From b869e472def88875d2b55c7d49b19ecdcaad297c Mon Sep 17 00:00:00 2001 From: Mackenzie Salloum Date: Mon, 21 Dec 2020 14:13:45 -0800 Subject: [PATCH 1/2] Ensure iat datetime accounts for timezone --- oauth2_provider/oauth2_validators.py | 2 +- tests/test_oauth2_validators.py | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py index e7fb860b3..77d5ee5d4 100644 --- a/oauth2_provider/oauth2_validators.py +++ b/oauth2_provider/oauth2_validators.py @@ -800,7 +800,7 @@ def get_id_token_dictionary(self, token, token_handler, request): "iss": self.get_oidc_issuer_endpoint(request), "aud": request.client_id, "exp": int(dateformat.format(expiration_time, "U")), - "iat": int(dateformat.format(datetime.utcnow(), "U")), + "iat": int(dateformat.format(timezone.now(), "U")), "auth_time": int(dateformat.format(request.user.last_login, "U")), }) diff --git a/tests/test_oauth2_validators.py b/tests/test_oauth2_validators.py index 1a0926988..f619cb6a2 100644 --- a/tests/test_oauth2_validators.py +++ b/tests/test_oauth2_validators.py @@ -1,8 +1,9 @@ +import calendar import contextlib import datetime from django.contrib.auth import get_user_model -from django.test import TestCase, TransactionTestCase +from django.test import override_settings, TestCase, TransactionTestCase from django.utils import timezone from oauthlib.common import Request @@ -294,6 +295,20 @@ def test_generate_at_hash(self): assert at_hash == "77QmUPtjPfzWtF2AnpK9RQ" + @override_settings(TIME_ZONE="US/Eastern") + def test_iat_timezone_awareness(self): + # get_id_token_dictionary requires these fields to be set + self.request.client_id = self.application.client_id + self.request.user.last_login = timezone.now() + self.request.response_type = None + + claims, __ = self.validator.get_id_token_dictionary(None, None, self.request) + # Remove several sig figs to improve test resilience + expected_time = int(calendar.timegm(timezone.now().timetuple()) / 1000) * 1000 + actual_time = int(claims["iat"] / 1000) * 1000 + + assert actual_time == expected_time + class TestOAuth2ValidatorProvidesErrorData(TransactionTestCase): """These test cases check that the recommended error codes are returned From 000e8c2f30c510cd4468b3deff8d53965627be9b Mon Sep 17 00:00:00 2001 From: Mackenzie Salloum Date: Mon, 21 Dec 2020 14:14:05 -0800 Subject: [PATCH 2/2] Increment version to 1.4.3 --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index e93a54dbb..fd1b3adfc 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,6 @@ [metadata] name = django-oauth-toolkit -version = 1.4.2 +version = 1.4.3 description = OAuth2 Provider for Django long_description = file: README.rst long_description_content_type = text/x-rst