CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

OIDC: Drop scopes validation (fixes #5464) (#5623)

Browse Source 
* OIDC: Drop scopes validation (fixes #5464)

* Fix test

* Remove claims as well
This commit is contained in:
Raphael Michel
2025-11-19 14:39:32 +01:00
committed by GitHub
parent 4dc5bbae06
commit 9c80f3038a
2 changed files with 0 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/pretix/base/customersso/oidc.py
View File

@@ -112,23 +112,6 @@ def oidc_validate_and_complete_config(config):
scope="openid", scope="openid",
)) ))
for scope in config["scope"].split(" "):
if scope not in provider_config.get("scopes_supported", []):
raise ValidationError(_('You are requesting scope "{scope}" but provider only supports these: {scopes}.').format(
scope=scope,
scopes=", ".join(provider_config.get("scopes_supported", []))
))
if "claims_supported" in provider_config:
claims_supported = provider_config.get("claims_supported", [])
for k, v in config.items():
if k.endswith('_field') and v:
if v not in claims_supported: # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
raise ValidationError(_('You are requesting field "{field}" but provider only supports these: {fields}.').format(
field=v,
fields=", ".join(provider_config.get("claims_supported", []))
))
if "token_endpoint_auth_methods_supported" in provider_config: if "token_endpoint_auth_methods_supported" in provider_config:
token_endpoint_auth_methods_supported = provider_config.get("token_endpoint_auth_methods_supported", token_endpoint_auth_methods_supported = provider_config.get("token_endpoint_auth_methods_supported",
["client_secret_basic"]) ["client_secret_basic"])

6
src/tests/base/test_customer_oidc_rp.py
View File

@@ -175,12 +175,6 @@ def test_incompatible():
oidc_validate_and_complete_config(config) oidc_validate_and_complete_config(config)
assert "not requesting" in str(e.value) assert "not requesting" in str(e.value)
config["scope"] = "openid foo"
with pytest.raises(ValidationError) as e:
oidc_validate_and_complete_config(config)
assert "requesting scope" in str(e.value)
@responses.activate @responses.activate
def test_compatible(): def test_compatible():