More pylinting.

Author: rohe

exampel/conversation.py

@@ -278,7 +278,7 @@
 _authz_rep = AuthorizationResponse(**op_authz_resp)
 print(_authz_rep.to_urlencoded())
 _resp = service['authorization'].parse_response(_authz_rep.to_urlencoded())
-service['authorization'].update_service_context(_resp, state=STATE)
+service['authorization'].update_service_context(_resp, key=STATE)
 print()
 print('--- Authorization registration, response ----')
 print(_resp)
@@ -316,7 +316,7 @@
 
 service_context.issuer = OP_BASEURL
 _resp = service['accesstoken'].parse_response(json.dumps(_resp), state=STATE)
-service['accesstoken'].update_service_context(_resp, state=STATE)
+service['accesstoken'].update_service_context(_resp, key=STATE)
 print()
 print('--- Access token, response ----')
 print(_resp)
@@ -334,7 +334,7 @@
 op_resp = {"sub": "1b2fc9341a16ae4e30082965d537"}
 
 _resp = service['userinfo'].parse_response(json.dumps(op_resp), state=STATE)
-service['userinfo'].update_service_context(_resp, state=STATE)
+service['userinfo'].update_service_context(_resp, key=STATE)
 print()
 print('--- User info, response ----')
 print(_resp)

src/oidcservice/client_auth.py

@@ -267,7 +267,7 @@ def find_token(request, token_type, service, **kwargs):
         # I should pick the latest acquired token, this should be the right
         # order for that.
         _arg = service.multiple_extend_request_args(
-            {}, kwargs['state'], ['access_token'],
+            {}, kwargs['key'], ['access_token'],
             ['auth_response', 'token_response', 'refresh_token_response'])
         return _arg['access_token']
 

src/oidcservice/oauth2/access_token.py

@@ -1,3 +1,4 @@
+"""Implements the service that talks to the Access Token endpoint."""
 import logging
 
 from oidcmsg import oauth2
@@ -8,10 +9,11 @@
 from oidcservice.service import Service
 
 
-logger = logging.getLogger(__name__)
+LOGGER = logging.getLogger(__name__)
 
 
 class AccessToken(Service):
+    """The access token service."""
     msg_type = oauth2.AccessTokenRequest
     response_cls = oauth2.AccessTokenResponse
     error_msg = ResponseMessage
@@ -60,4 +62,3 @@ def oauth_pre_construct(self, request_args=None, **kwargs):
             request_args = _args
 
         return request_args, {}
-

src/oidcservice/oauth2/authorization.py

@@ -1,3 +1,4 @@
+"""The service that talks to the OAuth2 Authorization endpoint."""
 import logging
 
 from oidcmsg import oauth2
@@ -11,10 +12,11 @@
 from oidcservice.service import Service
 
 
-logger = logging.getLogger(__name__)
+LOGGER = logging.getLogger(__name__)
 
 
 class Authorization(Service):
+    """The service that talks to the OAuth2 Authorization endpoint."""
     msg_type = oauth2.AuthorizationRequest
     response_cls = oauth2.AuthorizationResponse
     error_msg = ResponseMessage
@@ -30,12 +32,13 @@ def __init__(self, service_context, state_db,
         self.pre_construct.extend([pick_redirect_uris, set_state_parameter])
         self.post_construct.append(self.store_auth_request)
 
-    def update_service_context(self, resp, state='', **kwargs):
+    def update_service_context(self, resp, key='', **kwargs):
         if 'expires_in' in resp:
             resp['__expires_at'] = time_sans_frac() + int(resp['expires_in'])
-        self.store_item(resp, 'auth_response', state)
+        self.store_item(resp, 'auth_response', key)
 
     def store_auth_request(self, request_args=None, **kwargs):
+        """Store the authorization request in the state DB."""
         _key = get_state_parameter(request_args, kwargs)
         self.store_item(request_args, 'auth_request', _key)
         return request_args
@@ -75,4 +78,3 @@ def post_parse_response(self, response, **kwargs):
                     except KeyError:
                         pass
         return response
-

src/oidcservice/oauth2/provider_info_discovery.py

@@ -1,3 +1,4 @@
+"""The service that talks to the OAuth2 provider info discovery endpoint."""
 import logging
 
 from cryptojwt.key_jar import KeyJar
@@ -9,10 +10,11 @@
 from oidcservice.exception import OidcServiceError
 from oidcservice.service import Service
 
-logger = logging.getLogger(__name__)
+LOGGER = logging.getLogger(__name__)
 
 
 class ProviderInfoDiscovery(Service):
+    """The service that talks to the OAuth2 provider info discovery endpoint."""
     msg_type = oauth2.Message
     response_cls = oauth2.ASConfigurationResponse
     error_msg = ResponseMessage
@@ -38,8 +40,8 @@ def get_endpoint(self):
 
         if _iss.endswith('/'):
             return OIDCONF_PATTERN.format(_iss[:-1])
-        else:
-            return OIDCONF_PATTERN.format(_iss)
+
+        return OIDCONF_PATTERN.format(_iss)
 
     def get_request_parameters(self, method="GET", **kwargs):
         """
@@ -51,82 +53,92 @@ def get_request_parameters(self, method="GET", **kwargs):
         """
         return {'url': self.get_endpoint(), 'method': method}
 
-    def _update_service_context(self, resp, **kwargs):
+    def _verify_issuer(self, resp, issuer):
+        _pcr_issuer = resp["issuer"]
+        if resp["issuer"].endswith("/"):
+            if issuer.endswith("/"):
+                _issuer = issuer
+            else:
+                _issuer = issuer + "/"
+        else:
+            if issuer.endswith("/"):
+                _issuer = issuer[:-1]
+            else:
+                _issuer = issuer
+
+        # In some cases we can live with the two URLs not being
+        # the same. But this is an excepted that has to be explicit
+        try:
+            self.service_context.allow['issuer_mismatch']
+        except KeyError:
+            if _issuer != _pcr_issuer:
+                raise OidcServiceError(
+                    "provider info issuer mismatch '%s' != '%s'" % (
+                        _issuer, _pcr_issuer))
+        return _issuer
+
+    @staticmethod
+    def _store_endpoint(srvs, key, val):
+        for _srv in srvs.values():
+            # Every service has an endpoint_name assigned
+            # when initiated. This name *MUST* match the
+            # endpoint names used in the provider info
+            if _srv.endpoint_name == key:
+                _srv.endpoint = val
+
+    def _set_endpoints(self, resp):
+        """
+        If there are services defined set the service endpoint to be
+        the URLs specified in the provider information."""
+        try:
+            _srvs = self.service_context.service
+        except AttributeError:
+            pass
+        else:
+            if _srvs:
+                for key, val in resp.items():
+                    # All service endpoint parameters in the provider info has
+                    # a name ending in '_endpoint' so I can look specifically
+                    # for those
+                    if key.endswith("_endpoint"):
+                        self._store_endpoint(_srvs, key, val)
+
+    def _update_service_context(self, resp):
         """
         Deal with Provider Config Response. Based on the provider info
         response a set of parameters in different places needs to be set.
 
         :param resp: The provider info response
         :param service_context: Information collected/used by services
         """
-        issuer = self.service_context.issuer
 
         # Verify that the issuer value received is the same as the
         # url that was used as service endpoint (without the .well-known part)
         if "issuer" in resp:
-            _pcr_issuer = resp["issuer"]
-            if resp["issuer"].endswith("/"):
-                if issuer.endswith("/"):
-                    _issuer = issuer
-                else:
-                    _issuer = issuer + "/"
-            else:
-                if issuer.endswith("/"):
-                    _issuer = issuer[:-1]
-                else:
-                    _issuer = issuer
-
-            # In some cases we can live with the two URLs not being
-            # the same. But this is an excepted that has to be explicit
-            try:
-                self.service_context.allow['issuer_mismatch']
-            except KeyError:
-                if _issuer != _pcr_issuer:
-                    raise OidcServiceError(
-                        "provider info issuer mismatch '%s' != '%s'" % (
-                            _issuer, _pcr_issuer))
-
+            _pcr_issuer = self._verify_issuer(resp, self.service_context.issuer)
         else:  # No prior knowledge
-            _pcr_issuer = issuer
+            _pcr_issuer = self.service_context.issuer
 
         self.service_context.issuer = _pcr_issuer
         self.service_context.provider_info = resp
 
-        # If there are services defined set the service endpoint to be
-        # the URLs specified in the provider information.
-        try:
-            _srvs = self.service_context.service
-        except AttributeError:
-            pass
-        else:
-            if self.service_context.service:
-                for key, val in resp.items():
-                    # All service endpoint parameters in the provider info has
-                    # a name ending in '_endpoint' so I can look specifically
-                    # for those
-                    if key.endswith("_endpoint"):
-                        for _srv in self.service_context.service.values():
-                            # Every service has an endpoint_name assigned
-                            # when initiated. This name *MUST* match the
-                            # endpoint names used in the provider info
-                            if _srv.endpoint_name == key:
-                                _srv.endpoint = val
+        self._set_endpoints(resp)
 
         # If I already have a Key Jar then I'll add then provider keys to
         # that. Otherwise a new Key Jar is minted
         try:
-            kj = self.service_context.keyjar
+            _keyjar = self.service_context.keyjar
         except KeyError:
-            kj = KeyJar()
+            _keyjar = KeyJar()
 
         # Load the keys. Note that this only means that the key specification
         # is loaded not necessarily that any keys are fetched.
         if 'jwks_uri' in resp:
-            kj.load_keys(_pcr_issuer, jwks_uri=resp['jwks_uri'])
+            _keyjar.load_keys(_pcr_issuer, jwks_uri=resp['jwks_uri'])
         elif 'jwks' in resp:
-            kj.load_keys(_pcr_issuer, jwks=resp['jwks'])
+            _keyjar.load_keys(_pcr_issuer, jwks=resp['jwks'])
 
-        self.service_context.keyjar = kj
+        self.service_context.keyjar = _keyjar
 
     def update_service_context(self, resp, **kwargs):
-        return self._update_service_context(resp, **kwargs)
+        return self._update_service_context(resp)

src/oidcservice/oauth2/refresh_access_token.py

@@ -1,3 +1,4 @@
+"""The service that talks to the OAuth2 refresh access token endpoint."""
 import logging
 
 from oidcmsg import oauth2
@@ -8,10 +9,11 @@
 from oidcservice.service import Service
 
 
-logger = logging.getLogger(__name__)
+LOGGER = logging.getLogger(__name__)
 
 
 class RefreshAccessToken(Service):
+    """The service that talks to the OAuth2 refresh access token endpoint."""
     msg_type = oauth2.RefreshAccessTokenRequest
     response_cls = oauth2.AccessTokenResponse
     error_msg = ResponseMessage
@@ -33,6 +35,7 @@ def update_service_context(self, resp, key='', **kwargs):
         self.store_item(resp, 'token_response', key)
 
     def oauth_pre_construct(self, request_args=None, **kwargs):
+        """Preconstructor of request arguments"""
         _state = get_state_parameter(request_args, kwargs)
         parameters = list(self.msg_type.c_param.keys())
 

src/oidcservice/oauth2/utils.py

@@ -2,6 +2,7 @@
 
 
 def get_state_parameter(request_args, kwargs):
+    """Find a state value from a set of possible places."""
     try:
         _state = kwargs['state']
     except KeyError:
@@ -14,6 +15,7 @@ def get_state_parameter(request_args, kwargs):
 
 
 def pick_redirect_uris(request_args=None, service=None, **kwargs):
+    """Pick one redirect_uri base on response_mode out of a list of such."""
     _context = service.service_context
     if 'redirect_uri' in request_args:
         pass
@@ -43,6 +45,6 @@ def pick_redirect_uris(request_args=None, service=None, **kwargs):
 
 
 def set_state_parameter(request_args=None, **kwargs):
+    """Assigned a state value."""
     request_args['state'] = get_state_parameter(request_args, kwargs)
     return request_args, {'state': request_args['state']}
-

src/oidcservice/oidc/access_token.py

@@ -51,25 +51,25 @@ def gather_verify_arguments(self):
 
         return kwargs
 
-    def update_service_context(self, resp, state='', **kwargs):
+    def update_service_context(self, resp, key='', **kwargs):
         try:
             _idt = resp[verified_claim_name('id_token')]
         except KeyError:
             pass
         else:
             try:
-                if self.get_state_by_nonce(_idt['nonce']) != state:
+                if self.get_state_by_nonce(_idt['nonce']) != key:
                     raise ParameterError('Someone has messed with "nonce"')
             except KeyError:
                 raise ValueError('Invalid nonce value')
 
-            self.store_sub2state(_idt['sub'], state)
+            self.store_sub2state(_idt['sub'], key)
 
         if 'expires_in' in resp:
             resp['__expires_at'] = time_sans_frac() + int(
                 resp['expires_in'])
 
-        self.store_item(resp, 'token_response', state)
+        self.store_item(resp, 'token_response', key)
 
     def get_authn_method(self):
         try:

src/oidcservice/oidc/authorization.py

@@ -45,7 +45,7 @@ def set_state(self, request_args, **kwargs):
                                                   _state)
         return request_args, {}
 
-    def update_service_context(self, resp, state='', **kwargs):
+    def update_service_context(self, resp, key='', **kwargs):
         try:
             _idt = resp[verified_claim_name('id_token')]
         except KeyError:
@@ -54,16 +54,16 @@ def update_service_context(self, resp, state='', **kwargs):
             # If there is a verified ID Token then we have to do nonce
             # verification
             try:
-                if self.get_state_by_nonce(_idt['nonce']) != state:
+                if self.get_state_by_nonce(_idt['nonce']) != key:
                     raise ParameterError('Someone has messed with "nonce"')
             except KeyError:
                 raise ValueError('Missing nonce value')
 
-            self.store_sub2state(_idt['sub'], state)
+            self.store_sub2state(_idt['sub'], key)
 
         if 'expires_in' in resp:
             resp['__expires_at'] = time_sans_frac() + int(resp['expires_in'])
-        self.store_item(resp.to_json(), 'auth_response', state)
+        self.store_item(resp.to_json(), 'auth_response', key)
 
     def oidc_pre_construct(self, request_args=None, **kwargs):
         if request_args is None:

src/oidcservice/oidc/registration.py

@@ -144,7 +144,7 @@ def oidc_post_construct(self, request_args=None, **kwargs):
 
         return request_args
 
-    def update_service_context(self, resp, state='', **kwargs):
+    def update_service_context(self, resp, key='', **kwargs):
         self.service_context.registration_response = resp
         if "token_endpoint_auth_method" not in \
                 self.service_context.registration_response: