Merge branch 'master' into secure_defaults

CHANGELOG.md

@@ -13,7 +13,10 @@ The format is based on the [KeepAChangeLog] project.
 - [#325]: `oic.oic.claims_match` implementation refactored.
 - [#368]: `oic.oauth2.Client.construct_AccessTokenRequest()` as well as `oic.oic.Client` are now able to perform proper Resource Owner Password Credentials Grant
 - [#374]: Made the to_jwe/from_jwe methods of Message accept list of keys value of parameter keys.
-- [#]: Refactored the `oic.utils.sdb.SessionDB` constructor API.
+- [#380]: Made cookie_path and cookie_domain configurable via Provider like the cookie_name.
+- [#386]: An exception will now be thrown if a sub claim received from the userinfo endpoint is not the same as a sub claim previously received in an ID Token.
+- [#387]: Refactored the `oic.utils.sdb.SessionDB` constructor API.
+- [#392]: Made sid creation simpler and faster
 
 ### Fixed
 - [#313]: Catch exception correctly
@@ -23,6 +26,7 @@ The format is based on the [KeepAChangeLog] project.
 - [#362]: Fix bad package settings URL
 - [#369]: The AuthnEvent object is now serialized to JSON for the session.
 - [#373]: Made the standard way the default when dealing with signed JWTs without 'kid'. Added the possibility to override this behavior if necessary.
+- [#401]: Fixed message decoding and verifying errors.
 
 ### Security
 - [#349]: Changed crypto algorithm used by `oic.utils.sdb.Crypt` for token encryption to Fernet. Old stored tokens are incompatible.
@@ -43,6 +47,7 @@ The format is based on the [KeepAChangeLog] project.
 [#369]: https://github.com/OpenIDC/pyoidc/pull/369
 [#373]: https://github.com/OpenIDC/pyoidc/pull/373
 [#374]: https://github.com/OpenIDC/pyoidc/pull/374
+[#392]: https://github.com/OpenIDC/pyoidc/issue/392
 
 ## 0.10.0.0 [2017-03-28]
 

Makefile

@@ -6,66 +6,46 @@ SPHINXABUILD  = sphinx-autobuild
 BUILDDIR      = doc/_build
 DOCDIR        = doc/
 OICDIR        = src/oic
+TESTDIR       = tests
 
 help:
 	@echo "Please use \`make <target>' where <target> is one of"
 	@echo "  html       to make HTML documentation files"
 	@echo "  livehtml   to make HTML documentation files (live reload!)"
 	@echo "  install    to install the python dependencies for development"
-	@echo "  upgrade    to upgrade the python dependencies"
 	@echo "  isort      to sort imports"
 .PHONY: help
 
 clean:
-	rm -rf $(INDEXDIR)
 	rm -rf $(BUILDDIR)/*
 .PHONY: clean
 
 ALLSPHINXOPTS=-W
 html:
-	$(SPHINXBUILD) -b html $(DOCDIR) $(BUILDDIR)/html $(ALLSPHINXOPTS)
+	@pipenv run $(SPHINXBUILD) -b html $(DOCDIR) $(BUILDDIR)/html $(ALLSPHINXOPTS)
 	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
 .PHONY: html
 
 livehtml:
-	$(SPHINXABUILD) -b html $(DOCDIR) $(BUILDDIR)/html $(ALLSPHINXOPTS)
+	@pipenv run $(SPHINXABUILD) -b html $(DOCDIR) $(BUILDDIR)/html $(ALLSPHINXOPTS)
 	@echo "Build finished. Watching for change ..."
 .PHONY: livehtml
 
 install:
-	pip install -r requirements/test.txt -e .
+	@pipenv install --dev
 .PHONY: install
 
-REQS_DIR=$(PROJECT_ROOT)/requirements
-BASE_DEPS:=$(REQS_DIR)/base.txt
-TEST_DEPS:=$(REQS_DIR)/test.txt
-ADMIN_DEPS:=$(REQS_DIR)/admin.txt
-DOC_DEPS:=$(REQS_DIR)/docs.txt
-QUAL_DEPS:=$(REQS_DIR)/quality.txt
-ALL_REQS:=$(BASE_DEPS) $(TEST_DEPS) $(ADMIN_DEPS) $(DOC_DEPS) $(QUAL_DEPS)
-reqs: $(ALL_REQS)
-upgrade:
-	$(RM) $(ALL_REQS)
-	$(MAKE) reqs PIP_COMPILE_ARGS=--rebuild
-.PHONY: upgrade
-
-$(REQS_DIR)/%.txt: PIP_COMPILE_ARGS?=
-$(REQS_DIR)/%.txt: $(REQS_DIR)/%.in
-	pip-compile --no-header $(PIP_COMPILE_ARGS) --output-file "$@.tmp" "$<" >/tmp/pip-compile.out.tmp || { \
-	  ret=$$?; echo "pip-compile failed:" >&2; cat /tmp/pip-compile.out.tmp >&2; \
-	  $(RM) "$@.tmp" /tmp/pip-compile.out.tmp; \
-	  exit $$ret; }
-	@sed -n '1,10 s/# Depends on/-r/; s/\.in/.txt/p' "$<" > "$@"
-	@cat "$@.tmp" >> "$@"
-	@$(RM) "$@.tmp" /tmp/pip-compile.out.tmp
+test:
+	@pipenv run pytest $(TESTDIR)
+.PHONY: test
 
 isort:
-	isort --recursive src/ tests/
+	@pipenv run isort --recursive $(OICDIR) $(TESTDIR)
 
 check-isort:
-	isort --recursive --diff --check-only src/ tests/
+	@pipenv run isort --recursive --diff --check-only $(OICDIR) $(TESTDIR)
 .PHONY: isort check-isort
 
 check-pylama:
-	pylama src/ tests/
+	@pipenv run pylama $(OICDIR) $(TESTDIR)
 .PHONY: check-pylama

Pipfile

@@ -0,0 +1,29 @@
+[[source]]
+verify_ssl = true
+url = "https://pypi.python.org/simple"
+
+[dev-packages]
+Sphinx = "*"
+httpretty = "*"
+isort = "*"
+mock = "*"
+pylama = "*"
+pytest = "*"
+pytest-cov = "*"
+responses = "*"
+sphinx-autobuild = "*"
+testfixtures = "*"
+tox = "*"
+"-e ." = "*"
+freezegun = "*"
+
+[packages]
+cffi = "*"
+cryptography = "*"
+future = "*"
+pyOpenSSL = "*"
+pyjwkest = "*"
+pyldap = "*"
+requests = "*"
+Beaker = "*"
+Mako = "*"

README.rst

@@ -72,3 +72,23 @@ Please contact one of the current maintainers, `@lwm`_, `@rohe`_, `@tpazderka`_
 .. _@rohe: https://github.com/rohe/
 .. _@tpazderka: https://github.com/tpazderka/
 .. _@schlenk: https://github.com/schlenk
+
+Contribute
+==========
+
+`Fork the repository`_, clone your copy and `install pipenv`_.
+
+.. _Fork the repository: https://github.com/OpenIDC/pyoidc#fork-destination-box
+.. _install pipenv: http://docs.pipenv.org/en/latest/advanced.html#fancy-installation-of-pipenv
+
+Then just run:
+
+.. code:: bash
+
+    $ pipenv install --dev
+
+This will not affect your system level Python installation. Please review `our
+issues`_ to see what needs working on. Do not hesitate to ask questions if
+something is unclear.
+
+.. _our issues: https://github.com/OpenIDC/pyoidc/issues