brat000012001 / django-oidc Goto Github PK

An uncaught ParseError if thrown during RP initiated logout if the identity server returns an unexpected response or any of the HTTP status codes indicating the request failed.
When the RP initiates a logout (a user clicks on a logout link), the RP redirects to the OP end session URL and passes a previously acquired id_token as a hint for the OP. However, if the session the token was issued for has already been terminated, the server returns HTTP status code 500. This causes the client to display a stack trace instead of gracefully handling the exception.
The behavior has been observed using the keycloak identity server version 2.3.0

Pre-requisites: django v 2.2.5

The code in djangooidc/views.py, line 94 throws an exception:

Exception at /openid/callback/login/
this login is not valid in this application

The culprit is the change https://github.com/django/django/commit/4b9330ccc04575f9e5126529ec355a450d12e77c#diff-09614db38e88cea4b3662ee14305885c that made it into django v 1.11.a1 that affected the signature of backend's authenticate method, and causing backward compatibility issues.

The fix is to add an additional request parameter to the authenticate method of djangooidc.backends.OpenIdConnectBackend:

def authenticate(self, request, **kwargs):
...

/openid/logout throws an error after logging in with OIDC provider. The error is not thrown after logging in with local user credentials

Environment:


Request Method: GET
Request URL: https://xxxx.xxx/openid/logout?next=/en

Django Version: 1.8.18
Python Version: 2.7.12
Installed Applications:
('djangocms_admin_style',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.admin',
 'django.contrib.sites',
 'django.contrib.sitemaps',
 'django.contrib.staticfiles',
 'django.contrib.messages',
 'cms',
 'menus',
 'sekizai',
 'treebeard',
 'djangocms_text_ckeditor',
 'filer',
 'easy_thumbnails',
 'djangocms_column',
 'djangocms_link',
 'cmsplugin_filer_file',
 'cmsplugin_filer_folder',
 'cmsplugin_filer_image',
 'cmsplugin_filer_utils',
 'djangocms_snippet',
 'djangocms_googlemap',
 'djangocms_video',
 'cms_themes',
 'bootstrap3',
 'aldryn_bootstrap3',
 'aldryn_style',
 'aldryn_apphooks_config',
 'parler',
 'taggit',
 'taggit_autosuggest',
 'meta',
 'djangocms_blog',
 'aldryn_search',
 'xxxxxx')
Installed Middleware:
('cms.middleware.utils.ApphookReloadMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.locale.LocaleMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'cms.middleware.user.CurrentUserMiddleware',
 'cms.middleware.page.CurrentPageMiddleware',
 'cms.middleware.toolbar.ToolbarMiddleware',
 'cms.middleware.language.LanguageCookieMiddleware')


Traceback:
File "~/env/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "~/env/local/lib/python2.7/site-packages/djangooidc/views.py" in logout
  142.         resp = HttpResponse(content_type=res.headers["content-type"], status=res.status_code, content=res._content)
File "~/env/local/lib/python2.7/site-packages/requests/structures.py" in __getitem__
  54.         return self._store[key.lower()][1]

Exception Type: KeyError at /openid/logout
Exception Value: 'content-type'

The application uses a next query parameter to tell the backend where to redirect after the login process has successfully completed. However, it seems the backend completely ignores the query parameter and always redirects to / instead of using the relative path specified in next

This is specific to python3. djangoidc/views.py, line 70:

` return client.create_authn_request(request.session)'

throws an exception:

OpenID Connect authentication has failed
Error message is: string argument without an encoding

The error is caused by the following code in /home/pnalyvayko/ccperforce_views/depot/github/repos/django-oidc/djangooidc/oidc.py:

if isinstance(url, newstr):
p3_bytes = bytes(url)

bytes(..) in python3 takes encoding as a second argument. The fix is to update the code above to:

if isinstance(url, newstr):
p3_bytes = bytes(url,'utf-8')