From d7bc4b4a934b3ef74b740c48253afd8a4a1aaea2 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Belanger Date: Thu, 16 Jul 2020 17:39:45 -0400 Subject: [PATCH 1/3] remove quote_plus --- src/oic/utils/authn/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oic/utils/authn/client.py b/src/oic/utils/authn/client.py index 0ba9190c9..6018a782f 100644 --- a/src/oic/utils/authn/client.py +++ b/src/oic/utils/authn/client.py @@ -121,7 +121,7 @@ def construct(self, cis, request_args=None, http_args=None, **kwargs): if "headers" not in http_args: http_args["headers"] = {} - credentials = "{}:{}".format(quote_plus(user), quote_plus(passwd)) + credentials = "{}:{}".format(user, passwd) authz = base64.b64encode(credentials.encode("utf-8")).decode("utf-8") http_args["headers"]["Authorization"] = "Basic {}".format(authz) From 8bd7390284184e815f89800c2a5c62d31354a708 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Belanger Date: Thu, 16 Jul 2020 17:40:08 -0400 Subject: [PATCH 2/3] added non friendly character to password test --- tests/utils/test_authn_client.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/utils/test_authn_client.py b/tests/utils/test_authn_client.py index 07f91ec9f..e8979398f 100644 --- a/tests/utils/test_authn_client.py +++ b/tests/utils/test_authn_client.py @@ -7,9 +7,9 @@ from oic.utils.authn.client import get_client_id CDB = { - "number5": {"client_secret": "drickyoughurt"}, + "number5": {"client_secret": "drickyoughurt*"}, "token_client": {}, - "expired": {"client_secret": "drickyoughurt", "client_secret_expires_at": 1}, + "expired": {"client_secret": "drickyoughurt*", "client_secret_expires_at": 1}, "secret_token": "token_client", "expired_token": "expired", } @@ -45,11 +45,11 @@ def test_wrong_authn(self): get_client_id(self.cdb, AuthorizationRequest(), "mumbo jumbo") def test_basic_authn_client_ok(self): - authn = "Basic " + b64encode(b"number5:drickyoughurt").decode() + authn = "Basic " + b64encode(b"number5:drickyoughurt*").decode() assert get_client_id(self.cdb, AuthorizationRequest(), authn) def test_basic_authn_client_missing(self): - authn = "Basic " + b64encode(b"missing:drickyoughurt").decode() + authn = "Basic " + b64encode(b"missing:drickyoughurt*").decode() with pytest.raises(FailedAuthentication): get_client_id(self.cdb, AuthorizationRequest(), authn) @@ -59,7 +59,7 @@ def test_basic_authn_client_wrongpass(self): get_client_id(self.cdb, AuthorizationRequest(), authn) def test_basic_authn_client_invalid(self): - authn = "Basic " + b64encode(b"expired:drickyoughurt").decode() + authn = "Basic " + b64encode(b"expired:drickyoughurt*").decode() with pytest.raises(FailedAuthentication): get_client_id(self.cdb, AuthorizationRequest(), authn) From 58a1b391da2d977d145bb24cbd1054428e203ca5 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Belanger Date: Fri, 17 Jul 2020 11:11:35 -0400 Subject: [PATCH 3/3] remove extra quote_plus --- src/oic/utils/authn/client.py | 1 - src/oic/utils/authn/user.py | 3 --- tests/test_authn_user.py | 3 +-- tests/test_client.py | 3 +-- 4 files changed, 2 insertions(+), 8 deletions(-) diff --git a/src/oic/utils/authn/client.py b/src/oic/utils/authn/client.py index 6018a782f..560c6e3c0 100644 --- a/src/oic/utils/authn/client.py +++ b/src/oic/utils/authn/client.py @@ -1,6 +1,5 @@ import base64 import logging -from urllib.parse import quote_plus from jwkest import Invalid from jwkest import MissingKey diff --git a/src/oic/utils/authn/user.py b/src/oic/utils/authn/user.py index 91cc206ba..1db76eee8 100644 --- a/src/oic/utils/authn/user.py +++ b/src/oic/utils/authn/user.py @@ -3,7 +3,6 @@ import logging import time from urllib.parse import parse_qs -from urllib.parse import unquote_plus from urllib.parse import urlencode from urllib.parse import urlsplit from urllib.parse import urlunsplit @@ -394,8 +393,6 @@ def authenticated_as(self, cookie=None, authorization="", **kwargs): _decoded = as_unicode(base64.b64decode(authorization)) (user, pwd) = _decoded.split(":") - user = unquote_plus(user) - pwd = unquote_plus(pwd) self.verify_password(user, pwd) return {"uid": user}, time.time() diff --git a/tests/test_authn_user.py b/tests/test_authn_user.py index bb9459410..a65973fe6 100644 --- a/tests/test_authn_user.py +++ b/tests/test_authn_user.py @@ -1,5 +1,4 @@ import base64 -from urllib.parse import quote_plus import pytest @@ -21,7 +20,7 @@ def test_basic_authn_authenticate_as(): ba = BasicAuthn(None, pwd=pwd_database) for user, passwd in pwd_database.items(): - credentials = "{}:{}".format(quote_plus(user), quote_plus(passwd)) + credentials = "{}:{}".format(user, passwd) authz = base64.b64encode(credentials.encode("utf-8")).decode("utf-8") authorization_string = "Basic {}".format(authz) diff --git a/tests/test_client.py b/tests/test_client.py index 295d7b0b6..d411e6b7c 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -2,7 +2,6 @@ import os from unittest.mock import Mock from unittest.mock import patch -from urllib.parse import quote_plus import pytest from jwkest import as_bytes @@ -63,7 +62,7 @@ def test_construct(self, client): csb = ClientSecretBasic(client) http_args = csb.construct(cis) - cred = "{}:{}".format(quote_plus("A"), quote_plus("boarding pass")) + cred = "{}:{}".format("A", "boarding pass") assert http_args == { "headers": { "Authorization": "Basic {}".format(