def authz_part2(self, user, authn_event, request, **kwargs):
"""
After the authentication this is where you should end up
:param user:
:param request: The Authorization Request
:param sid: Session key
:param kwargs: possible other parameters
:return: A redirect to the redirect_uri of the client
"""
sid = setup_session(
self.endpoint_context, request, user, authn_event=authn_event
)
try:
resp_info = self.post_authentication(user, request, sid, **kwargs)
except Exception as err:
return self.error_response({}, "server_error", err)
if "check_session_iframe" in self.endpoint_context.provider_info:
ec = self.endpoint_context
salt = rndstr()
if ec.sdb.is_session_revoked(sid):
pass
else:
authn_event = ec.sdb.get_authentication_event(
sid
) # use the last session
_state = json.dumps({"authn_time": authn_event["authn_time"]})
session_cookie = ec.cookie_dealer.create_cookie(
json.dumps(_state),
typ="session",
cookie_name=ec.cookie_name["session_management"],
)
opbs = session_cookie[ec.cookie_name["session_management"]]
_session_state = compute_session_state(
opbs.value, salt, request["client_id"], resp_info["return_uri"]
)
if "cookie" in resp_info:
if isinstance(resp_info["cookie"], list):
resp_info["cookie"].append(session_cookie)
else:
append_cookie(resp_info["cookie"], session_cookie)
else:
resp_info["cookie"] = session_cookie
resp_info["response_args"]["session_state"] = _session_state
# Mix-Up mitigation
resp_info["response_args"]["iss"] = self.endpoint_context.issuer
resp_info["response_args"]["client_id"] = request["client_id"]
return resp_info
def test_append_cookie():
kaka1 = create_session_cookie("sess_man",
"session_state",
domain="example.com",
path="/")
kaka2 = create_session_cookie("foobar",
"value",
domain="example.com",
path="/")
kakor = append_cookie(kaka1, kaka2)
assert {"sess_man", "foobar"} == set(kakor.keys())
def kill_cookies(self):
_ec = self.endpoint_context
_dealer = _ec.cookie_dealer
_kakor = append_cookie(
_dealer.create_cookie(
"none",
typ="session",
ttl=0,
cookie_name=_ec.cookie_name["session_management"],
),
_dealer.create_cookie("none",
typ="session",
ttl=0,
cookie_name=_ec.cookie_name["session"]),
)
return _kakor
