Make symkey an optional kwarg. #324
Conversation
|
Agreed. I think the function signature is fine, but it's required to check for authentication method. Something link: @lwm Could you please update your PR accordingly ? |
|
That probably is a side-effect of what I have pointed out. Empty string is used in creation of the cookie. |
|
Ah yes, I'll need to work a bit more on this and make some tests. Thanks for review 👍 |
|
Breaking changes! 💣 I'll need to bump the version, I suppose. Getting close? |
src/oic/oic/claims_provider.py
Outdated
| @@ -69,7 +69,7 @@ class ClaimsServer(Provider): | |||
| def __init__(self, name, sdb, cdb, userinfo, client_authn, urlmap=None, | |||
| ca_certs="", keyjar=None, hostname="", dist_claims_mode=None): | |||
| Provider.__init__(self, name, sdb, cdb, None, userinfo, None, | |||
| client_authn, "", urlmap, ca_certs, keyjar, | |||
| client_authn, rndstr(), urlmap, ca_certs, keyjar, | |||
There was a problem hiding this comment.
This can probably cause issues...
There was a problem hiding this comment.
Yes, you're right, will set to None instead.
src/oic/oauth2/provider.py
Outdated
| ca_bundle=None, verify_ssl=True, default_acr="", | ||
| baseurl='', server_cls=Server, client_cert=None): | ||
|
|
||
| if symkey is not None and symkey == "": |
There was a problem hiding this comment.
Maybe we can postpone this check till the point where the symkey is actually needed? Otherwise this check seems a little bit pointles since it passes for None which will break stuff.
There was a problem hiding this comment.
I see what you mean, I'll try to find the point where it is used.
|
Sure, we can remmember to bump the version, but we should wait so we do not release that often. |
|
Also you have a lot of unrelated cleanup changes. I would rather see them in a separate issue targeted at cleanup. |
Yep, fair point, please see #329. |
decentral1se
changed the title
|
I want to remove the level of indentation for this function and find this to be the simplest way to do that. I think it improve readability (I will add to this functions implementation in future commits).
This new class is useful to show some user error when configuring the Provider. I imagine, as we start to identify more which arguments/values are security related, we will start to use this more.
Please see #322.
In this commit, I track the usage of the `symkey` to the root in
`CookieDealer` and `SymKeyAuthn` and assert that it is never the empty
string.
Please see the following comment for background on this change:
#324 (review)
I have to add a __init__.py so that pytest can figure out where the conftest is. Closes #361.
|
OK gentlemen, please review this again! I've given it another go 👍 |
decentral1se
changed the title
| @@ -387,6 +388,10 @@ class SymKeyAuthn(UserAuthnMethod): | |||
|
|
|||
| def __init__(self, srv, ttl, symkey): | |||
| UserAuthnMethod.__init__(self, srv, ttl) | |||
|
|
|||
| if symkey is not None and symkey == "": | |||
There was a problem hiding this comment.
The actual check is even stricter, due to the minimal aes keylength, that is enforced in oic.util.aes.build_cipher.
Maybe the aes code could provide a method to check for the minimal keylength, so we could raise ImproperlyConfigured for that too, instead of the current AssertionError/FailedAuthentication which is misleading?
There was a problem hiding this comment.
The actual check is even stricter, due to the minimal aes keylength, that is enforced in oic.util.aes.build_cipher. ... Maybe the aes code could provide a method to check
I don't see the connection from the Provider.symkey to the oic.util.aes.build_cipher? Does one of the provider classes call this function? We put the check here due to the idea in this comment.
There was a problem hiding this comment.
You are right (in a way).
The only usecase for using the Provider.symkey currently is to use it as a key for AES encryption. And AES encryption needs a minimum key length (as checked in build_cipher). So it makes no sense to have a symkey that is too short to use as an AES key. (e.g. just 2 Bytes or something like that).
Currently, you can set a symkey like 'ab' and all the setup/init works, but you blow up at runtime, when you get FailedAuthentication or other AssertionErrors from aes.encrypt(). So it would be user friendlier to prevent a too short to be useful symkey too, instead of just empty and None.
There was a problem hiding this comment.
Aha! I see, I see. Thanks for the explanation. I'll follow up with a key length check in #367.
| if not getattr(srv, param, None): | ||
| setattr(srv, param, rndstr().encode("utf-8")) | ||
| if not srv: | ||
| return |
There was a problem hiding this comment.
Why not raise an exception here? Every other method in the class will blow up with an Exception if self.srv is None, so the class is in a broken state without it.
There was a problem hiding this comment.
Because the original code did not either and I wasn't sure if this was acceptable. I'll patch that up. Please, @rohe, can you confirm this?
There was a problem hiding this comment.
|
Over the time I've been working on this library I've gone back and forth between throwing an exception or returning something to signal that an error occurred. |
CHANGELOG.md.Follows from #322.