Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure the issuer of the ID Token is the correct one. #377

Merged
merged 3 commits into from
Jun 12, 2017
Merged

Make sure the issuer of the ID Token is the correct one. #377

merged 3 commits into from
Jun 12, 2017

Conversation

rohe
Copy link
Collaborator

@rohe rohe commented Jun 9, 2017

Should not accept an ID Token from anyone but the expected one.

@rohe
Copy link
Collaborator Author

rohe commented Jun 9, 2017
edited
Loading

Travis fails because #374 isn't accepted yet. Wrong of me, I was one step off :-/

@coveralls
Copy link

coveralls commented Jun 9, 2017
edited
Loading

Coverage Status

Coverage increased (+0.01%) to 63.138% when pulling 3149cdf on rohe:iss_check into eee497c on OpenIDC:master.

schlenk
schlenk reviewed Jun 9, 2017
View reviewed changes
src/oic/oic/message.py Outdated
@@ -674,6 +675,13 @@ class IdToken(OpenIDSchema):
def verify(self, **kwargs):
super(IdToken, self).verify(**kwargs)

try:
kwargs['iss'] == self['iss']
Copy link
Collaborator

@schlenk schlenk Jun 9, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why should this produce an AssertionError? no assert anywhere...

It is also not a great idea to use 'assert' for this kind of code, as 'assert' gets removed when someone runs python with optimization (-O), so logic fails.

So maybe just raise IssuerMismatch directly if the comparision fails.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, I should have know better.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.02%) to 63.141% when pulling e2f2b1a on rohe:iss_check into eee497c on OpenIDC:master.

1 similar comment
@coveralls
Copy link

coveralls commented Jun 12, 2017
edited
Loading

Coverage Status

Coverage increased (+0.02%) to 63.141% when pulling e2f2b1a on rohe:iss_check into eee497c on OpenIDC:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.02%) to 63.141% when pulling 42e1f35 on rohe:iss_check into eee497c on OpenIDC:master.

2 similar comments
@coveralls
Copy link

Coverage Status

Coverage increased (+0.02%) to 63.141% when pulling 42e1f35 on rohe:iss_check into eee497c on OpenIDC:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.02%) to 63.141% when pulling 42e1f35 on rohe:iss_check into eee497c on OpenIDC:master.

@rohe rohe merged commit 45afe84 into CZ-NIC:master Jun 12, 2017
@rohe rohe deleted the iss_check branch June 12, 2017 13:45
schlenk
schlenk reviewed Jun 12, 2017
View reviewed changes
Copy link
Collaborator

@schlenk schlenk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now.

@decentral1se
Copy link
Contributor

🍺

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schlenk schlenk schlenk left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rohe @coveralls @decentral1se @schlenk