Add client ID and client secret to OIDC config validator

2017-04-07 11:33:02 -04:00 · 2017-04-07 11:33:02 -04:00 · ed3da4697f
commit ed3da4697f
parent 6c7b6101cc
2 changed files with 13 additions and 0 deletions
--- a/util/config/validators/test/test_validate_oidc.py
+++ b/util/config/validators/test/test_validate_oidc.py
@ -9,6 +9,9 @@ from util.config.validators.validate_oidc import OIDCLoginValidator

@pytest.mark.parametrize('unvalidated_config', [
  ({'SOMETHING_LOGIN_CONFIG': {}}),
+  ({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo'}}),
+  ({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo', 'CLIENT_ID': 'foobar'}}),
+  ({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo', 'CLIENT_SECRET': 'foobar'}}),
 ])
 def test_validate_invalid_oidc_login_config(unvalidated_config):
  validator = OIDCLoginValidator()
@ -30,6 +33,8 @@ def test_validate_oidc_login():
    validator = OIDCLoginValidator()
    validator.validate({
      'SOMETHING_LOGIN_CONFIG': {
+        'CLIENT_ID': 'foo',
+        'CLIENT_SECRET': 'bar',
        'OIDC_SERVER': 'http://someserver',
        'DEBUGGING': True, # Allows for HTTP.
      },
--- a/util/config/validators/validate_oidc.py
+++ b/util/config/validators/validate_oidc.py
@ -18,6 +18,14 @@ class OIDCLoginValidator(BaseValidator):
        msg = 'Missing OIDC_SERVER on OIDC service %s' % service.service_id()
        raise ConfigValidationException(msg)

+      if service.config.get('CLIENT_ID') is None:
+        msg = 'Missing CLIENT_ID on OIDC service %s' % service.service_id()
+        raise ConfigValidationException(msg)
+
+      if service.config.get('CLIENT_SECRET') is None:
+        msg = 'Missing CLIENT_SECRET on OIDC service %s' % service.service_id()
+        raise ConfigValidationException(msg)
+
      try:
        if not service.validate():
          msg = 'Could not validate OIDC service %s' % service.service_id()