feat: add basic oidc check option

533b3906 · Peter Bolha · 2a82570c · 533b3906
Verified Commit 533b3906 authored 1 year ago by Peter Bolha
--- a/perun/proxy/utils/nagios/check_saml.py
+++ b/perun/proxy/utils/nagios/check_saml.py
@@ -4,21 +4,21 @@
 make a full roundtrip test for SAML based SSO
 """
+import argparse
 import base64
 import hmac
+import http.cookiejar
 import os
+import re
+import ssl
 import struct
-import argparse
 import sys
+import tempfile
 import time
-import urllib.request
 import urllib.error
 import urllib.parse
-import ssl
+import urllib.request
-import tempfile
-import re
 from html.parser import HTMLParser
-import http.cookiejar
 STATUS = {"OK": 0, "WARNING": 1, "CRITICAL": 2, "UNKNOWN": 3}
@@ -197,6 +197,11 @@ def get_args():
        default="check_saml_cache",
        help="name of the file used for the cache",
    )
+    parser.add_argument(
+        "--basic-oidc-check",
+        action="store_true",
+        help="check for presence of state and code parameters in the result",
+    )
    return parser.parse_args()
@@ -508,6 +513,17 @@ class SAMLChecker:
                    "WARNING",
                )
+        if self.args.basic_oidc_check:
+            mandatory_parameters = ["code=", "state="]
+            for param in mandatory_parameters:
+                if param not in response_url:
+                    if self.args.verbose >= 3:
+                        print(response_url)
+                    self.finish(
+                        f"Missing mandatory parameter '{param}' in response url.",
+                        "CRITICAL",
+                    )
        if not self.args.skip_logout_check:
            # test logout
            logout_html, logout_url = self.initial_request(self.args.logout_url)