From a97d8b357f47927361dae451e2628be3a65ea21d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Skar=C5=BCy=C5=84ski?= Date: Wed, 11 Nov 2020 19:29:13 +0100 Subject: [PATCH 1/2] add tests for issue of PKCE authorization code GET request --- tests/test_authorization_code.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/test_authorization_code.py b/tests/test_authorization_code.py index e98f5b041..a80a54490 100644 --- a/tests/test_authorization_code.py +++ b/tests/test_authorization_code.py @@ -1012,7 +1012,7 @@ def test_public_pkce_S256_authorize_get(self): """ Request an access token using client_type: public and PKCE enabled. Tests if the authorize get is successfull - for the S256 algorithm + for the S256 algorithm and form data are properly passed. """ self.client.login(username="test_user", password="123456") @@ -1033,14 +1033,15 @@ def test_public_pkce_S256_authorize_get(self): } response = self.client.get(reverse("oauth2_provider:authorize"), data=query_data) - self.assertEqual(response.status_code, 200) + self.assertContains(response, 'value="S256"', count=1, status_code=200) + self.assertContains(response, 'value="{0}"'.format(code_challenge), count=1, status_code=200) oauth2_settings.PKCE_REQUIRED = False def test_public_pkce_plain_authorize_get(self): """ Request an access token using client_type: public and PKCE enabled. Tests if the authorize get is successfull - for the plain algorithm + for the plain algorithm and form data are properly passed. """ self.client.login(username="test_user", password="123456") @@ -1061,7 +1062,8 @@ def test_public_pkce_plain_authorize_get(self): } response = self.client.get(reverse("oauth2_provider:authorize"), data=query_data) - self.assertEqual(response.status_code, 200) + self.assertContains(response, 'value="plain"', count=1, status_code=200) + self.assertContains(response, 'value="{0}"'.format(code_challenge), count=1, status_code=200) oauth2_settings.PKCE_REQUIRED = False def test_public_pkce_S256(self): From af55011a628b54fe0e2b6ea9cc92a9c25e639586 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Skar=C5=BCy=C5=84ski?= Date: Wed, 11 Nov 2020 19:29:34 +0100 Subject: [PATCH 2/2] pass PKCE fields to AuthorizationView form --- AUTHORS | 3 ++- oauth2_provider/views/base.py | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 611a0e62b..ef1708d5c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -30,4 +30,5 @@ Rodney Richardson Silvano Cerza Stéphane Raimbault Jun Zhou -David Smith \ No newline at end of file +David Smith +Łukasz Skarżyński diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py index b9b6ed7f9..f9a28cfaa 100644 --- a/oauth2_provider/views/base.py +++ b/oauth2_provider/views/base.py @@ -156,6 +156,10 @@ def get(self, request, *args, **kwargs): kwargs["redirect_uri"] = credentials["redirect_uri"] kwargs["response_type"] = credentials["response_type"] kwargs["state"] = credentials["state"] + if "code_challenge" in credentials: + kwargs["code_challenge"] = credentials["code_challenge"] + if "code_challenge_method" in credentials: + kwargs["code_challenge_method"] = credentials["code_challenge_method"] self.oauth2_data = kwargs # following two loc are here only because of https://code.djangoproject.com/ticket/17795