Dealt with Giuseppes comments.

rohe · rohe · commit 462b5c6afac8 · 2022-11-11T09:43:28.000+01:00
diff --git a/src/idpyoidc/server/oauth2/token_helper.py b/src/idpyoidc/server/oauth2/token_helper.py
@@ -620,20 +620,13 @@ def _validate_configuration(self, config):
             )
 
     def get_handler_key(self, request, endpoint_context):
-        if "token_exchange" in endpoint_context.cdb[request["client_id"]]:
-            try:
-                default_requested_token_type = endpoint_context.cdb[request["client_id"]][
-                    "token_exchange"]["default_requested_token_type"]
-            except KeyError:
-                try:
-                    default_requested_token_type = self.config["default_requested_token_type"]
-                except:
-                    default_requested_token_type = DEFAULT_REQUESTED_TOKEN_TYPE
-        else:
-            try:
-                default_requested_token_type = self.config["default_requested_token_type"]
-            except KeyError:
-                default_requested_token_type = DEFAULT_REQUESTED_TOKEN_TYPE
+        client_info = endpoint_context.cdb.get(request["client_id"], {})
+
+        default_requested_token_type = (
+                client_info.get("token_exchange", {}).get("default_requested_token_type", None)
+                or
+                self.config.get("default_requested_token_type", DEFAULT_REQUESTED_TOKEN_TYPE)
+        )
 
         requested_token_type = request.get("requested_token_type", default_requested_token_type)
         return TOKEN_TYPES_MAPPING[requested_token_type]
@@ -667,7 +660,7 @@ def validate_token_exchange_policy(request, context, subject_token, **kwargs):
             return TokenErrorResponse(
                 error="invalid_request",
                 error_description=f"Exchange {request['subject_token_type']} to refresh token "
-                                  f"forbbiden",
+                                  f"forbidden",
             )
 
     if "scope" in request:
diff --git a/src/idpyoidc/server/session/database.py b/src/idpyoidc/server/session/database.py
@@ -70,13 +70,14 @@ def decrypt_branch_id(self, key: str) -> List[str]:
             logger.error(f"cryptography.fernet.InvalidToken: {key}")
             raise ValueError(err)
         except Exception as err:
+            logger.error(f"Other decrypt error ({err}), key={key}")
             raise ValueError(err)
         # order: rnd, type, sid
         return self.unpack_branch_key(lv_unpack(as_unicode(plain))[1])
 
     def set(self, path: List[str], value: Union[NodeInfo, Grant]):
         """
-        Assign a value to an node in the database.
+        Assign a value to a node in the database.
         As a side effect create a list of nodes (the branch) leading up to the leaf node.
 
         :param path: a list of identifiers. root -> .. -> leaf
@@ -107,9 +108,8 @@ def set(self, path: List[str], value: Union[NodeInfo, Grant]):
                     _info = value  # overwrite old value
 
             if _superior:
-                if hasattr(_superior, "subordinate"):
-                    if _key not in _superior.subordinate:
-                        _superior.add_subordinate(_key)
+                if _key not in getattr(_superior, "subordinate", {}):
+                    _superior.add_subordinate(_key)
 
             self.db[_key] = _info
             _superior = _info
diff --git a/src/idpyoidc/server/session/grant_manager.py b/src/idpyoidc/server/session/grant_manager.py
@@ -204,7 +204,7 @@ def get_subordinates(self, path: List[str]) -> List[Union[NodeInfo, Grant]]:
         :return:
         """
         session_info = self.get(path)
-        return [self.db[gid] for gid in session_info.subordinate]
+        return [self.db[gid] for gid in session_info.subordinate if gid in self.db]
 
     def get_grant_argument(self, branch_id: str, arg: str):
         grant = self[branch_id]
diff --git a/src/idpyoidc/server/session/manager.py b/src/idpyoidc/server/session/manager.py
@@ -98,6 +98,12 @@ def __init__(
         super(SessionManager, self).__init__(handler, _crypt_config)
 
         self.node_type = session_params.get("node_type", ["user", "client", "grant"])
+        # Make sure node_type is a list and must contain at least one element.
+        if not isinstance(self.node_type, list):
+            raise ValueError("Wrong type of value for SessionManager node_type")
+        if len(self.node_type) == 0:
+            raise ValueError("SessionManager node_type must at least contain one value")
+
         self.node_info_class = session_params.get("node_info_class",
                                                   {
                                                       "user": UserSessionInfo,
