Merge pull request #108 from IdentityPython/clear_txt_sid

Clear txt sid

Author: rohe

src/oidcop/session/manager.py

@@ -76,6 +76,7 @@ def __init__(
             self, handler: TokenHandler, conf: Optional[dict] = None,
             sub_func: Optional[dict] = None,
     ):
+        super(SessionManager, self).__init__()
         self.conf = conf or {}
 
         # these won't change runtime
@@ -451,6 +452,13 @@ def get_session_info(
 
         return res
 
+    def _compatible_sid(self, sid):
+        # To be backward compatible is this an old time sid
+        p = self.unpack_session_key(sid)
+        if len(p) == 3:
+            sid = self.encrypted_session_id(*p)
+        return sid
+
     def get_session_info_by_token(
             self,
             token_value: str,
@@ -467,6 +475,9 @@ def get_session_info_by_token(
         if not sid:
             raise WrongTokenClass
 
+        # To be backward compatible is this an old time sid
+        sid = self._compatible_sid(sid)
+
         return self.get_session_info(
             sid,
             user_session_info=user_session_info,
@@ -478,7 +489,8 @@ def get_session_info_by_token(
 
     def get_session_id_by_token(self, token_value: str) -> str:
         _token_info = self.token_handler.info(token_value)
-        return _token_info["sid"]
+        sid = _token_info.get("sid")
+        return self._compatible_sid(sid)
 
     def add_grant(self, user_id: str, client_id: str, **kwargs) -> Grant:
         """

tests/test_35_oidc_token_endpoint.py

@@ -2,14 +2,14 @@
 import json
 import os
 
-import pytest
 from cryptojwt import JWT
 from cryptojwt.key_jar import build_keyjar
 from oidcmsg.oidc import AccessTokenRequest
 from oidcmsg.oidc import AuthorizationRequest
 from oidcmsg.oidc import RefreshAccessTokenRequest
 from oidcmsg.oidc import TokenErrorResponse
 from oidcmsg.time_util import utc_time_sans_frac
+import pytest
 
 from oidcop import JWT_BEARER
 from oidcop.authn_event import create_authn_event
@@ -813,6 +813,25 @@ def test_old_default_token(self):
         _info = self.session_manager.token_handler.info(_old_type_value)
         assert _info["token_class"] == "authorization_code"
 
+    def test_old_default_token_sid_unencrypted(self):
+        session_id = self._create_session(AUTH_REQ)
+        grant = self.session_manager[session_id]
+        code = self._mint_code(grant, AUTH_REQ["client_id"])
+
+        # pack and unpack
+        _handler = self.session_manager.token_handler.handler["authorization_code"]
+        _res = dict(zip(["_id", "token_class", "sid", "exp"], _handler.split_token(code.value)))
+
+        _clear_txt_sid = self.session_manager.session_key(
+            *self.session_manager.decrypt_session_id(_res["sid"]))
+
+        _old_type_token = base64.b64encode(
+            _handler.crypt.encrypt(lv_pack(_res["_id"], "A", _clear_txt_sid, _res["exp"]).encode())
+        ).decode("utf-8")
+
+        _session_info = self.session_manager.get_session_info_by_token(_old_type_token)
+        assert _session_info["user_id"] == "diana"
+
     def test_old_jwt_token(self):
         session_id = self._create_session(AUTH_REQ)
         grant = self.session_manager[session_id]