black

src/pas/plugins/oidc/browser/view.py

@@ -140,29 +140,29 @@ def __call__(self):
         # The response you get back is an instance of an AccessTokenResponse
         # or again possibly an ErrorResponse instance.
 
-        if self.context.getProperty('apple_login_enabled'):
+        if self.context.getProperty("apple_login_enabled"):
             args.update(
                 {
                     "client_id": self.context.getProperty("client_id"),
-                    "client_secret": self.context._build_apple_secret()
+                    "client_secret": self.context._build_apple_secret(),
                 }
             )
 
         initial_user_info = {}
-        if self.context.getProperty('apple_login_enabled'):
+        if self.context.getProperty("apple_login_enabled"):
             # Let's check if this is this user's first login
             # if so, their name and email could come in the first
             # response from authorization response
             # Weird Apple issues...
-            user = self.request.form.get('user', "")
+            user = self.request.form.get("user", "")
             if user:
                 user_decoded = json.loads(user)
                 first_name = user_decoded.get("name", {}).get("firstName", "")
                 last_name = user_decoded.get("name", {}).get("lastName", "")
                 email = user_decoded.get("email", "")
-                initial_user_info['given_name'] = first_name
-                initial_user_info['family_name'] = last_name
-                initial_user_info['email'] = email
+                initial_user_info["given_name"] = first_name
+                initial_user_info["family_name"] = last_name
+                initial_user_info["email"] = email
 
         user_info = utils.get_user_info(client, state, args)
         user_info.update(initial_user_info)

src/pas/plugins/oidc/plugins.py

@@ -35,12 +35,9 @@
 
 def addOIDCPlugin(dispatcher, id, title=None, REQUEST=None):
     """Add a HTTP Basic Auth Helper to a Pluggable Auth Service."""
-    plugin = OIDCPlugin(
-        id, title
-    )
+    plugin = OIDCPlugin(id, title)
     dispatcher._setObject(plugin.getId(), plugin)
 
-
     if REQUEST is not None:
         REQUEST["RESPONSE"].redirect(
             "%s/manage_workspace"
@@ -180,7 +177,6 @@ class OIDCPlugin(BasePlugin):
             mode="w",
             label="Apple consumer id key as defined by Apple",
         ),
-
     )
 
     APPLE_TOKEN_TTL_SEC = 6 * 30 * 24 * 60 * 60
@@ -352,9 +348,9 @@ def _build_apple_secret(self):
         now = int(time.time())
 
         client_id = self.getProperty("client_id")
-        team_id = self.getProperty('apple_consumer_team')
-        key_id = self.getProperty('apple_consumer_id_key')
-        private_key = self.getProperty('client_secret')
+        team_id = self.getProperty("apple_consumer_team")
+        key_id = self.getProperty("apple_consumer_id_key")
+        private_key = self.getProperty("client_secret")
 
         headers = {"kid": key_id}
         payload = {
@@ -365,8 +361,12 @@ def _build_apple_secret(self):
             "sub": client_id,
         }
 
-        private_key = f'-----BEGIN PRIVATE KEY-----\n{private_key}\n-----END PRIVATE KEY-----'
-        return jwt.encode(payload, key=private_key.encode(), algorithm="ES256", headers=headers)
+        private_key = (
+            f"-----BEGIN PRIVATE KEY-----\n{private_key}\n-----END PRIVATE KEY-----"
+        )
+        return jwt.encode(
+            payload, key=private_key.encode(), algorithm="ES256", headers=headers
+        )
 
     # TODO: memoize (?)
     def get_oauth2_client(self):
@@ -385,7 +385,7 @@ def get_oauth2_client(self):
                 ),
             }
 
-            if self.getProperty('apple_login_enabled'):
+            if self.getProperty("apple_login_enabled"):
                 info.update({"client_secret": self._build_apple_secret()})
             else:
                 info.update({"client_secret": self.getProperty("client_secret")})

src/pas/plugins/oidc/setuphandlers.py

@@ -70,7 +70,9 @@ def activate_plugin(context, interface_name, move_to_top=False):
             iface = plugins._getInterfaceFromName(interface_name)
             if plugin.getId() not in plugins.listPluginIds(iface):
                 plugins.activatePlugin(iface, plugin.getId())
-                logger.info(f"Activated interface {interface_name} for plugin {plugin.getId()}")
+                logger.info(
+                    f"Activated interface {interface_name} for plugin {plugin.getId()}"
+                )
 
             if move_to_top:
                 # Order some plugins to make sure our plugin is at the top.
@@ -82,6 +84,7 @@ def activate_plugin(context, interface_name, move_to_top=False):
 def activate_challenge_plugin(context):
     activate_plugin(context, "IChallengePlugin", move_to_top=True)
 
+
 def uninstall(context):
     """Uninstall script"""
     from pas.plugins.oidc.utils import PLUGIN_ID

src/pas/plugins/oidc/utils.py

@@ -128,8 +128,8 @@ def authorization_flow_args(plugin: plugins.OIDCPlugin, session: Session) -> dic
         args["code_challenge"] = pkce_code_verifier_challenge(session.get("verifier"))
         args["code_challenge_method"] = "S256"
 
-    if plugin.getProperty('apple_login_enabled'):
-        args['response_mode'] = 'form_post'
+    if plugin.getProperty("apple_login_enabled"):
+        args["response_mode"] = "form_post"
 
     return args
 
@@ -172,7 +172,9 @@ def get_user_info(client, state, args) -> Union[message.OpenIDSchema, dict]:
     resp = client.do_access_token_request(
         state=state,
         request_args=args,
-        authn_method=client.registration_response.get('token_endpoint_auth_method', 'client_secret_basic'),
+        authn_method=client.registration_response.get(
+            "token_endpoint_auth_method", "client_secret_basic"
+        ),
     )
     user_info = {}
     if isinstance(resp, message.AccessTokenResponse):