Always use hash_id to hash the user_id

Plus some minor formatting changes

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

src/satosa/base.py

@@ -132,12 +132,14 @@ def _auth_req_finish(self, context, internal_request):
 
     def _auth_resp_finish(self, context, internal_response):
         # re-hash user id since e.g. account linking micro service might have changed it
-        user_id = UserIdHasher.hash_id(self.config["USER_ID_HASH_SALT"],
-                                       internal_response.user_id,
-                                       internal_response.requester,
-                                       context.state)
+        user_id = UserIdHasher.hash_id(
+            self.config["USER_ID_HASH_SALT"],
+            internal_response.user_id,
+            internal_response.requester,
+            context.state)
         internal_response.user_id = user_id
-        internal_response.user_id_hash_type = UserIdHasher.hash_type(context.state)
+        internal_response.user_id_hash_type = UserIdHasher.hash_type(
+            context.state)
         user_id_to_attr = self.config["INTERNAL_ATTRIBUTES"].get("user_id_to_attr", None)
         if user_id_to_attr:
             internal_response.attributes[user_id_to_attr] = [internal_response.user_id]
@@ -148,8 +150,10 @@ def _auth_resp_finish(self, context, internal_response):
         for attribute in hash_attributes:
             # hash all attribute values individually
             if attribute in internal_attributes:
-                hashed_values = [UserIdHasher.hash_data(self.config["USER_ID_HASH_SALT"], v)
-                             for v in internal_attributes[attribute]]
+                hashed_values = [
+                    UserIdHasher.hash_data(self.config["USER_ID_HASH_SALT"], v)
+                    for v in internal_attributes[attribute]
+                ]
                 internal_attributes[attribute] = hashed_values
 
         # remove all session state
@@ -188,10 +192,14 @@ def _auth_resp_callback_func(self, context, internal_response):
         # not be configured to construct one from asserted attributes.
         # So only hash the user_id if it is not None.
         if internal_response.user_id:
-            user_id = UserIdHasher.hash_data(
+            user_id = UserIdHasher.hash_id(
                 self.config["USER_ID_HASH_SALT"],
-                internal_response.user_id)
+                internal_response.user_id,
+                internal_response.requester,
+                context.state)
             internal_response.user_id = user_id
+            internal_response.user_id_hash_type = UserIdHasher.hash_type(
+                context.state)
 
         if self.response_micro_services:
             return self.response_micro_services[0].process(

tests/satosa/test_base.py

@@ -50,11 +50,17 @@ def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(
 
         base._auth_resp_callback_func(context, internal_resp)
 
-        expected_user_id = UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], "[email protected]")
-        expected_user_id = UserIdHasher.hash_id(satosa_config["USER_ID_HASH_SALT"],
-                                                expected_user_id,
-                                                internal_resp.requester,
-                                                context.state)
+        expected_user_id = "[email protected]"
+        expected_user_id = UserIdHasher.hash_id(
+                satosa_config["USER_ID_HASH_SALT"],
+                expected_user_id,
+                internal_resp.requester,
+                context.state)
+        expected_user_id = UserIdHasher.hash_id(
+                satosa_config["USER_ID_HASH_SALT"],
+                expected_user_id,
+                internal_resp.requester,
+                context.state)
         assert internal_resp.user_id == expected_user_id
 
     def test_auth_req_callback_stores_state_for_consent(self, context, satosa_config):