zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-15 17:17:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix infinite loop

Browse source
This commit is contained in:
zandercymatics 2024-05-16 12:37:14 -06:00
parent 28e18e705b
commit f3f1b896bb
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
2 changed files with 14 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/djangooidc/oidc.py
View file

@ -104,7 +104,8 @@ class Client(oic.Client):
"redirect_uri": self.registration_response["redirect_uris"][0], "redirect_uri": self.registration_response["redirect_uris"][0],
} }
if add_acr: if add_acr:
request_args["acr_values"] = session.get("acr_value") or self.behaviour.get("acr_value") request_args["acr_values"] = self.behaviour.get("acr_value")
else:
request_args["vtr"] = json.dumps(self.behaviour.get("vtr")) request_args["vtr"] = json.dumps(self.behaviour.get("vtr"))
if extra_args is not None: if extra_args is not None:
@ -228,9 +229,15 @@ class Client(oic.Client):
if isinstance(info_response, ErrorResponse): if isinstance(info_response, ErrorResponse):
logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state)) logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state))
raise o_e.AuthenticationFailed(locator=state) raise o_e.AuthenticationFailed(locator=state)
info_response_dict = info_response.to_dict()
logger.debug("user info: %s" % info_response) if "needs_biometric_validation" in session and session["needs_biometric_validation"]:
return info_response.to_dict() if "vtm" in session:
info_response_dict["vtm"] = session.get("vtm")
if "vtr" in session:
info_response_dict["vtr"] = session.get("vtr")
logger.debug("user info: %s" % info_response_dict)
return info_response_dict
def _request_token(self, state, code, session): def _request_token(self, state, code, session):
"""Request a token from OP to allow us to then request user info.""" """Request a token from OP to allow us to then request user info."""

5
src/djangooidc/views.py
View file

@ -93,14 +93,15 @@ def login_callback(request):
userinfo = CLIENT.callback(query, request.session) userinfo = CLIENT.callback(query, request.session)
# test for need for identity verification and if it is satisfied # test for need for identity verification and if it is satisfied
# if not satisfied, redirect user to login with stepped up acr_value # if not satisfied, redirect user to login with stepped up acr_value
request.session["needs_biometric_validation"] = False
if _requires_step_up_auth(userinfo): if _requires_step_up_auth(userinfo):
# add acr_value to request.session # add acr_value to request.session
if "acr_value" in request.session: if "acr_value" in request.session:
request.session.pop("acr_value") request.session.pop("acr_value")
extra_args = { extra_args = {
"vtm": CLIENT.get_vtm_value(), "vtm": CLIENT.get_vtm_value(),
} }
request.session["needs_biometric_validation"] = True
print(f"session is: {request.session}") print(f"session is: {request.session}")
return CLIENT.create_authn_request(request.session, add_acr=False, extra_args=extra_args) return CLIENT.create_authn_request(request.session, add_acr=False, extra_args=extra_args)
user = authenticate(request=request, **userinfo) user = authenticate(request=request, **userinfo)
@ -151,7 +152,7 @@ def _requires_step_up_auth(userinfo):
acr_value = userinfo.get("ial", "") acr_value = userinfo.get("ial", "")
uuid = userinfo.get("sub", "") uuid = userinfo.get("sub", "")
email = userinfo.get("email", "") email = userinfo.get("email", "")
if acr_value != step_up_acr_value: if acr_value != step_up_acr_value and (not userinfo.get("vtm") and not userinfo.get("vtr")):
# The acr of this attempt is not at the highest level # The acr of this attempt is not at the highest level
# so check if the user needs the higher level # so check if the user needs the higher level
return User.needs_identity_verification(email, uuid) return User.needs_identity_verification(email, uuid)