diff --git a/requirements.txt b/requirements.txt index 11344b8e630bf1fb2dc0d810db615c60c1a7c66d..a9ba80e45f664bb41b148feece219f04f6f90d3d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,5 +2,5 @@ # should match https://pypi.python.org/pypi names. For the full spec or # dependency lines, see https://pip.readthedocs.org/en/1.1/requirements.html click -python-keycloak >= 4 +python-keycloak >= 5.3.1 pyyaml diff --git a/swh/auth/keycloak.py b/swh/auth/keycloak.py index d3456b340b7a992d9d2fdd287fe7d522b161a9c2..95fba3722419a9878ed67b731b69772720e3d693 100644 --- a/swh/auth/keycloak.py +++ b/swh/auth/keycloak.py @@ -71,11 +71,8 @@ class KeycloakOpenIDConnect: Returns: A dictionary filled with OpenID Connect URIS. """ - try: - return self._keycloak.well_known() - except AttributeError: - # python-keycloak < 1.0.0 - return self._keycloak.well_know() + + return self._keycloak.well_known() def authorization_url(self, redirect_uri: str, **extra_params: str) -> str: """ @@ -101,7 +98,7 @@ class KeycloakOpenIDConnect: return auth_url def authorization_code( - self, code: str, redirect_uri: str, **extra_params: str + self, code: str, redirect_uri: str, **extra_params ) -> Dict[str, Any]: """ Get OpenID Connect authentication tokens using Authorization @@ -125,7 +122,7 @@ class KeycloakOpenIDConnect: ) def login( - self, username: str, password: str, scope: str = "openid", **extra_params: str + self, username: str, password: str, scope: str = "openid", **extra_params ) -> Dict[str, Any]: """ Get OpenID Connect authentication tokens using Direct Access Grant flow. @@ -240,7 +237,7 @@ def keycloak_error_message(keycloak_error: KeycloakError) -> str: """Transform a keycloak exception into an error message.""" try: # keycloak error wrapped in a JSON document - msg_dict = json.loads(keycloak_error.error_message.decode()) + msg_dict = json.loads(keycloak_error.error_message) error_msg = msg_dict["error"] error_desc = msg_dict.get("error_description") if error_desc: diff --git a/swh/auth/pytest_plugin.py b/swh/auth/pytest_plugin.py index fb9cb6494497f84e3045724ba0de48454d08bd5f..51f5f21006f830e5e987f6b9291e47ea92581726 100644 --- a/swh/auth/pytest_plugin.py +++ b/swh/auth/pytest_plugin.py @@ -67,40 +67,42 @@ class KeycloackOpenIDConnectMock(KeycloakOpenIDConnect): self.user_groups = user_groups self.realm_permissions = realm_permissions self.client_permissions = client_permissions - self._keycloak.public_key = lambda: raw_realm_public_key - self._keycloak.well_known = lambda: { - "issuer": f"{self.server_url}realms/{self.realm_name}", - "authorization_endpoint": ( - f"{self.server_url}realms/" - f"{self.realm_name}/protocol/" - "openid-connect/auth" - ), - "token_endpoint": ( - f"{self.server_url}realms/{self.realm_name}/" - "protocol/openid-connect/token" - ), - "token_introspection_endpoint": ( - f"{self.server_url}realms/" - f"{self.realm_name}/protocol/" - "openid-connect/token/" - "introspect" - ), - "userinfo_endpoint": ( - f"{self.server_url}realms/{self.realm_name}/" - "protocol/openid-connect/userinfo" - ), - "end_session_endpoint": ( - f"{self.server_url}realms/" - f"{self.realm_name}/protocol/" - "openid-connect/logout" - ), - "jwks_uri": ( - f"{self.server_url}realms/{self.realm_name}/" - "protocol/openid-connect/certs" - ), - } - # for python-keycloak < 1.0.0: - self._keycloak.well_know = self._keycloak.well_known + setattr(self._keycloak, "public_key", lambda: raw_realm_public_key) + setattr( + self._keycloak, + "well_known", + lambda: { + "issuer": f"{self.server_url}realms/{self.realm_name}", + "authorization_endpoint": ( + f"{self.server_url}realms/" + f"{self.realm_name}/protocol/" + "openid-connect/auth" + ), + "token_endpoint": ( + f"{self.server_url}realms/{self.realm_name}/" + "protocol/openid-connect/token" + ), + "token_introspection_endpoint": ( + f"{self.server_url}realms/" + f"{self.realm_name}/protocol/" + "openid-connect/token/" + "introspect" + ), + "userinfo_endpoint": ( + f"{self.server_url}realms/{self.realm_name}/" + "protocol/openid-connect/userinfo" + ), + "end_session_endpoint": ( + f"{self.server_url}realms/" + f"{self.realm_name}/protocol/" + "openid-connect/logout" + ), + "jwks_uri": ( + f"{self.server_url}realms/{self.realm_name}/" + "protocol/openid-connect/certs" + ), + }, + ) self.set_auth_success(auth_success, oidc_profile, user_info) @@ -156,7 +158,7 @@ class KeycloackOpenIDConnectMock(KeycloakOpenIDConnect): "error": "invalid_grant", "error_description": "Invalid user credentials", } - error_message = json.dumps(error).encode() + error_message = json.dumps(error) exception = KeycloakError(error_message=error_message, response_code=401) self.authorization_code.side_effect = exception self.authorization_url.side_effect = exception