From 28e18e705bdadef4bfdb0195c2016718d61ad04d Mon Sep 17 00:00:00 2001 From: zandercymatics <141044360+zandercymatics@users.noreply.github.com> Date: Thu, 16 May 2024 12:14:03 -0600 Subject: [PATCH] Add biometric --- src/djangooidc/oidc.py | 16 +++++++++++++--- src/djangooidc/views.py | 10 +++++++--- src/registrar/config/settings.py | 4 ++-- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/djangooidc/oidc.py b/src/djangooidc/oidc.py index 95ed322f5..1133a8b39 100644 --- a/src/djangooidc/oidc.py +++ b/src/djangooidc/oidc.py @@ -14,6 +14,7 @@ from oic.oic import AuthorizationRequest, AuthorizationResponse, RegistrationRes from oic.oic.message import AccessTokenResponse from oic.utils.authn.client import CLIENT_AUTHN_METHOD from oic.utils import keyio +from urllib.parse import urlparse, urlunparse, urlencode, parse_qs from . import exceptions as o_e @@ -84,6 +85,7 @@ class Client(oic.Client): def create_authn_request( self, session, + add_acr=True, extra_args=None, ): """Step 2: Construct a login URL at OP's domain and send the user to it.""" @@ -100,10 +102,10 @@ class Client(oic.Client): "state": session["state"], "nonce": session["nonce"], "redirect_uri": self.registration_response["redirect_uris"][0], - # acr_value may be passed in session if overriding, as in the case - # of step up auth, otherwise get from settings.py - "acr_values": session.get("acr_value") or self.behaviour.get("acr_value"), } + if add_acr: + request_args["acr_values"] = session.get("acr_value") or self.behaviour.get("acr_value") + request_args["vtr"] = json.dumps(self.behaviour.get("vtr")) if extra_args is not None: request_args.update(extra_args) @@ -126,6 +128,7 @@ class Client(oic.Client): method="GET", request_args=request_args, ) + logger.debug("body: %s" % body) logger.debug("URL: %s" % url) logger.debug("headers: %s" % headers) @@ -141,6 +144,7 @@ class Client(oic.Client): if headers: for key, value in headers.items(): response[key] = value + print(f"create auth => response is {response}") except Exception as err: logger.error(err) logger.error("Failed to create redirect object for %s" % state) @@ -294,6 +298,12 @@ class Client(oic.Client): this helper function is called from djangooidc views""" return self.behaviour.get("step_up_acr_value") + def get_vtm_value(self): + return self.behaviour.get("vtm") + + def get_vtr_value(self): + return self.behaviour.get("vtr") + def __repr__(self): return "Client {} {} {}".format( self.client_id, diff --git a/src/djangooidc/views.py b/src/djangooidc/views.py index a50a83cc9..05984e938 100644 --- a/src/djangooidc/views.py +++ b/src/djangooidc/views.py @@ -96,9 +96,13 @@ def login_callback(request): if _requires_step_up_auth(userinfo): # add acr_value to request.session - # LOOK HERE this is basically the flag that indicates that we should proceed - request.session["acr_value"] = CLIENT.get_step_up_acr_value() - return CLIENT.create_authn_request(request.session) + if "acr_value" in request.session: + request.session.pop("acr_value") + extra_args = { + "vtm": CLIENT.get_vtm_value(), + } + print(f"session is: {request.session}") + return CLIENT.create_authn_request(request.session, add_acr=False, extra_args=extra_args) user = authenticate(request=request, **userinfo) if user: diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index 7bda5e10d..781b67d5a 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -497,13 +497,13 @@ LOGGING = { # OpenID Connect logger "oic": { "handlers": ["console"], - "level": "INFO", + "level": "DEBUG", "propagate": False, }, # Django wrapper for OpenID Connect "djangooidc": { "handlers": ["console"], - "level": "INFO", + "level": "DEBUG", "propagate": False, }, # Our app!