allow more parameters to be passed in as arguments

leibowitz · Sep 23, 2015 · a0db31a · a0db31a
1 parent e9ad720
commit a0db31a
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 26 deletions.
diff --git a/azure_ad_auth/__init__.py b/azure_ad_auth/__init__.py
@@ -1,9 +1,9 @@
 __version_info__ = {
     'major': 1,
-    'minor': 1,
-    'micro': 2,
+    'minor': 2,
+    'micro': 0,
     'releaselevel': 'final',
-    'serial': 5
+    'serial': 7
 }
 
 def get_version(short=False):

diff --git a/azure_ad_auth/backends.py b/azure_ad_auth/backends.py
@@ -23,16 +23,20 @@ def __init__(self):
         self.User = get_user_model()
 
     def login_url(self, redirect_uri, nonce, state):
-        return get_login_url(redirect_uri, nonce, state)
+        return get_login_url(
+            redirect_uri=redirect_uri,
+            nonce=nonce,
+            state=state
+        )
 
     def logout_url(redirect_uri):
-        return get_logout_url(redirect_uri)
+        return get_logout_url(redirect_uri=redirect_uri)
 
     def authenticate(self, token=None, nonce=None, **kwargs):
         if token is None:
             return None
 
-        email = get_email_from_token(token, nonce)
+        email = get_email_from_token(token=token, nonce=nonce)
 
         if email is None:
             return None

diff --git a/azure_ad_auth/utils.py b/azure_ad_auth/utils.py
@@ -16,35 +16,39 @@
 CLIENT_ID = getattr(settings, 'AAD_CLIENT_ID')
 
 
-def get_login_url(redirect_uri, nonce, state):
-    params = urlencode({
-        'response_type': RESPONSE_TYPE,
-        'response_mode': RESPONSE_MODE,
-        'scope': SCOPE,
-        'client_id': CLIENT_ID,
-        'redirect_uri': redirect_uri,
-        'nonce': nonce,
-        'state': state,
-    })
+def get_login_url(authority=AUTHORITY, response_type=RESPONSE_TYPE, response_mode=RESPONSE_MODE, scope=SCOPE, client_id=CLIENT_ID, redirect_uri=None, nonce=None, state=None):
+    param_dict = {
+        'response_type': response_type,
+        'response_mode': response_mode,
+        'scope': scope,
+        'client_id': client_id,
+    }
+    if redirect_uri is not None:
+        param_dict['redirect_uri'] = redirect_uri
+    if nonce is not None:
+        param_dict['nonce'] = nonce
+    if state is None:
+        param_dict['state'] = state
+    params = urlencode(param_dict)
     return '{authoriy}/common/oauth2/authorize?{params}'.format(
-        authoriy=AUTHORITY,
+        authoriy=authoriy,
         params=params,
     )
 
 
-def get_logout_url(redirect_uri):
+def get_logout_url(redirect_uri, authoriy=AUTHORITY):
     params = urlencode({
         'post_logout_redirect_uri': redirect_uri,
     })
     return '{authoriy}/common/oauth2/logout?{params}'.format(
-        authoriy=AUTHORITY,
+        authoriy=authoriy,
         params=params,
     )
 
-def get_federation_metadata_document_url():
+def get_federation_metadata_document_url(authoriy=AUTHORITY, tenant_id=TENANT_ID):
     return '{authoriy}/{tenant_id}/federationmetadata/2007-06/federationmetadata.xml'.format(
-        authoriy=AUTHORITY,
-        tenant_id=TENANT_ID,
+        authoriy=authoriy,
+        tenant_id=tenant_id,
     )
 
 
@@ -62,17 +66,17 @@ def get_public_keys():
         if not response.ok:
             raise
         response.encoding = response.apparent_encoding
-        x509_DER_list = parse_x509_DER_list(response.text)
+        x509_DER_list = parse_x509_DER_list(response.text.encode('utf-8'))
         keys = [load_der_x509_certificate(x509_DER, default_backend()).public_key() for x509_DER in x509_DER_list]
     except:
         keys = []
     return keys
 
 
-def get_email_from_token(token=None, nonce=None):
+def get_email_from_token(token=None, audience=CLIENT_ID, nonce=None):
     for key in get_public_keys():
         try:
-            payload = jwt.decode(token, key=key, audience=CLIENT_ID)
+            payload = jwt.decode(token, key=key, audience=audience)
 
             if payload['nonce'] != nonce:
                 continue

diff --git a/azure_ad_auth/views.py b/azure_ad_auth/views.py
@@ -17,7 +17,12 @@ def auth(request):
     request.session['nonce'] = nonce
     state = str(uuid.uuid4())
     request.session['state'] = state
-    return HttpResponseRedirect(backend.login_url(redirect_uri, nonce, state))
+    login_url = backend.login_url(
+        redirect_uri=redirect_uri,
+        nonce=nonce,
+        state=state
+    )
+    return HttpResponseRedirect(login_url)
 
 
 @never_cache