mirror of
https://github.com/sartography/spiff-arena.git
synced 2025-01-27 01:40:48 +00:00
local-openid-path-based-fix (#1332)
* use the backend url config for the well-known endpoint since request.host_url will not know about the path w/ burnettk * attempting to fix run precommit in ci w/ burnettk * fix constraints location w/ burnettk * fix correct stanza w/ burnettk --------- Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
parent
6a4e575429
commit
12e7cecd97
11
.github/workflows/tests.yml
vendored
11
.github/workflows/tests.yml
vendored
@ -124,9 +124,8 @@ jobs:
|
|||||||
- name: Install pip and poetry
|
- name: Install pip and poetry
|
||||||
run: |
|
run: |
|
||||||
pwd
|
pwd
|
||||||
ls
|
ls -al
|
||||||
pip install --constraint=../.github/workflows/constraints.txt pip poetry
|
pip install --constraint=../.github/workflows/constraints.txt pip poetry
|
||||||
pip install --upgrade setuptools # https://stackoverflow.com/a/77364602/6090676
|
|
||||||
pip --version
|
pip --version
|
||||||
poetry --version
|
poetry --version
|
||||||
|
|
||||||
@ -221,8 +220,9 @@ jobs:
|
|||||||
- name: Install Poetry
|
- name: Install Poetry
|
||||||
run: |
|
run: |
|
||||||
pwd
|
pwd
|
||||||
ls
|
ls -al
|
||||||
pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry
|
pip --version
|
||||||
|
pip install --constraint=.github/workflows/constraints.txt pip poetry
|
||||||
poetry --version
|
poetry --version
|
||||||
- name: Poetry Install
|
- name: Poetry Install
|
||||||
run: poetry install
|
run: poetry install
|
||||||
@ -269,9 +269,8 @@ jobs:
|
|||||||
- name: Install pip and poetry
|
- name: Install pip and poetry
|
||||||
run: |
|
run: |
|
||||||
pwd
|
pwd
|
||||||
ls
|
ls -al
|
||||||
pip install --constraint=../.github/workflows/constraints.txt pip poetry
|
pip install --constraint=../.github/workflows/constraints.txt pip poetry
|
||||||
pip install --upgrade setuptools # https://stackoverflow.com/a/77364602/6090676
|
|
||||||
pip --version
|
pip --version
|
||||||
poetry --version
|
poetry --version
|
||||||
|
|
||||||
|
@ -20,6 +20,9 @@ def version_info() -> Response:
|
|||||||
return make_response(get_version_info_data(), 200)
|
return make_response(get_version_info_data(), 200)
|
||||||
|
|
||||||
|
|
||||||
|
# this is just to see what the protocol is, primarily. if the site is running on https in the browser, but this says "http://something.example.com",
|
||||||
|
# that might be bad, and might require some server configuration to make sure flask knows it is running on https.
|
||||||
|
# if using path based routing, the path will probably not be returned from this endpoint.
|
||||||
def url_info() -> Response:
|
def url_info() -> Response:
|
||||||
return make_response({"url": request.url, "cache": AuthenticationService.ENDPOINT_CACHE}, 200)
|
return make_response({"url": request.url, "cache": AuthenticationService.ENDPOINT_CACHE}, 200)
|
||||||
|
|
||||||
|
@ -40,7 +40,9 @@ def well_known() -> dict:
|
|||||||
|
|
||||||
These urls can be very different from one openid impl to the next, this is just a small subset.
|
These urls can be very different from one openid impl to the next, this is just a small subset.
|
||||||
"""
|
"""
|
||||||
host_url = request.host_url.strip("/")
|
|
||||||
|
# using or instead of setting a default so we can set the env var to None in tests and this will still work
|
||||||
|
host_url = current_app.config.get("SPIFFWORKFLOW_BACKEND_URL") or request.host_url.strip("/")
|
||||||
return {
|
return {
|
||||||
"issuer": f"{host_url}/openid",
|
"issuer": f"{host_url}/openid",
|
||||||
"authorization_endpoint": f"{host_url}{url_for('openid.auth')}",
|
"authorization_endpoint": f"{host_url}{url_for('openid.auth')}",
|
||||||
@ -108,7 +110,8 @@ def token() -> Response | dict:
|
|||||||
authorization = base64.b64decode(authorization).decode("utf-8")
|
authorization = base64.b64decode(authorization).decode("utf-8")
|
||||||
client_id = authorization.split(":")
|
client_id = authorization.split(":")
|
||||||
|
|
||||||
base_url = request.host_url + "openid"
|
host_url = current_app.config.get("SPIFFWORKFLOW_BACKEND_URL", request.host_url.strip("/"))
|
||||||
|
base_url = f"{host_url}/openid"
|
||||||
private_key = OpenIdConfigsForDevOnly.private_key
|
private_key = OpenIdConfigsForDevOnly.private_key
|
||||||
|
|
||||||
id_token = jwt.encode(
|
id_token = jwt.encode(
|
||||||
|
@ -7,7 +7,7 @@ from flask.testing import FlaskClient
|
|||||||
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||||
|
|
||||||
|
|
||||||
class TestFlaskOpenId(BaseTest):
|
class TestOpenidBlueprint(BaseTest):
|
||||||
"""An integrated Open ID that responds to openID requests.
|
"""An integrated Open ID that responds to openID requests.
|
||||||
|
|
||||||
By referencing a build in YAML file. Useful for
|
By referencing a build in YAML file. Useful for
|
||||||
@ -23,9 +23,17 @@ class TestFlaskOpenId(BaseTest):
|
|||||||
"""Test discovery endpoints."""
|
"""Test discovery endpoints."""
|
||||||
response = client.get("/openid/.well-known/openid-configuration")
|
response = client.get("/openid/.well-known/openid-configuration")
|
||||||
discovered_urls = response.json
|
discovered_urls = response.json
|
||||||
assert "http://localhost/openid" == discovered_urls["issuer"]
|
assert "http://localhost:7000/openid" == discovered_urls["issuer"]
|
||||||
assert "http://localhost/openid/auth" == discovered_urls["authorization_endpoint"]
|
assert "http://localhost:7000/openid/auth" == discovered_urls["authorization_endpoint"]
|
||||||
assert "http://localhost/openid/token" == discovered_urls["token_endpoint"]
|
assert "http://localhost:7000/openid/token" == discovered_urls["token_endpoint"]
|
||||||
|
|
||||||
|
with self.app_config_mock(app, "SPIFFWORKFLOW_BACKEND_URL", None):
|
||||||
|
response = client.get("/openid/.well-known/openid-configuration")
|
||||||
|
discovered_urls = response.json
|
||||||
|
# in unit tests, request.host_url will not have the port but it will have it in actual localhost flask server
|
||||||
|
assert "http://localhost/openid" == discovered_urls["issuer"]
|
||||||
|
assert "http://localhost/openid/auth" == discovered_urls["authorization_endpoint"]
|
||||||
|
assert "http://localhost/openid/token" == discovered_urls["token_endpoint"]
|
||||||
|
|
||||||
def test_get_login_page(
|
def test_get_login_page(
|
||||||
self,
|
self,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user