diff options
Diffstat (limited to 'qvisqve')
-rw-r--r-- | qvisqve/authn_entity_manager.py | 9 | ||||
-rw-r--r-- | qvisqve/authn_entity_manager_tests.py | 15 | ||||
-rw-r--r-- | qvisqve/token_router.py | 3 |
3 files changed, 26 insertions, 1 deletions
diff --git a/qvisqve/authn_entity_manager.py b/qvisqve/authn_entity_manager.py index f84634c..e3d454a 100644 --- a/qvisqve/authn_entity_manager.py +++ b/qvisqve/authn_entity_manager.py @@ -71,6 +71,15 @@ class ClientManager(AuthenticatingEntityManager): def __init__(self, rs): super().__init__(rs, 'client') + def get_subject(self, username): + user = self.get(username) + return user.get('sub') + + def set_subject(self, username, sub): + user = self.get(username) + user['sub'] = sub + self.create(username, user) + class UserManager(AuthenticatingEntityManager): diff --git a/qvisqve/authn_entity_manager_tests.py b/qvisqve/authn_entity_manager_tests.py index 0d51d4b..579791f 100644 --- a/qvisqve/authn_entity_manager_tests.py +++ b/qvisqve/authn_entity_manager_tests.py @@ -94,6 +94,21 @@ class ClientManagerTests(unittest.TestCase): self.cm.set_secret(client['id'], secret) self.assertTrue(self.cm.is_valid_secret(client['id'], secret)) + def test_has_no_subject_initially(self): + client = { + 'id': 'test-client', + } + self.cm.create(client['id'], client) + self.assertEqual(self.cm.get_subject(client['id']), None) + + def test_sets_subject(self): + client = { + 'id': 'test-client', + } + self.cm.create(client['id'], client) + self.cm.set_subject(client['id'], 'tomjon') + self.assertEqual(self.cm.get_subject(client['id']), 'tomjon') + class UserManagerTests(unittest.TestCase): diff --git a/qvisqve/token_router.py b/qvisqve/token_router.py index 4778063..bd3744c 100644 --- a/qvisqve/token_router.py +++ b/qvisqve/token_router.py @@ -106,7 +106,8 @@ class ClientCredentialsGrant(Grant): if s in allowed ) - token = self._generator.new_token(client_id, scope) + sub = self._clients.get_subject(client_id) + token = self._generator.new_token(client_id, scope, subject_id=sub) return qvisqve.ok_response({ 'access_token': token, 'token_type': 'Bearer', |