Univention Bugzilla – Attachment 11311 Details for
Bug 58269
Concurrent logins not working with OIDC
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Sketch for a patch
58269.patch (text/plain), 3.62 KB, created by
Florian Best
on 2025-05-14 11:06:09 CEST
(
hide
)
Description:
Sketch for a patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2025-05-14 11:06:09 CEST
Size:
3.62 KB
patch
obsolete
>diff --git management/univention-management-console/src/univention/management/console/oidc.py management/univention-management-console/src/univention/management/console/oidc.py >index c125531967c..76f44d64f29 100644 >--- management/univention-management-console/src/univention/management/console/oidc.py >+++ management/univention-management-console/src/univention/management/console/oidc.py >@@ -85,6 +85,14 @@ class OIDCResource(OAuth2Mixin, Resource): > """Base class for all OIDC resources.""" > > requires_authentication = False >+ _http_client = None >+ >+ @property >+ def http_client(self): >+ if self.__class__._http_client is None: >+ # TODO: make sure the connection is still valid >+ self.__class__._http_client = self.get_auth_http_client() >+ return self._http_client > > async def prepare(self): > await super().prepare() >@@ -291,9 +299,8 @@ class OIDCResource(OAuth2Mixin, Resource): > "Authorization": "Bearer %s" % (bearer_token,), > }, > ) >- http_client = self.get_auth_http_client() > try: >- user_info_res = await http_client.fetch(user_info_req) >+ user_info_res = await self.http_client.fetch(user_info_req) > except HTTPClientError as exc: > CORE.warn("Fetching user info failed: %s %s" % (user_info_req.url, exc)) > raise OpenIDProvideUnavailable(self._("Could not receive user information from OP.")) >@@ -304,10 +311,9 @@ class OIDCResource(OAuth2Mixin, Resource): > > async def download_jwks(self): > request = HTTPRequest(self._OAUTH_CERT_URL, method='GET') >- http_client = self.get_auth_http_client() > > try: >- response = await http_client.fetch(request, raise_error=False) >+ response = await self.http_client.fetch(request, raise_error=False) > except HTTPClientError as exc: > CORE.warn("Fetching certificate failed: %s %s" % (request.url, exc)) > raise OpenIDProvideUnavailable(self._("Could not receive certificate from OP.")) >@@ -324,7 +330,6 @@ class OIDCResource(OAuth2Mixin, Resource): > return await self._get_access_token(redirect_uri, {"refresh_token": refresh_token, "grant_type": "refresh_token"}) > > async def _get_access_token(self, redirect_uri, data): >- http_client = self.get_auth_http_client() > body = urlencode(dict( > data, > redirect_uri=redirect_uri, >@@ -332,7 +337,7 @@ class OIDCResource(OAuth2Mixin, Resource): > client_secret=self.client_secret, > )) # TODO: request specific AUD for ldap server > try: >- response = await http_client.fetch( >+ response = await self.http_client.fetch( > self._OAUTH_ACCESS_TOKEN_URL, > method="POST", > headers={"Content-Type": "application/x-www-form-urlencoded"}, >@@ -340,8 +345,6 @@ class OIDCResource(OAuth2Mixin, Resource): > ) > except HTTPClientError: > raise # handled in get() >- # TODO: why do we need that, see univention/dev/ucs#2388 >- http_client.close() > return escape.json_decode(response.body) > > async def refresh_session_tokens(self, user): >@@ -488,9 +491,8 @@ class OIDCLogout(_OIDCLogoutBase): > if not id_token: > raise BadRequest(self._("Not logged in")) > >- http_client = self.get_auth_http_client() > try: >- await http_client.fetch( >+ await self.http_client.fetch( > self._OAUTH_END_SESSION_URL, > method="POST", > headers={"Content-Type": "application/x-www-form-urlencoded"},
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11311">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 58269
: 11311