Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotfix/#754 client secret basic remove quote plus #755

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Hotfix/#754 client secret basic remove quote plus #755

wants to merge 12 commits into from

Conversation

gbmarc1
Copy link

@gbmarc1 gbmarc1 commented Jul 16, 2020
edited
Loading

  • Any changes relevant to users are recorded in the CHANGELOG.md.
  • The documentation has been updated, if necessary.
  • New code is annotated.
  • Changes are covered by tests.

@gbmarc1 gbmarc1 mentioned this pull request Jul 16, 2020
Open
@tpazderka
Copy link
Collaborator

Are you willing to change this to do not use the quote_plus based on a kwarg as mentioned in #754 ?

@gbmarc1
Copy link
Author

gbmarc1 commented Jul 20, 2020

Yes I will do. However, would it be more flexible to add an optional argument where you can specify the pre-encoding (before base64) of the user-pass instead of a boolean to quote_plus or not.
This would enable any encoding as per the point 3 of the RFC7617 spec.

   To receive authorization, the client

   1.  obtains the user-id and password from the user,

   2.  constructs the user-pass by concatenating the user-id, a single
       colon (":") character, and the password,

   3.  encodes the user-pass into an octet sequence (see below for a
       discussion of character encoding schemes),

   4.  and obtains the basic-credentials by encoding this octet sequence
       using Base64 ([RFC4648], Section 4) into a sequence of US-ASCII
       characters ([RFC0020]).

   The original definition of this authentication scheme failed to
   specify the character encoding scheme used to convert the user-pass
   into an octet sequence.  In practice, most implementations chose
   either a locale-specific encoding such as ISO-8859-1 ([ISO-8859-1]),
   or UTF-8 ([RFC3629]).  For backwards compatibility reasons, this
   specification continues to leave the default encoding undefined, as
   long as it is compatible with US-ASCII (mapping any US-ASCII
   character to a single octet matching the US-ASCII character code).

Marc-Antoine Belanger added 3 commits July 20, 2020 13:25
optional encoding before base64 encoding
d81bb20
Merge remote-tracking branch 'origin/hotfix/CZ-NIC#754-ClientSecretBa…
2bf41f4 
…sic-remove-quote_plus' into hotfix/CZ-NIC#754-ClientSecretBasic-remove-quote_plus

# Conflicts:
#	src/oic/utils/authn/client.py
#	tests/test_client.py
kwargs in contruct
d2aae60
@codecov-commenter
Copy link

Codecov Report

Merging #755 into master will decrease coverage by 0.01%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #755      +/-   ##
==========================================
- Coverage   63.66%   63.65%   -0.02%     
==========================================
  Files          64       64              
  Lines       11826    11822       -4     
  Branches     2091     2091              
==========================================
- Hits         7529     7525       -4     
  Misses       3701     3701              
  Partials      596      596
Impacted Files Coverage Δ
src/oic/utils/authn/user.py 62.96% <ø> (-0.46%) ⬇️
src/oic/utils/authn/client.py 69.75% <100.00%> (-0.10%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 53a246a...d2aae60. Read the comment docs.

tpazderka
tpazderka requested changes Jul 21, 2020
View reviewed changes
src/oic/__init__.py Outdated Show resolved Hide resolved
src/oic/utils/authn/client.py Outdated
Comment on lines 124 to 132
if "encoding" in kwargs:
encoding = kwargs["encoding"]
else:
encoding = "utf-8"

if "url_encoded" in kwargs:
url_encoded = kwargs["url_encoded"]
else:
url_encoded = True
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather define the kwargs with their default values in the method signature (and also document in the docstring).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, it looks like adding the annotation triggers complains from mypy. I am not sure if there is an easy way out of here.
Will have a look.

There are some other quality issues that need to be solved.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, the mypy complain is because of the cis arg that is not in the superclass. One way to fix this is to remove the typing annotations. The other way is to make the signature the same (by making the cis a kwarg rather than arg).

I would go with the latter. If you are not willing to do that, make a separate issue and I will deal with that and you can base your PR on top of that.

Marc-Antoine Belanger added 2 commits July 21, 2020 09:56
@tpazderka
Copy link
Collaborator

Codacy Here is an overview of what got changed by this pull request:

Issues
======
- Added 1

See the complete overview on Codacy

tpazderka
tpazderka reviewed Jul 23, 2020
View reviewed changes
Copy link
Collaborator

@tpazderka tpazderka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good code-wise.

There are still two reported errors from mypy that need to be fixed:

tests/test_client.py:88: error: Incompatible types in assignment (expression has type "bytes", variable has type "str")
303tests/test_client.py:90: error: Argument 1 to "join" of "bytes" has incompatible type "Tuple[str, str]"; expected "Iterable[Union[ByteString, memoryview]]"

@gbmarc1
Copy link
Author

gbmarc1 commented Jul 23, 2020
edited
Loading

Looks good code-wise.

There are still two reported errors from mypy that need to be fixed:

tests/test_client.py:88: error: Incompatible types in assignment (expression has type "bytes", variable has type "str")
303tests/test_client.py:90: error: Argument 1 to "join" of "bytes" has incompatible type "Tuple[str, str]"; expected "Iterable[Union[ByteString, memoryview]]"

I don't see any problem with this code

tpazderka
tpazderka reviewed Jul 23, 2020
View reviewed changes
tests/test_client.py

http_args = csb.construct(cis, **kwargs)

user, passwd = user.encode(encoding), passwd.encode(encoding)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assigns bytes to what was preciously str, mypy doesn't like that it may cause programming errors.

It should be solved by using a new variable, or encoding directly in L90.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should actually solve both mypy complains...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpazderka tpazderka tpazderka requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gbmarc1 @tpazderka @codecov-commenter