Merge pull request #71 from IdentityPython/session_params

BREAKAGE: configuration's password, salt and sub_funcs now are under session_params

doc/source/contents/conf.rst

@@ -9,16 +9,40 @@ issuer
 The issuer ID of the OP, a unique value in URI format.
 
 
---------
+--------------
+session params
+--------------
+
+Configuration parameters used by session manager
+
+    "session_params": {
+      "password": "__password_used_to_encrypt_access_token_sid_value",
+      "salt": "salt involved in session sub hash ",
+      "sub_func": {
+        "public": {
+          "class": "oidcop.session.manager.PublicID",
+          "kwargs": {
+            "salt": "sdfsdfdsf"
+          }
+        },
+        "pairwise": {
+          "class": "oidcop.session.manager.PairWiseID",
+          "kwargs": {
+            "salt": "sdfsdfsdf"
+          }
+        }
+     }
+  },
+
 password
---------
+########
 
 Encryption key used to encrypt the SessionID (sid) in access_token.
 If unset it will be random.
 
-----
+
 salt
-----
+####
 
 Salt, value or filename, used in sub_funcs (pairwise, public) for creating the opaque hash of *sub* claim.
 

src/oidcop/configure.py

@@ -218,7 +218,7 @@ def __init__(
         self.template_dir = None
         self.token_handler_args = {}
         self.userinfo = None
-        self.password = None
+        self.session_params = None
 
         if file_attributes is None:
             file_attributes = DEFAULT_FILE_ATTRIBUTE_NAMES
@@ -265,7 +265,6 @@ def __init__(
         self.id_token = None
         self.login_hint2acrs = {}
         self.login_hint_lookup = None
-        self.sub_func = {}
 
         EntityConfiguration.__init__(self, conf=conf, base_path=base_path,
                                      entity_conf=entity_conf, domain=domain, port=port,

src/oidcop/endpoint_context.py

@@ -284,8 +284,9 @@ def do_sub_func(self) -> None:
 
         :return: string
         """
-        _conf = self.conf.get("sub_func", {})
-        for key, args in _conf.items():
+        ses_par = self.conf.get("session_params") or {}
+        sub_func = ses_par.get("sub_func") or {}
+        for key, args in sub_func.items():
             if "class" in args:
                 self._sub_func[key] = init_service(args)
             elif "function" in args:

src/oidcop/session/manager.py

@@ -77,8 +77,9 @@ def __init__(
         self.conf = conf or {}
 
         # these won't change runtime
-        self._key = self.conf.get("password") or rndstr(24)
-        self._salt = self.conf.get("salt") or rndstr(32)
+        session_params = self.conf.get("session_params") or {}
+        self._key = session_params.get("password") or rndstr(24)
+        self._salt = session_params.get("salt") or rndstr(32)
 
         self.key = self.load_key()
         self.salt = self.load_key()

tests/op_config.json

@@ -268,19 +268,23 @@
       }
     }
   },
-  "sub_func": {
-    "public": {
-      "class": "oidcop.session.manager.PublicID",
-      "kwargs": {
-        "filename": "public.salt"
-      }
-    },
-    "pairwise": {
-      "class": "oidcop.session.manager.PairWiseID",
-      "kwargs": {
-        "filename": "pairwise.salt"
-      }
-    }
+  "session_params": {
+      "password": "__password_used_to_encrypt_access_token_sid_value",
+      "salt": "salt involved in session sub hash ",
+      "sub_func": {
+        "public": {
+          "class": "oidcop.session.manager.PublicID",
+          "kwargs": {
+            "salt": "sdfsdfdsf"
+          }
+        },
+        "pairwise": {
+          "class": "oidcop.session.manager.PairWiseID",
+          "kwargs": {
+            "salt": "sdfsdfsdf"
+          }
+        }
+     }
   },
   "template_dir": "templates",
   "token_handler_args": {