diff --git a/oidc_rp/views.py b/oidc_rp/views.py index 19b430c..d2ea8ba 100644 --- a/oidc_rp/views.py +++ b/oidc_rp/views.py @@ -112,7 +112,7 @@ def get(self, request): # Authenticates the end-user. next_url = request.session.get('oidc_auth_next_url', None) - user = auth.authenticate(nonce=nonce, request=request) + user = auth.authenticate(request, nonce=nonce) if user and user.is_active: auth.login(self.request, user) # Stores an expiration timestamp in the user's session. This value will be used if diff --git a/tests/unit/test_backends.py b/tests/unit/test_backends.py index 4dc12d2..f3e1e63 100644 --- a/tests/unit/test_backends.py +++ b/tests/unit/test_backends.py @@ -82,7 +82,7 @@ def test_can_authenticate_a_new_user(self, rf): SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') assert user.email == 'test@example.com' assert user.oidc_user.sub == '1234' @@ -93,7 +93,7 @@ def test_can_authenticate_an_existing_user(self, rf): backend = OIDCAuthBackend() user = get_user_model().objects.create_user('test', 'test@example.com') OIDCUser.objects.create(user=user, sub='1234') - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') assert user.email == 'test@example.com' assert user.oidc_user.sub == '1234' @@ -107,7 +107,7 @@ def test_can_authenticate_a_new_user_even_if_no_email_is_in_userinfo_data(self, SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') assert not user.email assert user.oidc_user.sub == '1234' @@ -117,14 +117,14 @@ def test_cannot_authenticate_a_user_if_the_nonce_is_not_provided_and_if_it_is_ma SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - assert backend.authenticate(None, request) is None + assert backend.authenticate(request, nonce=None) is None def test_cannot_authenticate_a_user_if_the_request_object_is_not_provided(self, rf): request = rf.get('/oidc/cb/', {'code': 'authcode', }) SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - assert backend.authenticate('nonce', None) is None + assert backend.authenticate(None, nonce='nonce') is None def test_cannot_authenticate_a_user_if_the_state_is_not_present_in_the_request_parameters( self, rf): @@ -133,7 +133,7 @@ def test_cannot_authenticate_a_user_if_the_state_is_not_present_in_the_request_p request.session.save() backend = OIDCAuthBackend() with pytest.raises(SuspiciousOperation): - backend.authenticate('nonce', request) + backend.authenticate(request, nonce='nonce') def test_cannot_authenticate_a_user_if_the_code_is_not_present_in_the_request_parameters( self, rf): @@ -142,7 +142,7 @@ def test_cannot_authenticate_a_user_if_the_code_is_not_present_in_the_request_pa request.session.save() backend = OIDCAuthBackend() with pytest.raises(SuspiciousOperation): - backend.authenticate('nonce', request) + backend.authenticate(request, nonce='nonce') def test_cannot_authenticate_a_user_if_the_id_token_validation_shows_a_suspicious_operation( self, rf): @@ -151,7 +151,7 @@ def test_cannot_authenticate_a_user_if_the_id_token_validation_shows_a_suspiciou request.session.save() backend = OIDCAuthBackend() with pytest.raises(SuspiciousOperation): - backend.authenticate('badnonce', request) + backend.authenticate(request, nonce='badnonce') def test_cannot_authenticate_a_user_if_the_id_token_validation_fails(self, rf): httpretty.register_uri( @@ -164,7 +164,7 @@ def test_cannot_authenticate_a_user_if_the_id_token_validation_fails(self, rf): SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - assert backend.authenticate('nonce', request) is None + assert backend.authenticate(request, nonce='nonce') is None @unittest.mock.patch('oidc_rp.conf.settings.USER_DETAILS_HANDLER', 'tests.unit.test_backends.set_users_as_staff_members') @@ -173,7 +173,7 @@ def test_can_authenticate_a_new_user_and_update_its_details_with_a_specific_hand SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') assert user.email == 'test@example.com' assert user.oidc_user.sub == '1234' assert user.is_staff @@ -193,7 +193,7 @@ def test_can_process_userinfo_included_in_the_id_token_instead_of_calling_the_us SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') assert user.email == 'test1@example.com' assert user.oidc_user.sub == '1234' @@ -211,7 +211,7 @@ def handler(sender, request, oidc_user, **kwargs): SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - backend.authenticate('nonce', request) + backend.authenticate(request, nonce='nonce') assert self.signal_was_called is True assert type(self.request) is WSGIRequest diff --git a/tests/unit/test_middleware.py b/tests/unit/test_middleware.py index ea0cd75..63b2a1c 100644 --- a/tests/unit/test_middleware.py +++ b/tests/unit/test_middleware.py @@ -73,7 +73,7 @@ def test_can_refresh_the_access_token_of_a_previously_authenticated_user(self, r SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') request.session['oidc_auth_id_token_exp_timestamp'] = \ (tz.now() - dt.timedelta(minutes=1)).timestamp() request.session['oidc_auth_refresh_token'] = 'this_is_a_refresh_token' @@ -90,7 +90,7 @@ def test_can_properly_handle_the_case_where_a_user_was_authenticated_using_the_m request.session.save() user = get_user_model().objects.create_user('test', 'test@example.com', 'insecure') request.user = user - auth.authenticate(username='test', password='insecure') + auth.authenticate(request, username='test', password='insecure') auth.login(request, user) middleware = OIDCRefreshIDTokenMiddleware(lambda r: 'OK') middleware(request) @@ -102,7 +102,7 @@ def test_do_nothing_if_the_access_token_is_still_valid(self, rf): SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') request.session['oidc_auth_id_token_exp_timestamp'] = \ (tz.now() + dt.timedelta(minutes=1)).timestamp() request.session['oidc_auth_refresh_token'] = 'this_is_a_refresh_token' @@ -117,7 +117,7 @@ def test_log_out_the_user_if_the_id_token_is_not_valid(self, rf): SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') request.session['oidc_auth_id_token_exp_timestamp'] = \ (tz.now() - dt.timedelta(minutes=1)).timestamp() request.session['oidc_auth_refresh_token'] = 'this_is_a_refresh_token' @@ -140,7 +140,7 @@ def test_log_out_the_user_if_the_refresh_token_is_expired(self, rf): SessionMiddleware().process_request(request) request.session.save() backend = OIDCAuthBackend() - user = backend.authenticate('nonce', request) + user = backend.authenticate(request, nonce='nonce') request.session['oidc_auth_id_token_exp_timestamp'] = \ (tz.now() - dt.timedelta(minutes=1)).timestamp() request.session['oidc_auth_refresh_token'] = 'this_is_a_refresh_token'