From bff4ba3b76d665d49b83eaebba6d462f31018dcb Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Fri, 29 Jul 2022 01:19:13 +0200 Subject: [PATCH] fix: [RP] BCP in the request jwt --- spid_cie_oidc/__init__.py | 2 +- spid_cie_oidc/relying_party/settings.py | 1 + spid_cie_oidc/relying_party/views/rp_begin.py | 10 ++++++++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/spid_cie_oidc/__init__.py b/spid_cie_oidc/__init__.py index 777f190d..8088f751 100644 --- a/spid_cie_oidc/__init__.py +++ b/spid_cie_oidc/__init__.py @@ -1 +1 @@ -__version__ = "0.8.0" +__version__ = "0.8.1" diff --git a/spid_cie_oidc/relying_party/settings.py b/spid_cie_oidc/relying_party/settings.py index 97d21d39..16aa2821 100644 --- a/spid_cie_oidc/relying_party/settings.py +++ b/spid_cie_oidc/relying_party/settings.py @@ -116,3 +116,4 @@ } RP_DEFAULT_PROVIDER_PROFILES = getattr(settings, "RP_DEFAULT_PROVIDER_PROFILES", "spid") +RP_REQUEST_EXP = getattr(settings, "RP_REQUEST_EXP", 60) diff --git a/spid_cie_oidc/relying_party/views/rp_begin.py b/spid_cie_oidc/relying_party/views/rp_begin.py index e460f3a8..69c2222e 100644 --- a/spid_cie_oidc/relying_party/views/rp_begin.py +++ b/spid_cie_oidc/relying_party/views/rp_begin.py @@ -1,5 +1,6 @@ import json import logging +import uuid from copy import deepcopy from djagger.decorators import schema @@ -18,7 +19,8 @@ from ..models import OidcAuthentication from ..settings import ( RP_PKCE_CONF, - RP_REQUEST_CLAIM_BY_PROFILE + RP_REQUEST_CLAIM_BY_PROFILE, + RP_REQUEST_EXP ) from ..utils import ( http_dict_to_redirect_uri_path, @@ -134,7 +136,9 @@ def get(self, request, *args, **kwargs): ) redirect_uri = client_conf["redirect_uris"][0] _profile = request.GET.get("profile", "spid") + _timestamp_now = int(timezone.localtime().timestamp()) authz_data = dict( + iss=client_conf["client_id"], scope= request.GET.get("scope", None) or "openid", redirect_uri=redirect_uri, response_type=client_conf["response_types"][0], @@ -143,7 +147,9 @@ def get(self, request, *args, **kwargs): client_id=client_conf["client_id"], endpoint=authz_endpoint, acr_values= OIDCFED_ACR_PROFILES, - iat=int(timezone.localtime().timestamp()), + iat=_timestamp_now, + exp=_timestamp_now+RP_REQUEST_EXP, + jti = str(uuid.uuid4()), aud=[tc.sub, authz_endpoint], claims=RP_REQUEST_CLAIM_BY_PROFILE[_profile], )