lukewarm refactoring of client_autn.py

peppelinux · peppelinux · commit 088946d4e796 · 2019-12-04T17:35:39.000+01:00
adding __contains__ in MemoryDB to allow:

`i in endpoint.cdb -&gt; Bool`

and avoid access try / except on the search for an entity
diff --git a/src/oidcendpoint/client_authn.py b/src/oidcendpoint/client_authn.py
@@ -136,17 +136,13 @@ def verify(self, request, **kwargs):
             logger.info("%s" % sanitize(err))
             raise AuthnFailure("Could not verify client_assertion.")
 
-        try:
-            logger.debug("authntoken: %s" % sanitize(ca_jwt.to_dict()))
-        except AttributeError:
-            logger.debug("authntoken: %s" % sanitize(ca_jwt))
+        authtoken = sanitize(ca_jwt)
+        if hasattr(ca_jwt, 'to_dict') and callable(ca_jwt, 'to_dict'):
+            authtoken = sanitize(ca_jwt.to_dict())
+        logger.debug("authntoken: {}".format(authtoken))
 
         request[verified_claim_name("client_assertion")] = ca_jwt
-
-        try:
-            client_id = kwargs["client_id"]
-        except KeyError:
-            client_id = ca_jwt["iss"]
+        client_id = kwargs.get("client_id") or ca_jwt["iss"]
 
         # I should be among the audience
         # could be either my issuer id or the token endpoint
@@ -244,51 +240,45 @@ def verify_client(
         else:
             raise UnknownOrNoAuthnMethod(authorization_info)
 
-    try:
-        client_id = auth_info["client_id"]
-    except KeyError:
-        try:
-            _token = auth_info["token"]
-        except KeyError:
+    client_id = auth_info.get("client_id")
+    _token = auth_info.get("token")
+
+    if client_id:
+
+        if not client_id in endpoint_context.cdb:
+            raise ValueError("Unknown Client ID")
+
+        _cinfo = endpoint_context.cdb[client_id]
+        if isinstance(_cinfo, str):
+            if not _cinfo in endpoint_context.cdb:
+                raise ValueError("Unknown Client ID")
+
+        if not valid_client_info(_cinfo):
+            logger.warning("Client registration has timed out")
+            raise ValueError("Not valid client")
+
+        # store what authn method was used
+        if auth_info.get("method"):
+            if endpoint_context.cdb[client_id].get("auth_method") and \
+               request.__class__.__name__ in endpoint_context.cdb[client_id]["auth_method"]:
+                endpoint_context.cdb[client_id]["auth_method"][
+                    request.__class__.__name__
+                ] = auth_info["method"]
+            else:
+                endpoint_context.cdb[client_id]["auth_method"] = {
+                    request.__class__.__name__: auth_info["method"]
+                    }
+
+    elif not client_id and get_client_id_from_token:
+        if not _token:
             logger.warning("No token")
-        else:
-            if get_client_id_from_token:
-                try:
-                    _id = get_client_id_from_token(endpoint_context, _token, request)
-                except KeyError:
-                    raise ValueError("Unknown token")
-
-                if _id:
-                    auth_info["client_id"] = _id
-    else:
+            raise ValueError("No token")
+
         try:
-            _cinfo = endpoint_context.cdb[client_id]
+            # get_client_id_from_token is a callback... Do not abuse for code readability.
+            auth_info["client_id"] = get_client_id_from_token(endpoint_context,
+                                                              _token, request)
         except KeyError:
-            raise ValueError("Unknown Client ID")
-        else:
-            if isinstance(_cinfo, str):
-                try:
-                    _cinfo = endpoint_context.cdb[_cinfo]
-                except KeyError:
-                    raise ValueError("Unknown Client ID")
-
-            try:
-                valid_client_info(_cinfo)
-            except KeyError:
-                logger.warning("Client registration has timed out")
-                raise ValueError("Not valid client")
-            else:
-                # store what authn method was used
-                try:
-                    endpoint_context.cdb[client_id]["auth_method"][
-                        request.__class__.__name__
-                    ] = auth_info["method"]
-                except KeyError:
-                    try:
-                        endpoint_context.cdb[client_id]["auth_method"] = {
-                            request.__class__.__name__: auth_info["method"]
-                        }
-                    except KeyError:
-                        pass
+            raise ValueError("Unknown token")
 
     return auth_info
diff --git a/src/oidcendpoint/in_memory_db.py b/src/oidcendpoint/in_memory_db.py
@@ -2,17 +2,19 @@ class InMemoryDataBase(object):
     def __init__(self):
         self.db = {}
 
+    def __contains__(self, key):
+        if self.db.get(key):
+            return 1
+
     def set(self, key, value):
         self.db[key] = value
 
     def get(self, key):
-        try:
-            return self.db[key]
-        except KeyError:
-            return None
+        return self.db.get(key, None)
 
     def delete(self, key):
-        del self.db[key]
+        if self.db.get(key):
+            del self.db[key]
 
     def keys(self):
         return self.db.keys()
diff --git a/src/oidcendpoint/session.py b/src/oidcendpoint/session.py
@@ -13,7 +13,7 @@
 from oidcendpoint import token_handler
 from oidcendpoint.authn_event import AuthnEvent
 from oidcendpoint.in_memory_db import InMemoryDataBase
-from oidcendpoint.sso_db import SSODb
+from oidcendpoint.sso_db import (SSODb, KEY_FORMAT)
 from oidcendpoint.token_handler import AccessCodeUsed
 from oidcendpoint.token_handler import ExpiredToken
 from oidcendpoint.token_handler import UnknownToken
@@ -119,7 +119,7 @@ def dict_match(a, b):
 
 class SessionDB(object):
     def __init__(self, db, handler, sso_db, userinfo=None, sub_func=None):
-        # db must implement the InMemoryStateDataBase interface
+        # db must implement the InMemoryDataBase interface
         self._db = db
         self.handler = handler
         self.sso_db = sso_db
@@ -224,13 +224,14 @@ def update_by_token(self, token, **kwargs):
         return self.update(_sid, **kwargs)
 
     def map_kv2sid(self, key, value, sid):
-        self._db.set("__{}__{}__".format(key, value), sid)
+        """ KEY_FORMAT = "__{}__{}" """
+        self._db.set(KEY_FORMAT.format(key, value), sid)
 
     def delete_kv2sid(self, key, value):
-        self._db.delete("__{}__{}__".format(key, value))
+        self._db.delete(KEY_FORMAT.format(key, value))
 
     def get_sid_by_kv(self, key, value):
-        return self._db.get("__{}__{}__".format(key, value))
+        return self._db.get(KEY_FORMAT.format(key, value))
 
     def get_token(self, sid):
         _sess_info = self[sid]
@@ -241,7 +242,8 @@ def get_token(self, sid):
             return _sess_info["access_token"]
 
     def do_sub(
-        self, sid, uid, client_salt, sector_id="", subject_type="public", user_salt=""
+        self, sid, uid, client_salt, sector_id="",
+        subject_type="public", user_salt=""
     ):
         """
         Create and store a subject identifier
