From 14244521b526c755530997d5066ff5c9d1d2b094 Mon Sep 17 00:00:00 2001 From: aperakett Date: Mon, 16 Sep 2019 12:52:02 +0200 Subject: [PATCH] Add raw_info to auth_hash for response_type id_token (#42) * The complete id_token is now a part of the hash that is returned to the application * Bugfix: Redefining env method for Strategy class caused race condition in test execution --- lib/omniauth/strategies/openid_connect.rb | 4 +- .../strategies/openid_connect_test.rb | 39 ++++++++++++++++++- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb index bb6aebdd..8ea27b2d 100644 --- a/lib/omniauth/strategies/openid_connect.rb +++ b/lib/omniauth/strategies/openid_connect.rb @@ -111,7 +111,6 @@ def callback_phase invalid_state = params['state'].to_s.empty? || params['state'] != stored_state raise CallbackError.new(params['error'], error_description, params['error_uri']) if error - raise CallbackError, 'Invalid state parameter' if invalid_state return unless valid_response_type? @@ -307,7 +306,8 @@ def id_token_callback_phase env['omniauth.auth'] = AuthHash.new( provider: name, uid: user_data['sub'], - info: { name: user_data['name'], email: user_data['email'] } + info: { name: user_data['name'], email: user_data['email'] }, + extra: { raw_info: user_data } ) call_app! end diff --git a/test/lib/omniauth/strategies/openid_connect_test.rb b/test/lib/omniauth/strategies/openid_connect_test.rb index 71053d9a..4c7aebae 100644 --- a/test/lib/omniauth/strategies/openid_connect_test.rb +++ b/test/lib/omniauth/strategies/openid_connect_test.rb @@ -454,7 +454,8 @@ def test_state def test_dynamic_state # Stub request parameters - Strategy.send(:define_method, 'env', -> { { QUERY_STRING: { state: 'abc', client_id: '123' } } }) + request.stubs(:path_info).returns('') + strategy.call!('rack.session' => { }, QUERY_STRING: { state: 'abc', client_id: '123' } ) strategy.options.state = lambda { |env| # Get params from request, e.g. CGI.parse(env['QUERY_STRING']) @@ -530,6 +531,42 @@ def test_public_key_with_hmac strategy.options.client_signing_alg = :HS256 assert_equal strategy.options.client_options.secret, strategy.public_key end + + def test_id_token_auth_hash + state = SecureRandom.hex(16) + nonce = SecureRandom.hex(16) + strategy.options.response_type = 'id_token' + strategy.options.issuer = 'example.com' + + id_token = stub('OpenIDConnect::ResponseObject::IdToken') + id_token.stubs(:verify!).returns(true) + id_token.stubs(:raw_attributes, :to_h).returns( + { + "iss": "http://server.example.com", + "sub": "248289761001", + "aud": "s6BhdRkqt3", + "nonce": "n-0S6_WzA2Mj", + "exp": 1311281970, + "iat": 1311280970, + } + ) + + request.stubs(:params).returns('state' => state, 'nounce' => nonce, 'id_token' => id_token) + request.stubs(:path_info).returns('') + + strategy.stubs(:decode_id_token).returns(id_token) + strategy.stubs(:stored_state).returns(state) + + strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce }) + strategy.callback_phase + + auth_hash = strategy.send(:env)['omniauth.auth'] + assert auth_hash.key?('provider') + assert auth_hash.key?('uid') + assert auth_hash.key?('info') + assert auth_hash.key?('extra') + assert auth_hash['extra'].key?('raw_info') + end end end end