(req, str): return req # Find the state value try: sm_id = req['logout_token']['sid'] except KeyError: raise MessageException('No session ID in logout token') else: try: return _cli.smid2sid[sm_id] except KeyError: raise ValueError('Unknown session ID in logout token')
def claims_ser(val, sformat="urlencoded", lev=0): # everything in c_extension if isinstance(val, six.string_types): item = val elif isinstance(val, list): item = val[0] else: item = val if isinstance(item, Message): return item.serialize(method=sformat, lev=lev + 1) if sformat == "urlencoded": res = urllib.urlencode(item) elif sformat == "json": if lev: res = item else: res = json.dumps(item) elif sformat == "dict": if isinstance(item, dict): res = item else: raise MessageException("Wrong type: %s" % type(item)) else: raise PyoidcError("Unknown sformat: %s" % sformat, val) return res
def msg_ser_json(inst, sformat="json", lev=0): # sformat = "json" always except when dict if sformat == "dict": if isinstance(inst, Message): res = inst.serialize(sformat, lev) elif isinstance(inst, dict): res = inst else: raise MessageException("Wrong type: %s" % type(inst)) else: sformat = "json" if isinstance(inst, dict) or isinstance(inst, Message): res = inst.serialize(sformat, lev) else: res = inst return res
def msg_ser(inst, sformat, lev=0): if sformat in ["urlencoded", "json"]: if isinstance(inst, dict) or isinstance(inst, Message): res = inst.serialize(sformat, lev) else: res = inst elif sformat == "dict": if isinstance(inst, Message): res = inst.serialize(sformat, lev) elif isinstance(inst, dict): res = inst else: raise MessageException("Wrong type: %s" % type(inst)) else: raise PyoidcError("Unknown sformat", inst) return res
def verify(self, **kwargs): super().verify(**kwargs) if "nonce" in self: raise MessageException( '"nonce" is prohibited from appearing in a LogoutToken.' ) # Check the 'events' JSON _keys = list(self["events"].keys()) if len(_keys) != 1: raise ValueError('Must only be one member in "events"') if _keys[0] != BACK_CHANNEL_LOGOUT_EVENT: raise ValueError('Wrong member in "events"') if self["events"][_keys[0]] != {}: raise ValueError('Wrong member value in "events"') # There must be either a 'sub' or a 'sid', and may contain both if not ("sub" in self or "sid" in self): raise ValueError('There MUST be either a "sub" or a "sid"') try: if kwargs["aud"] not in self["aud"]: raise NotForMe("Not among intended audience") except KeyError: pass try: if kwargs["iss"] != self["iss"]: raise NotForMe("Wrong issuer") except KeyError: pass _now = utc_time_sans_frac() _skew = kwargs.get("skew", 0) _iat = self.get("iat", 0) if _iat and _iat > (_now + _skew): raise ValueError("Invalid issued_at time") return True
def backchannel_logout(self, request: Optional[str] = None, request_args: Optional[Dict] = None) -> str: """ Receives a back channel logout request. :param request: A urlencoded request :param request_args: The request as a dictionary :return: A Session Identifier """ if request: req = BackChannelLogoutRequest().from_urlencoded(request) elif request_args is not None: req = BackChannelLogoutRequest(**request_args) else: raise ValueError("Missing request specification") kwargs = { "aud": self.client_id, "iss": self.issuer, "keyjar": self.keyjar } try: req.verify(**kwargs) except (MessageException, ValueError, NotForMe) as err: raise MessageException("Bogus logout request: {}".format(err)) # Find the subject through 'sid' or 'sub' try: sub = req["logout_token"]["sub"] except KeyError: # verify has guaranteed that there will be a sid if sub is missing sm_id = req["logout_token"]["sid"] _sid = session_get(self.sso_db, "smid", sm_id) else: _sid = session_extended_get(self.sso_db, sub, "issuer", req["logout_token"]["iss"]) return _sid
def get_response_type(cls, endpoint: str): """Return class representing the response_cls for given endpoint.""" try: return getattr(cls, endpoint).response_cls except AttributeError: raise MessageException("Unknown endpoint.")