diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-11-05 09:56:36 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-11-05 09:56:36 +0200 |
commit | df351c2661cd838e1b7de521f1fcd4f84acdf4a0 (patch) | |
tree | 5ebbab360420bcd299d53ddd330b654fc67837e4 /qvisqve | |
parent | 5a74ba9553fd21465e04dd4ace7007e2f865d7f1 (diff) | |
download | qvisqve-df351c2661cd838e1b7de521f1fcd4f84acdf4a0.tar.gz |
Add: sub fields to clients, tokens created by client-cred grant
Diffstat (limited to 'qvisqve')
-rw-r--r-- | qvisqve/authn_entity_manager.py | 9 | ||||
-rw-r--r-- | qvisqve/authn_entity_manager_tests.py | 15 | ||||
-rw-r--r-- | qvisqve/token_router.py | 3 |
3 files changed, 26 insertions, 1 deletions
diff --git a/qvisqve/authn_entity_manager.py b/qvisqve/authn_entity_manager.py index f84634c..e3d454a 100644 --- a/qvisqve/authn_entity_manager.py +++ b/qvisqve/authn_entity_manager.py @@ -71,6 +71,15 @@ class ClientManager(AuthenticatingEntityManager): def __init__(self, rs): super().__init__(rs, 'client') + def get_subject(self, username): + user = self.get(username) + return user.get('sub') + + def set_subject(self, username, sub): + user = self.get(username) + user['sub'] = sub + self.create(username, user) + class UserManager(AuthenticatingEntityManager): diff --git a/qvisqve/authn_entity_manager_tests.py b/qvisqve/authn_entity_manager_tests.py index 0d51d4b..579791f 100644 --- a/qvisqve/authn_entity_manager_tests.py +++ b/qvisqve/authn_entity_manager_tests.py @@ -94,6 +94,21 @@ class ClientManagerTests(unittest.TestCase): self.cm.set_secret(client['id'], secret) self.assertTrue(self.cm.is_valid_secret(client['id'], secret)) + def test_has_no_subject_initially(self): + client = { + 'id': 'test-client', + } + self.cm.create(client['id'], client) + self.assertEqual(self.cm.get_subject(client['id']), None) + + def test_sets_subject(self): + client = { + 'id': 'test-client', + } + self.cm.create(client['id'], client) + self.cm.set_subject(client['id'], 'tomjon') + self.assertEqual(self.cm.get_subject(client['id']), 'tomjon') + class UserManagerTests(unittest.TestCase): diff --git a/qvisqve/token_router.py b/qvisqve/token_router.py index 4778063..bd3744c 100644 --- a/qvisqve/token_router.py +++ b/qvisqve/token_router.py @@ -106,7 +106,8 @@ class ClientCredentialsGrant(Grant): if s in allowed ) - token = self._generator.new_token(client_id, scope) + sub = self._clients.get_subject(client_id) + token = self._generator.new_token(client_id, scope, subject_id=sub) return qvisqve.ok_response({ 'access_token': token, 'token_type': 'Bearer', |