def parse_request(self, message_factory, request=None, request_args=None):
_cli = self.conv.entity
kwargs = {
'aud': _cli.client_id,
'iss': _cli.provider_info['issuer'],
'keyjar': _cli.keyjar
}
try:
req = self.deserialize(message_factory, request, request_args,
**kwargs)
except NotForMe: # just ignore
return ''
if isinstance(req, str):
return req
# Find the state value
try:
sm_id = req['logout_token']['sid']
except KeyError:
raise MessageException('No session ID in logout token')
else:
try:
return _cli.smid2sid[sm_id]
except KeyError:
raise ValueError('Unknown session ID in logout token')
def claims_ser(val, sformat="urlencoded", lev=0):
# everything in c_extension
if isinstance(val, six.string_types):
item = val
elif isinstance(val, list):
item = val[0]
else:
item = val
if isinstance(item, Message):
return item.serialize(method=sformat, lev=lev + 1)
if sformat == "urlencoded":
res = urllib.urlencode(item)
elif sformat == "json":
if lev:
res = item
else:
res = json.dumps(item)
elif sformat == "dict":
if isinstance(item, dict):
res = item
else:
raise MessageException("Wrong type: %s" % type(item))
else:
raise PyoidcError("Unknown sformat: %s" % sformat, val)
return res
def msg_ser_json(inst, sformat="json", lev=0):
# sformat = "json" always except when dict
if sformat == "dict":
if isinstance(inst, Message):
res = inst.serialize(sformat, lev)
elif isinstance(inst, dict):
res = inst
else:
raise MessageException("Wrong type: %s" % type(inst))
else:
sformat = "json"
if isinstance(inst, dict) or isinstance(inst, Message):
res = inst.serialize(sformat, lev)
else:
res = inst
return res
def msg_ser(inst, sformat, lev=0):
if sformat in ["urlencoded", "json"]:
if isinstance(inst, dict) or isinstance(inst, Message):
res = inst.serialize(sformat, lev)
else:
res = inst
elif sformat == "dict":
if isinstance(inst, Message):
res = inst.serialize(sformat, lev)
elif isinstance(inst, dict):
res = inst
else:
raise MessageException("Wrong type: %s" % type(inst))
else:
raise PyoidcError("Unknown sformat", inst)
return res
def verify(self, **kwargs):
super().verify(**kwargs)
if "nonce" in self:
raise MessageException(
'"nonce" is prohibited from appearing in a LogoutToken.'
)
# Check the 'events' JSON
_keys = list(self["events"].keys())
if len(_keys) != 1:
raise ValueError('Must only be one member in "events"')
if _keys[0] != BACK_CHANNEL_LOGOUT_EVENT:
raise ValueError('Wrong member in "events"')
if self["events"][_keys[0]] != {}:
raise ValueError('Wrong member value in "events"')
# There must be either a 'sub' or a 'sid', and may contain both
if not ("sub" in self or "sid" in self):
raise ValueError('There MUST be either a "sub" or a "sid"')
try:
if kwargs["aud"] not in self["aud"]:
raise NotForMe("Not among intended audience")
except KeyError:
pass
try:
if kwargs["iss"] != self["iss"]:
raise NotForMe("Wrong issuer")
except KeyError:
pass
_now = utc_time_sans_frac()
_skew = kwargs.get("skew", 0)
_iat = self.get("iat", 0)
if _iat and _iat > (_now + _skew):
raise ValueError("Invalid issued_at time")
return True
def backchannel_logout(self,
request: Optional[str] = None,
request_args: Optional[Dict] = None) -> str:
"""
Receives a back channel logout request.
:param request: A urlencoded request
:param request_args: The request as a dictionary
:return: A Session Identifier
"""
if request:
req = BackChannelLogoutRequest().from_urlencoded(request)
elif request_args is not None:
req = BackChannelLogoutRequest(**request_args)
else:
raise ValueError("Missing request specification")
kwargs = {
"aud": self.client_id,
"iss": self.issuer,
"keyjar": self.keyjar
}
try:
req.verify(**kwargs)
except (MessageException, ValueError, NotForMe) as err:
raise MessageException("Bogus logout request: {}".format(err))
# Find the subject through 'sid' or 'sub'
try:
sub = req["logout_token"]["sub"]
except KeyError:
# verify has guaranteed that there will be a sid if sub is missing
sm_id = req["logout_token"]["sid"]
_sid = session_get(self.sso_db, "smid", sm_id)
else:
_sid = session_extended_get(self.sso_db, sub, "issuer",
req["logout_token"]["iss"])
return _sid
def get_response_type(cls, endpoint: str):
"""Return class representing the response_cls for given endpoint."""
try:
return getattr(cls, endpoint).response_cls
except AttributeError:
raise MessageException("Unknown endpoint.")