From 09d58d2502f62e146dc40a4a6b79c011c527bb94 Mon Sep 17 00:00:00 2001 From: Sergei Maertens Date: Wed, 22 May 2024 10:17:42 +0200 Subject: [PATCH 1/2] :bug: Fix obfuscation of missing claims --- mozilla_django_oidc_db/utils.py | 7 +++++-- tests/test_utils.py | 9 +++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/mozilla_django_oidc_db/utils.py b/mozilla_django_oidc_db/utils.py index 32eff07..546c1ad 100644 --- a/mozilla_django_oidc_db/utils.py +++ b/mozilla_django_oidc_db/utils.py @@ -1,7 +1,7 @@ from collections.abc import Collection from copy import deepcopy -from glom import Path, assign, glom +from glom import Path, PathAccessError, assign, glom from requests.utils import _parse_content_type_header # type: ignore from .typing import ClaimPath, JSONObject, JSONValue @@ -32,7 +32,10 @@ def obfuscate_claims( copied_claims = deepcopy(claims) for claim_bits in claims_to_obfuscate: claim_path = Path(*claim_bits) - claim_value = glom(copied_claims, claim_path) + try: + claim_value = glom(copied_claims, claim_path) + except PathAccessError: + continue assign(copied_claims, claim_path, obfuscate_claim_value(claim_value)) return copied_claims diff --git a/tests/test_utils.py b/tests/test_utils.py index 05fba34..65573d6 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1,3 +1,4 @@ +from mozilla_django_oidc_db.typing import JSONObject from mozilla_django_oidc_db.utils import obfuscate_claim_value, obfuscate_claims @@ -45,3 +46,11 @@ def test_obfuscate_nested(): result = obfuscate_claims(claims, claims_to_obfuscate) assert result == expected_result + + +def test_obfuscate_with_missing_claims(): + claims: JSONObject = {"present": "12345"} + + result = obfuscate_claims(claims, claims_to_obfuscate=(["missing"], ["present"])) + + assert result == {"present": "****5"} From 962342d2b5994705b045040f82d7c5a78054a049 Mon Sep 17 00:00:00 2001 From: Sergei Maertens Date: Thu, 23 May 2024 15:08:40 +0200 Subject: [PATCH 2/2] :coffin: Delete unused type var --- mozilla_django_oidc_db/backends.py | 10 ++-------- tests/test_backend.py | 6 +++--- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/mozilla_django_oidc_db/backends.py b/mozilla_django_oidc_db/backends.py index d36eb59..a145bcc 100644 --- a/mozilla_django_oidc_db/backends.py +++ b/mozilla_django_oidc_db/backends.py @@ -3,7 +3,7 @@ import fnmatch import logging from collections.abc import Collection -from typing import Any, TypeAlias, TypeVar, cast +from typing import Any, TypeAlias, cast from django.contrib.auth import get_user_model from django.contrib.auth.models import ( @@ -23,11 +23,7 @@ from .config import dynamic_setting, get_setting_from_config, lookup_config from .exceptions import MissingIdentifierClaim from .jwt import verify_and_decode_token -from .models import ( - OpenIDConnectConfig, - OpenIDConnectConfigBase, - UserInformationClaimsSources, -) +from .models import OpenIDConnectConfigBase, UserInformationClaimsSources from .typing import ClaimPath, JSONObject from .utils import extract_content_type, obfuscate_claims @@ -35,8 +31,6 @@ AnyUser: TypeAlias = AnonymousUser | AbstractBaseUser -T = TypeVar("T", bound=OpenIDConnectConfig) - missing = object() diff --git a/tests/test_backend.py b/tests/test_backend.py index bc06c45..72ff6ee 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -657,11 +657,11 @@ def test_init_does_not_perform_config_io(mocker): * pytest will complain about database access which is forbidden because there is no pytest.mark.django_db present (deliberately) """ - m_get_solo = mocker.patch( - "mozilla_django_oidc_db.backends.OpenIDConnectConfig.get_solo" + m_get_setting = mocker.patch( + "mozilla_django_oidc_db.backends.get_setting_from_config" ) # instantiate OIDCAuthenticationBackend() - m_get_solo.assert_not_called() + m_get_setting.assert_not_called()