Merge branch 'master' of github.com:IdentityPython/oidcendpoint

Author: rohe

src/oidcendpoint/cookie.py

@@ -14,7 +14,7 @@
 from cryptojwt.jwk.hmac import SYMKey
 from cryptojwt.jwk.jwk import key_from_jwk_dict
 from cryptojwt.jws.hmac import HMACSigner
-from cryptojwt.key_bundle import init_key
+from cryptojwt.key_bundle import init_key, import_jwk
 from cryptojwt.utils import as_bytes
 from cryptojwt.utils import as_unicode
 from cryptojwt.utils import b64e
@@ -301,7 +301,10 @@ def __init__(
             else:
                 self.sign_key = SYMKey(k=sign_key)
         elif sign_jwk:
-            self.sign_key = init_key(**sign_jwk)
+            if isinstance(sign_jwk, dict):
+                self.sign_key = init_key(**sign_jwk)
+            else:
+                self.sign_key = import_jwk(sign_jwk)
         else:
             self.sign_key = None
 
@@ -313,7 +316,10 @@ def __init__(
             else:
                 self.enc_key = SYMKey(k=enc_key)
         elif enc_jwk:
-            self.enc_key = init_key(**enc_jwk)
+            if isinstance(enc_jwk, dict):
+                self.enc_key = init_key(**enc_jwk)
+            else:
+                self.enc_key = import_jwk(enc_jwk)
         else:
             self.enc_key = None
 

src/oidcendpoint/endpoint_context.py

@@ -136,9 +136,9 @@ def __init__(
 
         # set self.sdb
         if session_db:
-            self.set_session_db(conf, sso_db, db=session_db)
+            self.set_session_db(sso_db, db=session_db)
         else:
-            self.set_session_db(conf, sso_db)
+            self.set_session_db(sso_db)
 
         self.scope2claims = SCOPE2CLAIMS
 
@@ -220,9 +220,9 @@ def __init__(
         # client registration access tokens
         self.registration_access_token = {}
 
-    def set_session_db(self, conf, sso_db=None, db=None):
+    def set_session_db(self, sso_db=None, db=None):
         sso_db = sso_db or SSODb()
-        self.do_session_db(conf, sso_db, db)
+        self.do_session_db(sso_db, db)
         # append useinfo db to the session db
         self.do_userinfo()
         logger.debug('Session DB: {}'.format(self.sdb.__dict__))
@@ -296,7 +296,7 @@ def do_sub_func(self):
                 else:
                     self._sub_func[key] = args["function"]
 
-    def do_session_db(self, conf, sso_db, db=None):
+    def do_session_db(self, sso_db, db=None):
         self.sdb = create_session_db(
             self, self.th_args, db=db,
             sso_db=sso_db,

src/oidcendpoint/oidc/session.py

@@ -381,11 +381,8 @@ def do_verified_logout(self, sid, client_id, alla=False, **kwargs):
         else:
             _res = self.logout_from_client(sid=sid, client_id=client_id)
 
-        try:
-            bcl = _res["blu"]
-        except KeyError:
-            pass
-        else:
+        bcl = _res.get("blu")
+        if bcl:
             # take care of Back channel logout first
             for _cid, spec in bcl.items():
                 _url, sjwt = spec
@@ -404,10 +401,7 @@ def do_verified_logout(self, sid, client_id, alla=False, **kwargs):
                 elif res.status_code >= 400:
                     logger.info("failed to logout from {}".format(_cid))
 
-        try:
-            return _res["flu"].values()
-        except KeyError:
-            return []
+        return _res["flu"].values() if _res.get("fluu") else []
 
     def kill_cookies(self):
         _ec = self.endpoint_context

src/oidcendpoint/session.py

@@ -232,6 +232,7 @@ def delete_kv2sid(self, key, value):
         self._db.delete(KEY_FORMAT.format(key, value))
 
     def get_sid_by_kv(self, key, value):
+        """ KEY_FORMAT = "__{}__{}" """
         return self._db.get(KEY_FORMAT.format(key, value))
 
     def get_token(self, sid):
@@ -451,10 +452,8 @@ def revoke_token(self, token, token_type=""):
     def revoke_all_tokens(self, token):
         _sinfo = self[token]
         for typ in self.handler.keys():
-            try:
+            if _sinfo.get(typ):
                 self.revoke_token(_sinfo[typ], typ)
-            except KeyError:
-                pass
 
     def revoke_session(self, sid="", token=""):
         """
@@ -559,10 +558,10 @@ def get_authentication_event(self, sid):
             sesinf = session_info.get("authn_event")
             return sesinf or ValueError("No Authn event info")
 
+
 def create_session_db(ec, token_handler_args, db=None,
                       sso_db=None, sub_func=None):
     _token_handler = token_handler.factory(ec, **token_handler_args)
-
     db = db or InMemoryDataBase()
     sso_db = sso_db or SSODb()
     return SessionDB(db, _token_handler, sso_db, sub_func=sub_func)

src/oidcendpoint/sso_db.py

@@ -35,7 +35,7 @@ def set(self, label, key, value):
     def get(self, label, key):
         _key = KEY_FORMAT.format(label, key)
         value = self._db.get(_key)
-        logger.debug("SSODb get {} [{}]".format(key, value))
+        logger.debug("SSODb get {} - {}: {}".format(label, key, value))
         return value
 
     def delete(self, label, key):
@@ -45,16 +45,16 @@ def delete(self, label, key):
     def remove(self, label, key, value):
         _key = KEY_FORMAT.format(label, key)
         _values = self._db.get(_key)
-        if _values:
-            try:
-                _values.remove(value)
-            except ValueError:
-                pass
+        vcount = len(_values)
+        # full clean up
+        while value in _values:
+            _values.remove(value)
+        # if changes have been made -> update them
+        if vcount != len(_values):
+            if _values:
+                self._db.set(_key, _values)
             else:
-                if _values:
-                    self._db.set(_key, _values)
-                else:
-                    self._db.delete(_key)
+                self._db.delete(_key)
 
     def map_sid2uid(self, sid, uid):
         """