Improve code for codeclimate

lepture · lepture · commit bfd3c659c9ea · 2019-07-11T17:35:00.000+09:00
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -13,10 +13,16 @@ checks:
     config:
       threshold: 35
 
+  method-count:
+    enabled: false
+
   file-lines:
     config:
       threshold: 460
 
   return-statements:
     config:
       threshold: 6
+
+  similar-code:
+    enabled: false
diff --git a/README.md b/README.md
@@ -184,6 +184,7 @@ Lovely features that Authlib has built-in:
 <summary>🎉 RFC8414: OAuth 2.0 Authorization Server Metadata</summary>
 
 - [x] Authorization Server Metadata Model
+- [x] Well Known URI
 - [ ] Framework integrations
 </details>
 
@@ -196,8 +197,11 @@ Lovely features that Authlib has built-in:
 </details>
 
 <details>
-  <summary>⏳ OpenID Connect Discovery 1.0</summary>
-  <p>Developers can create a JSON file themselves.</p>
+  <summary>🎉 OpenID Connect Discovery 1.0</summary>
+
+- [x] OpenID Provider Metadata Model
+- [x] Well Known URI
+- [ ] Framework integrations
 </details>
 
 And more will be added.
diff --git a/authlib/oauth2/client.py b/authlib/oauth2/client.py
@@ -151,21 +151,10 @@ def fetch_token(self, url=None, code=None, authorization_response=None,
         InsecureTransportError.check(url)
 
         session_kwargs = self._extract_session_request_params(kwargs)
-        if code or authorization_response:
-            body = self._prepare_authorization_code_body(
-                code, authorization_response, body, **kwargs)
-        elif username and password:
-            if 'scope' not in kwargs and self.scope:
-                kwargs['scope'] = self.scope
-            grant_type = kwargs.pop('grant_type', 'password')
-            body = prepare_token_request(
-                grant_type, body, username=username,
-                password=password, **kwargs)
-        else:
-            grant_type = kwargs.pop('grant_type', 'client_credentials')
-            if 'scope' not in kwargs and self.scope:
-                kwargs['scope'] = self.scope
-            body = prepare_token_request(grant_type, body, **kwargs)
+
+        body = self._prepare_token_endpoint_body(
+            code, authorization_response, body,
+            username, password, **kwargs)
 
         if auth is None:
             auth = self.client_auth
@@ -333,6 +322,25 @@ def _prepare_authorization_code_body(self, code, authorization_response,
             'authorization_code', body=body,
             code=code, state=state, **kwargs)
 
+    def _prepare_token_endpoint_body(self, code, authorization_response,
+                                         body, username, password, **kwargs):
+        if code or authorization_response:
+            body = self._prepare_authorization_code_body(
+                code, authorization_response, body, **kwargs)
+        elif username and password:
+            if 'scope' not in kwargs and self.scope:
+                kwargs['scope'] = self.scope
+            grant_type = kwargs.pop('grant_type', 'password')
+            body = prepare_token_request(
+                grant_type, body, username=username,
+                password=password, **kwargs)
+        else:
+            grant_type = kwargs.pop('grant_type', 'client_credentials')
+            if 'scope' not in kwargs and self.scope:
+                kwargs['scope'] = self.scope
+            body = prepare_token_request(grant_type, body, **kwargs)
+        return body
+
     def _extract_session_request_params(self, kwargs):
         """Extract parameters for session object from the passing ``**kwargs``."""
         rv = {}
diff --git a/authlib/oauth2/rfc8414/models.py b/authlib/oauth2/rfc8414/models.py
@@ -107,7 +107,7 @@ def validate_scopes_supported(self):
         Servers MAY choose not to advertise some supported scope values
         even when this parameter is used.
         """
-        _validate_array_value(self, 'scopes_supported')
+        validate_array_value(self, 'scopes_supported')
 
     def validate_response_types_supported(self):
         """REQUIRED.  JSON array containing a list of the OAuth 2.0
@@ -130,7 +130,7 @@ def validate_response_modes_supported(self):
         "fragment"]".  The response mode value "form_post" is also defined
         in "OAuth 2.0 Form Post Response Mode" [OAuth.Post].
         """
-        _validate_array_value(self, 'response_modes_supported')
+        validate_array_value(self, 'response_modes_supported')
 
     def validate_grant_types_supported(self):
         """OPTIONAL. JSON array containing a list of the OAuth 2.0 grant
@@ -140,7 +140,7 @@ def validate_grant_types_supported(self):
         Protocol" [RFC7591].  If omitted, the default value is
         "["authorization_code", "implicit"]".
         """
-        _validate_array_value(self, 'grant_types_supported')
+        validate_array_value(self, 'grant_types_supported')
 
     def validate_token_endpoint_auth_methods_supported(self):
         """OPTIONAL.  JSON array containing a list of client authentication
@@ -150,7 +150,7 @@ def validate_token_endpoint_auth_methods_supported(self):
         default is "client_secret_basic" -- the HTTP Basic Authentication
         Scheme specified in Section 2.3.1 of OAuth 2.0 [RFC6749].
         """
-        _validate_array_value(self, 'token_endpoint_auth_methods_supported')
+        validate_array_value(self, 'token_endpoint_auth_methods_supported')
 
     def validate_token_endpoint_auth_signing_alg_values_supported(self):
         """OPTIONAL.  JSON array containing a list of the JWS signing
@@ -187,7 +187,7 @@ def validate_ui_locales_supported(self):
         [RFC5646].  If omitted, the set of supported languages and scripts
         is unspecified.
         """
-        _validate_array_value(self, 'ui_locales_supported')
+        validate_array_value(self, 'ui_locales_supported')
 
     def validate_op_policy_uri(self):
         """OPTIONAL.  URL that the authorization server provides to the
@@ -234,7 +234,7 @@ def validate_revocation_endpoint_auth_methods_supported(self):
         "client_secret_basic" -- the HTTP Basic Authentication Scheme
         specified in Section 2.3.1 of OAuth 2.0 [RFC6749].
         """
-        _validate_array_value(self, 'revocation_endpoint_auth_methods_supported')
+        validate_array_value(self, 'revocation_endpoint_auth_methods_supported')
 
     def validate_revocation_endpoint_auth_signing_alg_values_supported(self):
         """OPTIONAL.  JSON array containing a list of the JWS signing
@@ -273,7 +273,7 @@ def validate_introspection_endpoint_auth_methods_supported(self):
         omitted, the set of supported authentication methods MUST be
         determined by other means.
         """
-        _validate_array_value(self, 'introspection_endpoint_auth_methods_supported')
+        validate_array_value(self, 'introspection_endpoint_auth_methods_supported')
 
     def validate_introspection_endpoint_auth_signing_alg_values_supported(self):
         """OPTIONAL.  JSON array containing a list of the JWS signing
@@ -302,7 +302,7 @@ def validate_code_challenge_methods_supported(self):
         [IANA.OAuth.Parameters].  If omitted, the authorization server
         does not support PKCE.
         """
-        _validate_array_value(self, 'code_challenge_methods_supported')
+        validate_array_value(self, 'code_challenge_methods_supported')
 
     @property
     def response_modes_supported(self):
@@ -376,7 +376,7 @@ def _validate_alg_values(data, key, auth_methods_supported):
             'the value "none" MUST NOT be used in "{}"'.format(key))
 
 
-def _validate_array_value(metadata, key):
+def validate_array_value(metadata, key):
     values = metadata.get(key)
     if values is not None and not isinstance(values, list):
         raise ValueError('"{}" MUST be JSON array'.format(key))
diff --git a/authlib/oidc/core/grants/code.py b/authlib/oidc/core/grants/code.py
@@ -41,7 +41,7 @@ def exists_nonce(self, nonce, request):  # pragma: no cover
 
             def exists_nonce(self, nonce, request):
                 exists = AuthorizationCode.query.filter_by(
-                    client_id=req.client_id, nonce=nonce
+                    client_id=request.client_id, nonce=nonce
                 ).first()
                 return bool(exists)
 
diff --git a/authlib/oidc/core/grants/implicit.py b/authlib/oidc/core/grants/implicit.py
@@ -29,7 +29,7 @@ def exists_nonce(self, nonce, request):
 
             def exists_nonce(self, nonce, request):
                 exists = AuthorizationCode.query.filter_by(
-                    client_id=req.client_id, nonce=nonce
+                    client_id=request.client_id, nonce=nonce
                 ).first()
                 return bool(exists)
 
diff --git a/authlib/oidc/discovery/models.py b/authlib/oidc/discovery/models.py
@@ -1,4 +1,5 @@
 from authlib.oauth2.rfc8414 import AuthorizationServerMetadata
+from authlib.oauth2.rfc8414.models import validate_array_value
 
 
 class OpenIDProviderMetadata(AuthorizationServerMetadata):
@@ -53,7 +54,7 @@ def validate_acr_values_supported(self):
         """OPTIONAL. JSON array containing a list of the Authentication
         Context Class References that this OP supports.
         """
-        _validate_array_value(self, 'acr_values_supported')
+        validate_array_value(self, 'acr_values_supported')
 
     def validate_subject_types_supported(self):
         """REQUIRED. JSON array containing a list of the Subject Identifier
@@ -102,35 +103,35 @@ def validate_id_token_encryption_alg_values_supported(self):
         algorithms (alg values) supported by the OP for the ID Token to
         encode the Claims in a JWT.
         """
-        _validate_array_value(self, 'id_token_encryption_alg_values_supported')
+        validate_array_value(self, 'id_token_encryption_alg_values_supported')
 
     def validate_id_token_encryption_enc_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWE encryption
         algorithms (enc values) supported by the OP for the ID Token to
         encode the Claims in a JWT.
         """
-        _validate_array_value(self, 'id_token_encryption_enc_values_supported')
+        validate_array_value(self, 'id_token_encryption_enc_values_supported')
 
     def validate_userinfo_signing_alg_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWS signing
         algorithms (alg values) [JWA] supported by the UserInfo Endpoint
         to encode the Claims in a JWT. The value none MAY be included.
         """
-        _validate_array_value(self, 'userinfo_signing_alg_values_supported')
+        validate_array_value(self, 'userinfo_signing_alg_values_supported')
 
     def validate_userinfo_encryption_alg_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWE encryption
         algorithms (alg values) [JWA] supported by the UserInfo Endpoint
         to encode the Claims in a JWT.
         """
-        _validate_array_value(self, 'userinfo_encryption_alg_values_supported')
+        validate_array_value(self, 'userinfo_encryption_alg_values_supported')
 
     def validate_userinfo_encryption_enc_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWE encryption
         algorithms (enc values) [JWA] supported by the UserInfo Endpoint
         to encode the Claims in a JWT.
         """
-        _validate_array_value(self, 'userinfo_encryption_enc_values_supported')
+        validate_array_value(self, 'userinfo_encryption_enc_values_supported')
 
     def validate_request_object_signing_alg_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWS signing
@@ -160,15 +161,15 @@ def validate_request_object_encryption_alg_values_supported(self):
         These algorithms are used both when the Request Object is passed
         by value and when it is passed by reference.
         """
-        _validate_array_value(self, 'request_object_encryption_alg_values_supported')
+        validate_array_value(self, 'request_object_encryption_alg_values_supported')
 
     def validate_request_object_encryption_enc_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWE encryption
         algorithms (enc values) supported by the OP for Request Objects.
         These algorithms are used both when the Request Object is passed
         by value and when it is passed by reference.
         """
-        _validate_array_value(self, 'request_object_encryption_enc_values_supported')
+        validate_array_value(self, 'request_object_encryption_enc_values_supported')
 
     def validate_display_values_supported(self):
         """OPTIONAL. JSON array containing a list of the display parameter
@@ -195,8 +196,6 @@ def validate_claim_types_supported(self):
         """
         values = self.get('claim_types_supported')
         if not values:
-            # If omitted, the implementation supports only normal Claims
-            self['claim_types_supported'] = ['normal']
             return
 
         if not isinstance(values, list):
@@ -212,15 +211,15 @@ def validate_claims_supported(self):
         for. Note that for privacy or other reasons, this might not be an
         exhaustive list.
         """
-        _validate_array_value(self, 'claims_supported')
+        validate_array_value(self, 'claims_supported')
 
     def validate_claims_locales_supported(self):
         """OPTIONAL. Languages and scripts supported for values in Claims
         being returned, represented as a JSON array of BCP47 [RFC5646]
         language tag values. Not all languages and scripts are necessarily
         supported for all Claim values.
         """
-        _validate_array_value(self, 'claims_locales_supported')
+        validate_array_value(self, 'claims_locales_supported')
 
     def validate_claims_parameter_supported(self):
         """OPTIONAL. Boolean value specifying whether the OP supports use of
@@ -251,6 +250,11 @@ def validate_require_request_uri_registration(self):
         """
         _validate_boolean_value(self, 'require_request_uri_registration')
 
+    @property
+    def claim_types_supported(self):
+        # If omitted, the implementation supports only normal Claims
+        return self.get('claim_types_supported', ['normal'])
+
     @property
     def claims_parameter_supported(self):
         # If omitted, the default value is false.
@@ -271,14 +275,9 @@ def require_request_uri_registration(self):
         # If omitted, the default value is false.
         return self.get('require_request_uri_registration', False)
 
+
 def _validate_boolean_value(metadata, key):
     if key not in metadata:
         return
     if metadata[key] not in (True, False):
         raise ValueError('"{}" MUST be boolean'.format(key))
-
-
-def _validate_array_value(metadata, key):
-    values = metadata.get(key)
-    if values is not None and not isinstance(values, list):
-        raise ValueError('"{}" MUST be JSON array'.format(key))
diff --git a/tests/core/test_oidc/test_discovery.py b/tests/core/test_oidc/test_discovery.py
@@ -154,6 +154,8 @@ def test_validate_claim_types_supported(self):
             'claim_types_supported',
             ['invalid']
         )
+        metadata = OpenIDProviderMetadata()
+        self.assertEqual(metadata.claim_types_supported, ['normal'])
 
     def test_validate_claims_supported(self):
         self._call_validate_array(

Original file line number	Diff line number	Diff line change
`@@ -154,6 +154,8 @@ def test_validate_claim_types_supported(self):`
`154`	`154`	`'claim_types_supported',`
`155`	`155`	`['invalid']`
`156`	`156`	`)`
	`157`	`+ metadata = OpenIDProviderMetadata()`
	`158`	`+ self.assertEqual(metadata.claim_types_supported, ['normal'])`
`157`	`159`
`158`	`160`	`def test_validate_claims_supported(self):`
`159`	`161`	`self._call_validate_array(`