Beispiel #1
0
    def test_urlencode_sequences(self):
        # Other tests incidentally urlencode things; test non-covered cases:
        # Sequence and object values.
        result = urllib_parse.urlencode({'a': [1, 2], 'b': (3, 4, 5)}, True)
        # we cannot rely on ordering here
        assert set(result.split('&')) == set(['a=1', 'a=2', 'b=3', 'b=4', 'b=5'])

        class Trivial(object):
            def __str__(self):
                return 'trivial'

        result = urllib_parse.urlencode({'a': Trivial()}, True)
        self.assertEqual(result, 'a=trivial')
    def test_urlencode_sequences(self):
        # Other tests incidentally urlencode things; test non-covered cases:
        # Sequence and object values.
        result = urllib_parse.urlencode({'a': [1, 2], 'b': (3, 4, 5)}, True)
        # we cannot rely on ordering here
        assert set(result.split('&')) == set(['a=1', 'a=2', 'b=3', 'b=4', 'b=5'])

        class Trivial(object):
            def __str__(self):
                return 'trivial'

        result = urllib_parse.urlencode({'a': Trivial()}, True)
        self.assertEqual(result, 'a=trivial')
Beispiel #3
0
 def person_card_to_words(self, picPath):
     access_token = self.__token__(
     ) if orc_baidu_token is None else orc_baidu_token
     url = 'https://aip.baidubce.com/rest/2.0/ocr/v1/idcard?access_token=' + access_token
     # 二进制方式打开图文件
     f = open(picPath, 'rb')
     # 参数image:图像base64编码
     img = base64.b64encode(f.read())
     params = {
         "image": img,
         "id_card_side": "front",
         "detect_direction": "true",
         "detect_risk": "true"
     }
     params = parse.urlencode(params).encode("utf-8")
     self.headers["Content-Type"] = 'application/x-www-form-urlencoded'
     request = Request(url, data=params, headers=self.headers)
     response = urlopen(request)
     content = response.read()
     result = {}
     if (content):
         words_result = (eval(bytes.decode(content))["words_result"])
         for key in words_result:
             result[key] = words_result[key]["words"]
     print(result)
     return result
Beispiel #4
0
    def test_registration_request(self):
        req = RegistrationRequest(
            operation="register",
            default_max_age=10,
            require_auth_time=True,
            default_acr="foo",
            application_type="web",
            redirect_uris=["https://example.com/authz_cb"])
        assert req.verify()
        js = req.to_json()
        js_obj = json.loads(js)
        expected_js_obj = {
            "redirect_uris": ["https://example.com/authz_cb"],
            "application_type": "web",
            "default_acr": "foo",
            "require_auth_time": True,
            "operation": "register",
            "default_max_age": 10,
            "response_types": ["code"]
        }
        assert js_obj == expected_js_obj

        flattened_list_dict = {
            k: v[0] if isinstance(v, list) else v
            for k, v in expected_js_obj.items()
        }
        assert query_string_compare(req.to_urlencoded(),
                                    urlencode(flattened_list_dict))
Beispiel #5
0
def claims_ser(val, sformat="urlencoded", lev=0):
    # everything in c_extension
    if isinstance(val, six.string_types):
        item = val
    elif isinstance(val, list):
        item = val[0]
    else:
        item = val

    if isinstance(item, Message):
        return item.serialize(method=sformat, lev=lev + 1)

    if sformat == "urlencoded":
        res = urlencode(item)
    elif sformat == "json":
        if lev:
            res = item
        else:
            res = json.dumps(item)
    elif sformat == "dict":
        if isinstance(item, dict):
            res = item
        else:
            raise MessageException("Wrong type: %s" % type(item))
    else:
        raise OicMsgError("Unknown sformat: %s" % sformat, val)

    return res
Beispiel #6
0
def set_start_page(oper, args):
    _conf = oper.sh['test_conf']
    _url = _conf['start_page']
    _iss = oper.conv.entity.baseurl
    _params = _conf['params'].replace('<issuer>', _iss)
    _args = dict([p.split('=') for p in _params.split('&')])
    oper.start_page = _url + '?' + urlencode(_args)
Beispiel #7
0
def set_start_page(oper, args):
    _conf = oper.sh['test_conf']
    _url = _conf['start_page']
    _iss = oper.conv.entity.baseurl
    _params = _conf['params'].replace('<issuer>', _iss)
    _args = dict([p.split('=') for p in _params.split('&')])
    oper.start_page = _url + '?' + urlencode(_args)
Beispiel #8
0
    def create_redirect(self, query):
        """
        Performs the redirect to the CAS server.

        :rtype : Response
        :param query: All query parameters to be added to the return_to URL
        after successful authentication.
        :return: A redirect response to the CAS server.
        """
        try:
            req = parse_qs(query)
            acr = req['acr_values'][0]
        except KeyError:
            acr = None

        nonce = uuid.uuid4().get_urn()
        service_url = urlencode(
            {self.CONST_SERVICE: self.get_service_url(nonce, acr)})
        cas_url = self.cas_server + self.CONST_CASLOGIN + service_url
        cookie = self.create_cookie(
            '{"' + self.CONST_NONCE + '": "' + base64.b64encode(
                nonce) + '", "' +
            self.CONST_QUERY + '": "' + base64.b64encode(query) + '"}',
            self.CONST_CAS_COOKIE,
            self.CONST_CAS_COOKIE)
        return SeeOther(cas_url, headers=[cookie])
Beispiel #9
0
def create_return_form_env(user, password, query):
    _dict = {
        "login": user,
        "password": password,
        "query": query
    }

    return urlencode(_dict)
Beispiel #10
0
def url_encode_params(params=None):
    if not isinstance(params, dict):
        raise InstantiationError("You must pass in a dictionary!")
    params_list = []
    for k, v in params.items():
        if isinstance(v, list):
            params_list.extend([(k, x) for x in v])
        else:
            params_list.append((k, v))
    return urlencode(params_list)
Beispiel #11
0
def url_encode_params(params=None):
    if not isinstance(params, dict):
        raise InstantiationError("You must pass in a dictionary!")
    params_list = []
    for k, v in params.items():
        if isinstance(v, list):
            params_list.extend([(k, x) for x in v])
        else:
            params_list.append((k, v))
    return urlencode(params_list)
 def test_post_types(self):
     """Ensure various POST formats"""
     r = self.client.post('/bitbucket/',
                          data=json.dumps(self.hg_payload),
                          content_type='application/json')
     self.assertEqual(r.status_code, 200)
     r = self.client.post('/bitbucket/',
                          data=urlencode({'payload': json.dumps(self.hg_payload)}),
                          content_type='application/x-www-form-urlencoded')
     self.assertEqual(r.status_code, 200)
Beispiel #13
0
def update_url_with_kwargs(url, **kwargs):
    if not url:
        return

    url_parts = list(urlparse(url))
    query = dict(parse_qsl(url_parts[4]))
    query.update(kwargs)
    url_parts[4] = urlencode(query)

    return urlunparse(url_parts)
 def test_post_types(self):
     """Ensure various POST formats"""
     r = self.client.post('/bitbucket/',
                          data=json.dumps(self.hg_payload),
                          content_type='application/json')
     self.assertEqual(r.status_code, 200)
     r = self.client.post('/bitbucket/',
                          data=urlencode({'payload': json.dumps(self.hg_payload)}),
                          content_type='application/x-www-form-urlencoded')
     self.assertEqual(r.status_code, 200)
Beispiel #15
0
    def test_parse_authz_without_code(self):
        sid, loc = self.consumer.begin("http://localhost:8087",
                                       "http://localhost:8088/authorization")

        atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)

        adict = atr.to_dict()
        del adict["code"]

        with pytest.raises(MissingRequiredAttribute):
            self.consumer.handle_authorization_response(query=urlencode(adict))
Beispiel #16
0
    def test_endsession_endpoint_with_id_token_hint(self):
        id_token = self._auth_with_id_token()
        assert self.provider.sdb.get_sids_by_sub(
                id_token["sub"])  # verify we got valid session

        id_token_hint = id_token.to_jwt(algorithm="none")
        resp = self.provider.endsession_endpoint(
                urlencode({"id_token_hint": id_token_hint}))
        assert not self.provider.sdb.get_sids_by_sub(
                id_token["sub"])  # verify session has been removed
        self._assert_cookies_expired(resp.headers)
Beispiel #17
0
    def test_endsession_endpoint_with_id_token_hint(self):
        id_token = self._auth_with_id_token()
        assert self.provider.sdb.get_sids_by_sub(
            id_token["sub"])  # verify we got valid session

        id_token_hint = id_token.to_jwt(algorithm="none")
        resp = self.provider.endsession_endpoint(
            urlencode({"id_token_hint": id_token_hint}))
        assert not self.provider.sdb.get_sids_by_sub(
            id_token["sub"])  # verify session has been removed
        self._assert_cookies_expired(resp.headers)
Beispiel #18
0
    def test_parse_authz_without_code(self):
        sid, loc = self.consumer.begin("http://localhost:8087",
                                       "http://localhost:8088/authorization")

        atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
                                    state=sid)

        adict = atr.to_dict()
        del adict["code"]

        with pytest.raises(MissingRequiredAttribute):
            self.consumer.handle_authorization_response(query=urlencode(adict))
Beispiel #19
0
    def test_endsession_endpoint_with_post_logout_redirect_uri(self):
        id_token = self._auth_with_id_token()
        assert self.provider.sdb.get_sids_by_sub(
                id_token["sub"])  # verify we got valid session

        post_logout_redirect_uri = \
            CDB[CLIENT_CONFIG["client_id"]]["post_logout_redirect_uris"][0][0]
        resp = self.provider.endsession_endpoint(urlencode(
                {"post_logout_redirect_uri": post_logout_redirect_uri}))
        assert isinstance(resp, SeeOther)
        assert not self.provider.sdb.get_sids_by_sub(
                id_token["sub"])  # verify session has been removed
        self._assert_cookies_expired(resp.headers)
Beispiel #20
0
    def test_begin(self):
        sid, loc = self.consumer.begin("http://localhost:8087",
                                       "http://localhost:8088/authorization")

        # state is dynamic
        params = {"scope": "openid",
                  "state": sid,
                  "redirect_uri": "http://localhost:8087/authz",
                  "response_type": "code",
                  "client_id": "number5"}

        url = "http://localhost:8088/authorization?{}".format(urlencode(params))
        assert url_compare(loc, url)
Beispiel #21
0
    def test_endsession_endpoint_with_post_logout_redirect_uri(self):
        id_token = self._auth_with_id_token()
        assert self.provider.sdb.get_sids_by_sub(
            id_token["sub"])  # verify we got valid session

        post_logout_redirect_uri = \
            CDB[CLIENT_CONFIG["client_id"]]["post_logout_redirect_uris"][0][0]
        resp = self.provider.endsession_endpoint(
            urlencode({"post_logout_redirect_uri": post_logout_redirect_uri}))
        assert isinstance(resp, SeeOther)
        assert not self.provider.sdb.get_sids_by_sub(
            id_token["sub"])  # verify session has been removed
        self._assert_cookies_expired(resp.headers)
def gravatar(email, size=48):
    """
    Hacked from djangosnippets.org, but basically given an email address

    render an img tag with the hashed up bits needed for leetness
    omgwtfstillreading
    """
    url = "http://www.gravatar.com/avatar.php?%s" % urlencode({
        'gravatar_id': hashlib.md5(email).hexdigest(),
        'size': str(size)
    })
    return ('<img src="%s" width="%s" height="%s" alt="gravatar" '
            'class="gravatar" border="0" />' % (url, size, size))
Beispiel #23
0
    def test_begin(self):
        sid, loc = self.consumer.begin("http://localhost:8087",
                                       "http://localhost:8088/authorization")

        # state is dynamic
        params = {"scope": "openid",
                  "state": sid,
                  "redirect_uri": "http://localhost:8087/authz",
                  "response_type": "code",
                  "client_id": "number5"}

        url = "http://localhost:8088/authorization?{}".format(urlencode(params))
        assert url_compare(loc, url)
Beispiel #24
0
def post_logout_redirect_uri_with_query_component(oper, args):
    """
    Context:
        AsyncAuthn
    Action:
        Add a query component to the post_logout_redirect_uri
    Args:
        Dictionary with keys and values to build the query part from
    Example:
        "post_logout_redirect_uri_with_query_component": {"foo":  "bar"}
    """
    ru = oper.conv.entity.registration_response['post_logout_redirect_uris'][0]
    ru += "?%s" % urlencode(args)
    oper.req_args.update({"post_logout_redirect_uri": [ru]})
Beispiel #25
0
def redirect_uris_with_query_component(oper, args):
    """
    Context: AsyncAuthn
    Action: Add a query component to the redirect_uris
    Example:
        redirect_uris_with_query_component:
            foo: bar

    :param oper: An Operation Instance
    :param kwargs: Values to build the query part from
    """
    ru = oper.conv.entity.registration_info['redirect_uris'][0]
    ru += "?%s" % urlencode(args)
    oper.req_args.update({"redirect_uris": [ru]})
Beispiel #26
0
def gravatar(email, size=48):
    """
    Hacked from djangosnippets.org, but basically given an email address

    render an img tag with the hashed up bits needed for leetness
    omgwtfstillreading
    """
    url = "http://www.gravatar.com/avatar.php?%s" % urlencode(
        {
            'gravatar_id': hashlib.md5(email).hexdigest(),
            'size': str(size)
        })
    return ('<img src="%s" width="%s" height="%s" alt="gravatar" '
            'class="gravatar" border="0" />' % (url, size, size))
Beispiel #27
0
def redirect_uris_with_query_component(oper, args):
    """
    Context: AsyncAuthn
    Action: Add a query component to the redirect_uris
    Example:
        redirect_uris_with_query_component:
            foo: bar

    :param oper: An Operation Instance
    :param kwargs: Values to build the query part from
    """
    ru = oper.conv.entity.registration_info['redirect_uris'][0]
    ru += "?%s" % urlencode(args)
    oper.req_args.update({"redirect_uris": [ru]})
Beispiel #28
0
    def test_parse_access_token_resp_missing_attribute(self):
        atresp = AccessTokenResponse(access_token="SlAV32hkKG",
                                     token_type="Bearer",
                                     refresh_token="8xLOxBtZp8",
                                     expire_in=3600)
        atdict = atresp.to_dict()
        del atdict["access_token"]  # remove required access_token
        atj = json.dumps(atdict)

        with pytest.raises(MissingRequiredAttribute):
            self.client.parse_response(AccessTokenResponse, info=atj)

        with pytest.raises(MissingRequiredAttribute):
            self.client.parse_response(AccessTokenResponse,
                                       info=urlencode(atdict),
                                       sformat='urlencoded')
Beispiel #29
0
    def test_set_quota_invalid_user(self):
        # Mock the command line call
        user = MagicMock()
        user.pw_uid = 1001
        minarca_quota_api._getpwnam = MagicMock(return_value=user)

        # Make the query
        headers = [("Authorization",
                    "Basic " + b64encode(b"minarca:secret").decode('ascii'))]
        body = urlencode([(b'size', b'2147483648')])
        self.getPage('/quota/someuser',
                     method='PUT',
                     headers=headers,
                     body=body)
        self.assertStatus(500)
        pass
Beispiel #30
0
    def test_parse_access_token_resp_missing_attribute(self):
        atresp = AccessTokenResponse(access_token="SlAV32hkKG",
                                     token_type="Bearer",
                                     refresh_token="8xLOxBtZp8",
                                     expire_in=3600)
        atdict = atresp.to_dict()
        del atdict["access_token"]  # remove required access_token
        atj = json.dumps(atdict)

        with pytest.raises(MissingRequiredAttribute):
            self.client.parse_response(AccessTokenResponse, info=atj)

        with pytest.raises(MissingRequiredAttribute):
            self.client.parse_response(AccessTokenResponse,
                                       info=urlencode(atdict),
                                       sformat='urlencoded')
Beispiel #31
0
def redirect_uris_with_query_component(oper, args):
    """
    Context:
        Registration
    Action:
        Add a query component to the redirect_uris
    Args:
        Dictionary with attributes and values to build the query part from
    Example:
        "redirect_uris_with_query_component": {
          "foo": "bar"
        }
    """
    ru = oper.conv.entity.registration_info['redirect_uris'][0]
    ru += "?%s" % urlencode(args)
    oper.req_args.update({"redirect_uris": [ru]})
Beispiel #32
0
    def test_registration_request(self):
        req = RegistrationRequest(operation="register", default_max_age=10,
                                  require_auth_time=True, default_acr="foo",
                                  application_type="web",
                                  redirect_uris=[
                                      "https://example.com/authz_cb"])
        js = req.to_json()
        js_obj = json.loads(js)
        expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"],
                           "application_type": "web", "default_acr": "foo",
                           "require_auth_time": True, "operation": "register",
                           "default_max_age": 10, "response_types": ["code"]}
        assert js_obj == expected_js_obj

        flattened_list_dict = {k: v[0] if isinstance(v, list) else v for k, v in expected_js_obj.items()}
        assert query_string_compare(req.to_urlencoded(), urlencode(flattened_list_dict))
Beispiel #33
0
    def create_discovery_service_response(return_url=None,
                                          returnIDParam="entityID",
                                          entity_id=None, **kwargs):
        if return_url is None:
            return_url = kwargs["return"]

        if entity_id:
            qp = urlencode({returnIDParam: entity_id})

            part = urlparse(return_url)
            if part.query:
                # Iff there is a query part add the new info at the end
                return_url = "%s&%s" % (return_url, qp)
            else:
                return_url = "%s?%s" % (return_url, qp)

        return return_url
Beispiel #34
0
def test_form_modify():
    ori = [
        ("a", "1"),
        ("b", "2"),
        ("a", "3"),
        ("d", "4"),
        ("f", ""),
    ]
    ori_text = parse.urlencode(ori)
    root = load(ori_text)

    root.children[1].reload("foo")  # b=foo

    assert root.text == "a=1&b=foo&a=3&d=4&f="
    assert root.data == QueryDict([('a', '1'), ('b', 'foo'), ('a', '3'), ('d', '4'), ('f', '')])
    assert root.children[1].data == "foo"
    assert root.children[1].index_in_parent == 1
Beispiel #35
0
    def test_set_quota(self):
        # Mock the command line call
        minarca_quota_api.subprocess.check_output = MagicMock(side_effect=[
            '', '1121784464\n2147483648\n1122091872\n718078912672\n'
        ])
        user = MagicMock()
        user.pw_uid = 1001
        minarca_quota_api._getpwnam = MagicMock(return_value=user)

        # Make the query
        headers = [("Authorization",
                    "Basic " + b64encode(b"minarca:secret").decode('ascii'))]
        body = urlencode([(b'size', b'2147483648')])
        self.getPage('/quota/someuser',
                     method='PUT',
                     headers=headers,
                     body=body)
        self.assertStatus(200)
        pass
Beispiel #36
0
def test_basic_form():
    ori = [
        ("a", "1"),
        ("b", "2"),
        ("a", "3"),
        ("d", "4"),
        ("f", ""),
    ]
    ori_text = parse.urlencode(ori)
    root = load(ori_text)

    assert isinstance(root, FormNode)
    assert root.data == QueryDict([('a', '1'), ('b', '2'), ('a', '3'), ('d', '4'), ('f', '')])
    assert root.text == ori_text

    for index, node in enumerate(root.iter_tree()):
        assert isinstance(node, PlainNode)
        assert node.key == ori[index][0]
        assert node.data == ori[index][1]
        assert node.index_in_parent == index
Beispiel #37
0
    def run(self):
        _client = self.conv.entity

        if 'add_state' in self.op_args:
            _state = rndstr(32)
            _client.logout_state2state[_state] = self.req_args['state']
            self.op_args['state'] = self.req_args['state']
            self.conv.end_session_state = _state
            self.req_args['state'] = _state

        logger.debug('req_args {}'.format(self.req_args))
        logger.debug('op_args {}'.format(self.op_args))

        url, body, ht_args, csi = _client.request_info(
            self.request,
            method=self.method,
            request_args=self.req_args,
            lax=True,
            **self.op_args)

        if 'remove_id_token_hint' in self.op_args:
            try:
                del csi['id_token_hint']
            except KeyError:
                pass
            head, tail = url.split('?')
            _qs = parse_qs(tail)
            try:
                del _qs['id_token_hint']
            except KeyError:
                pass
            _qs = {k: v[0] for k, v in _qs.items()}
            url = '{}?{}'.format(head, urlencode(_qs))

        self.csi = csi

        self.conv.events.store(EV_REDIRECT_URL,
                               url,
                               sender=self.__class__.__name__)
        return Redirect(str(url))
Beispiel #38
0
def test_form_fork():
    ori = [
        ("a", "1"),
        ("b", "2"),
        ("a", "3"),
        ("d", "4"),
        ("f", ""),
    ]
    ori_text = parse.urlencode(ori)
    root = load(ori_text)

    # 新树的根节点
    new_root = root.children[1].fork_tree("foo")  # b=foo

    assert new_root.text == "a=1&b=foo&a=3&d=4&f="
    assert new_root.data == QueryDict([('a', '1'), ('b', 'foo'), ('a', '3'), ('d', '4'), ('f', '')])
    assert new_root.children[1].data == "foo"
    assert new_root.children[1].index_in_parent == 1

    # 旧树不发生改变
    assert root.data == QueryDict([('a', '1'), ('b', '2'), ('a', '3'), ('d', '4'), ('f', '')])
    assert root.children[1] is not new_root.children[1]
Beispiel #39
0
    def hands_pic_to_words(self, picPath):
        access_token = self.__token__(
        ) if orc_baidu_token is None else orc_baidu_token
        url = 'https://aip.baidubce.com/rest/2.0/ocr/v1/handwriting?access_token=' + access_token
        # 二进制方式打开图文件
        f = open(picPath, 'rb')
        # 参数image:图像base64编码
        img = base64.b64encode(f.read())
        params = {"image": img}
        params = parse.urlencode(params).encode("utf-8")

        self.headers["Content-Type"] = 'application/x-www-form-urlencoded'
        request = Request(url, data=params, headers=self.headers)
        response = urlopen(request)
        content = response.read()
        result = ""
        if (content):
            words_result = (eval(bytes.decode(content))["words_result"])
            for word in words_result:
                result = result + word["words"]
        print(result)
        return result
Beispiel #40
0
    def test_full_flow(self):
        # make account linking request
        request_args = {"id": "id", "idp": "idp", "redirect_endpoint": "https://client.example.com/redirect_endpoint"}
        jws = JWS(json.dumps(request_args)).sign_compact([self.signing_key])
        path_get_id = "/get_id?{}".format(urlencode({"jwt": jws}))
        resp = self.app.get(path_get_id)
        assert resp.status_code == 404
        ticket = resp.data.decode("utf-8")

        # user gets redirected to the account linking page
        resp = self.app.get("/approve/{}".format(ticket))
        assert resp.status_code == 200

        # redirect user to create an account page
        resp = self.app.post("/create_account")
        assert resp.status_code == 200

        # send token by email (faked by writing it to a file)
        resp = self.app.post("/send_token", data={"email": "*****@*****.**"})
        assert resp.status_code == 200

        # get token from file
        with open("token") as f:
            token = f.read()

        # verify token
        resp = self.app.post("/verify_token", data={"token": token})
        assert resp.status_code == 200

        # save account with a pin code
        resp = self.app.post("/save_account", data={"pin": "!AbC123#"})
        assert resp.status_code == 302
        assert resp.headers["Location"] == request_args["redirect_endpoint"]

        # get the id
        resp = self.app.get(path_get_id)
        assert resp.status_code == 200
        assert resp.data.decode("utf-8")
Beispiel #41
0
def test_deep_mutant_complex():
    """测试复杂的包含递归的项"""
    fz = make_complex_req()
    fz.query["c"] = json.dumps(dict(
        j="son",
        f="yet=another&form=1",
    ))
    fz.data["e"] = parse.urlencode([
        ("cat", "dog"),
        ("j2", '{"foo":"bar"}'),
    ])
    mutant = DeepMutant(DummyPayloadFactory)

    expected = [
        # query
        b"/anything?a=a__1&b=2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3D1%22%7D&a=x&a=y",
        b"/anything?a=1&b=b__2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3D1%22%7D&a=x&a=y",
        b"/anything?a=1&b=2&c=c__%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3D1%22%7D&a=x&a=y",
        b"/anything?a=1&b=2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3D1%22%7D&a=a__x&a=y",
        b"/anything?a=1&b=2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3D1%22%7D&a=x&a=a__y",
        b"/anything?a=1&b=2&c=%7B%22j%22%3A+%22j__son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3D1%22%7D&a=x&a=y",
        b"/anything?a=1&b=2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22f__yet%3Danother%26form%3D1%22%7D&a=x&a=y",
        b"/anything?a=1&b=2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Dyet__another%26form%3D1%22%7D&a=x&a=y",
        b"/anything?a=1&b=2&c=%7B%22j%22%3A+%22son%22%2C+%22f%22%3A+%22yet%3Danother%26form%3Dform__1%22%7D&a=x&a=y",

        # data
        b"a=a__b&c=d&c=e&e=cat%3Ddog%26j2%3D%257B%2522foo%2522%253A%2522bar%2522%257D&x=f",
        b"a=b&c=c__d&c=e&e=cat%3Ddog%26j2%3D%257B%2522foo%2522%253A%2522bar%2522%257D&x=f",
        b"a=b&c=d&c=c__e&e=cat%3Ddog%26j2%3D%257B%2522foo%2522%253A%2522bar%2522%257D&x=f",
        b"a=b&c=d&c=e&e=e__cat%3Ddog%26j2%3D%257B%2522foo%2522%253A%2522bar%2522%257D&x=f",
        b"a=b&c=d&c=e&e=cat%3Ddog%26j2%3D%257B%2522foo%2522%253A%2522bar%2522%257D&x=x__f",
        b"a=b&c=d&c=e&e=cat%3Dcat__dog%26j2%3D%257B%2522foo%2522%253A%2B%2522bar%2522%257D&x=f",
        b"a=b&c=d&c=e&e=cat%3Ddog%26j2%3Dj2__%257B%2522foo%2522%253A%2B%2522bar%2522%257D&x=f",
        b"a=b&c=d&c=e&e=cat%3Ddog%26j2%3D%257B%2522foo%2522%253A%2B%2522foo__bar%2522%257D&x=f",
    ]

    for atk_fz, correct in zip(mutant.make(fz), expected):
        assert correct in atk_fz.to_bare()
Beispiel #42
0
    def bank_card_to_words(self, picPath):
        access_token = self.__token__(
        ) if orc_baidu_token is None else orc_baidu_token
        url = 'https://aip.baidubce.com/rest/2.0/ocr/v1/bankcard?access_token=' + access_token
        # 二进制方式打开图文件
        f = open(picPath, 'rb')
        # 参数image:图像base64编码
        img = base64.b64encode(f.read())
        params = {"image": img}
        params = parse.urlencode(params).encode("utf-8")
        self.headers["Content-Type"] = 'application/x-www-form-urlencoded'
        request = Request(url, data=params, headers=self.headers)
        response = urlopen(request)
        content = response.read()
        result = ""
        if (content):
            words_result = (eval(bytes.decode(content))["result"])
            result = words_result
        print(result)
        return result


#BaiduApi().person_card_to_words(os.path.abspath("../temp/card.jpg"))
Beispiel #43
0
def msg_ser(inst, sformat, lev=0):
    if sformat in ["urlencoded", "json"]:
        if isinstance(inst, dict):
            if sformat == 'json':
                res = json.dumps(inst)
            else:
                res = urlencode([(k, v) for k, v in inst.items()])
        elif isinstance(inst, Message):
            res = inst.serialize(sformat, lev)
        else:
            res = inst
    elif sformat == "dict":
        if isinstance(inst, Message):
            res = inst.serialize(sformat, lev)
        elif isinstance(inst, dict):
            res = inst
        elif isinstance(inst, six.string_types):  # Iff ID Token
            res = inst
        else:
            raise MessageException("Wrong type: %s" % type(inst))
    else:
        raise OicMsgError("Unknown sformat", inst)

    return res
Beispiel #44
0
def application(environ, start_response):
    session = environ['beaker.session']
    path = environ.get('PATH_INFO', '').lstrip('/')
    if path == "robots.txt":
        return static(environ, start_response, LOGGER, "static/robots.txt")
    elif path.startswith("static/"):
        return static(environ, start_response, LOGGER, path)

    query = parse_qs(environ["QUERY_STRING"])
    acr_values = session._params['acrs']
    clients = session._params['clients']
    server_env = session._params['server_env']

    LOGGER.info(50 * "=")
    LOGGER.info("[{}] path: {}".format(session.id, path))
    LOGGER.info(50 * "=")

    if path == '':
        if 'access_token' not in session:
            return opchoice(environ, start_response, clients)
        else:
            client = clients[session["op"]]
            check_session_iframe_url = None
            try:
                check_session_iframe_url = client.provider_info[
                    "check_session_iframe"]

                session["session_management"] = {
                    "session_state": query["session_state"][0],
                    "client_id": client.client_id,
                    "issuer": client.provider_info["issuer"]
                }
            except KeyError:
                pass

            kwargs = dict(
                [(p, session[p]) for p in ['id_token', 'userinfo', 'user_id'] if
                 p in session])

            return opresult(environ, start_response, **kwargs)


    elif path == "rp":  # After having chosen which OP to authenticate at
        if "uid" in query:
            try:
                client = clients.dynamic_client(userid=query["uid"][0])
            except (ConnectionError, OIDCError) as err:
                return operror(environ, start_response, '{}'.format(err))
        elif 'issuer' in query:
            try:
                client = clients[query["issuer"][0]]
            except KeyError:
                try:
                    client = clients.dynamic_client(issuer=query["issuer"][0])
                except (ConnectionError, OIDCError) as err:
                    return operror(environ, start_response, '{}'.format(err))
        else:
            client = clients[query["op"][0]]

        client.get_userinfo = session._params['userinfo']
        try:
            client.resource_server = session._params['resource_server']
        except KeyError:
            pass

        try:
            session['response_format'] = query["response_format"][0]
        except KeyError:
            session['response_format'] = 'html'

        session["op"] = client.provider_info["issuer"]

        try:
            resp = client.create_authn_request(session, acr_values)
        except Exception:
            raise
        else:
            return resp(environ, start_response)
    elif path.endswith('authz_post'):
        try:
            _iss = session['op']
        except KeyError:
            LOGGER.info(
                '[{}] No active session with {}'.format(session.id,
                                                        environ['REMOTE_ADDR']))
            return opchoice(environ, start_response, clients)
        else:
            client = clients[_iss]

        query = parse_qs(get_post(environ))
        try:
            info = query["fragment"][0]
        except KeyError:
            return sorry_response(environ, start_response, conf.BASE,
                                  "missing fragment ?!")
        if info == ['x']:
            return sorry_response(environ, start_response, conf.BASE,
                                  "Expected fragment didn't get one ?!")

        LOGGER.info('[{}] Fragment part: {}'.format(session.id, info))

        try:
            result = client.callback(info, session, 'urlencoded')
            if isinstance(result, SeeOther):
                return result(environ, start_response)
        except OIDCError as err:
            return operror(environ, start_response, "%s" % err)
        except Exception as err:
            raise
        else:
            session.update(result)
            res = SeeOther(location=server_env['base_url'])
            return res(environ, start_response)
    elif path in clients.return_paths():  # After having authenticated at the OP
        try:
            _iss = session['op']
        except KeyError:
            LOGGER.info(
                '[{}]No active session with {}'.format(session.id,
                                                       environ['REMOTE_ADDR']))
            return opchoice(environ, start_response, clients)

        # mismatch between callback and return_uri
        if _iss != clients.path[path]:
            LOGGER.warning(
                '[{}]issuer mismatch: {} != {}'.format(session.id, _iss,
                                                       clients.path[path]))
            return operror(environ, start_response, "%s" % 'Not allowed')

        client = clients[session["op"]]

        _response_type = client.behaviour["response_type"]
        try:
            _response_mode = client.authz_req[session['state']]['response_mode']
        except KeyError:
            _response_mode = ''

        LOGGER.info(
            "[{}]response_type: {}, response_mode: {}".format(session.id,
                                                              _response_type,
                                                              _response_mode))
        if _response_type and _response_type != "code":
            # Fall through if it's a query response anyway
            if query:
                pass
            elif _response_mode:
                # form_post encoded
                pass
            else:
                return opresult_fragment(environ, start_response)

        LOGGER.info("[{}]Query part: {}".format(session.id, query))

        try:
            result = client.callback(query, session)
            if isinstance(result, SeeOther):
                return result(environ, start_response)
        except OIDCError as err:
            return operror(environ, start_response, "%s" % err)
        except Exception:
            raise
        else:
            session.update(result)
            res = SeeOther(server_env['base_url'])
            return res(environ, start_response)
    elif path == "logout":  # After the user has pressed the logout button
        try:
            _iss = session['op']
        except KeyError:
            LOGGER.info(
                '[{}]No active session with {}'.format(session.id,
                                                       environ['REMOTE_ADDR']))
            return opchoice(environ, start_response, clients)
        client = clients[_iss]
        try:
            del client.authz_req[session['state']]
        except KeyError:
            pass

        logout_url = client.end_session_endpoint
        try:
            # Specify to which URL the OP should return the user after
            # log out. That URL must be registered with the OP at client
            # registration.
            logout_url += "?" + urlencode(
                {"post_logout_redirect_uri": client.registration_response[
                    "post_logout_redirect_uris"][0]})
        except KeyError:
            pass
        else:
            # If there is an ID token send it along as a id_token_hint
            _idtoken = get_id_token(client, session)
            if _idtoken:
                logout_url += "&" + urlencode({
                    "id_token_hint": id_token_as_signed_jwt(client, _idtoken,
                                                            "HS256")})
            # Also append the ACR values
            logout_url += "&" + urlencode({"acr_values": acr_values},
                                          True)

        LOGGER.debug("[{}]Logout URL: {}".format(session.id, logout_url))
        LOGGER.debug("Logging out from session: [{}]".format(session.id))
        session.delete()
        resp = SeeOther(str(logout_url))
        return resp(environ, start_response)
    elif path == "logout_success":  # post_logout_redirect_uri
        return Response("Logout successful!")(environ, start_response)
    elif path == "session_iframe":  # session management
        kwargs = session["session_management"]
        resp = Response(mako_template="rp_session_iframe.mako",
                        template_lookup=LOOKUP)
        return resp(environ, start_response,
                    session_change_url="{}session_change".format(
                        server_env["base_url"]),
                    **kwargs)
    elif path == "session_change":
        try:
            _iss = session['op']
        except KeyError:
            LOGGER.info(
                '[{}]No active session with {}'.format(session.id,
                                                       environ['REMOTE_ADDR']))
            return opchoice(environ, start_response, clients)

        try:
            client = clients[_iss]
        except KeyError:
            return Response("No valid session.")(environ, start_response)

        kwargs = {"prompt": "none"}
        # If there is an ID token send it along as a id_token_hint
        idt = get_id_token(client, session)
        if idt:
            kwargs["id_token_hint"] = id_token_as_signed_jwt(client, idt,
                                                             "HS256")
        resp = client.create_authn_request(session, acr_values, **kwargs)
        return resp(environ, start_response)

    return opchoice(environ, start_response, clients)
Beispiel #45
0
    def _pick_idp(self, query, end_point_index):
        """
        If more than one idp and if none is selected, I have to do wayf or
        disco
        """
        query_dict = {}
        if isinstance(query, six.string_types):
            query_dict = dict(parse_qs(query))
        else:
            for key, value in six.iteritems(query):
                if isinstance(value, list):
                    query_dict[key] = value[0]
                else:
                    query_dict[key] = value
            query = urlencode(query_dict)

        _cli = self.sp
        # Find all IdPs
        idps = self.sp.metadata.with_descriptor("idpsso")

        idp_entity_id = None

        if len(idps) == 1:
            # idps is a dictionary
            idp_entity_id = list(idps.keys())[0]

        if not idp_entity_id and query:
            try:
                _idp_entity_id = query_dict[self.idp_query_param][0]
                if _idp_entity_id in idps:
                    idp_entity_id = _idp_entity_id
            except KeyError:
                logger.debug("No IdP entity ID in query: %s" % query)
                pass

        if not idp_entity_id:
            cookie = self.create_cookie(
                '{"' + self.CONST_QUERY + '": "' + base64.b64encode(query) +
                '" , "' + self.CONST_HASIDP + '": "False" }',
                self.CONST_SAML_COOKIE, self.CONST_SAML_COOKIE)
            if self.sp_conf.WAYF:
                if query:
                    try:
                        wayf_selected = query_dict["wayf_selected"][0]
                    except KeyError:
                        return self._wayf_redirect(cookie)
                    idp_entity_id = wayf_selected
                else:
                    return self._wayf_redirect(cookie)
            elif self.sp_conf.DISCOSRV:
                if query:
                    idp_entity_id = _cli.parse_discovery_service_response(query=query)
                if not idp_entity_id:
                    sid_ = sid()
                    self.cache_outstanding_queries[sid_] = self.verification_endpoint
                    eid = _cli.config.entityid

                    disco_end_point_index = end_point_index["disco_end_point_index"]
                    ret = _cli.config.getattr("endpoints", "sp")[
                        "discovery_response"][disco_end_point_index][0]
                    ret += "?sid=%s" % sid_
                    loc = _cli.create_discovery_service_request(
                        self.sp_conf.DISCOSRV, eid, **{"return": ret})
                    return -1, SeeOther(loc, headers=[cookie])
            elif not len(idps):
                raise ServiceErrorException(
                    'Misconfiguration for the SAML Service Provider!')
            else:
                return -1, NotImplemented("No WAYF or DS present!")
        return 0, idp_entity_id
    def to_urlencoded(self, lev=0):
        """
        Creates a string using the application/x-www-form-urlencoded format

        :return: A string of the application/x-www-form-urlencoded format
        """

        _spec = self.c_param
        if not self.lax:
            for attribute, (_, req, _ser, _, na) in _spec.items():
                if req and attribute not in self._dict:
                    raise MissingRequiredAttribute("%s" % attribute,
                                                   "%s" % self)

        params = []

        for key, val in self._dict.items():
            try:
                (_, req, _ser, _, null_allowed) = _spec[key]
            except KeyError:  # extra attribute
                try:
                    _key, lang = key.split("#")
                    (_, req, _ser, _deser, null_allowed) = _spec[_key]
                except (ValueError, KeyError):
                    try:
                        (_, req, _ser, _, null_allowed) = _spec['*']
                    except KeyError:
                        _ser = None
                        null_allowed = False

            if val is None and null_allowed is False:
                continue
            elif isinstance(val, six.string_types):
                # Should I allow parameters with "" as value ???
                params.append((key, val.encode("utf-8")))
            elif isinstance(val, list):
                if _ser:
                    params.append((key, str(_ser(val, sformat="urlencoded",
                                                 lev=lev))))
                else:
                    for item in val:
                        params.append((key, str(item).encode('utf-8')))
            elif isinstance(val, Message):
                try:
                    _val = json.dumps(_ser(val, sformat="dict", lev=lev + 1))
                    params.append((key, _val))
                except TypeError:
                    params.append((key, val))
            elif val is None:
                params.append((key, val))
            else:
                try:
                    params.append((key, _ser(val, lev=lev)))
                except Exception:
                    params.append((key, str(val)))

        try:
            return urlencode(params)
        except UnicodeEncodeError:
            _val = []
            for k, v in params:
                try:
                    _val.append((k, v.encode("utf-8")))
                except TypeError:
                    _val.append((k, v))
            return urlencode(_val)
Beispiel #47
0
    def authorization_endpoint(self, request="", cookie=None, **kwargs):
        if isinstance(request, dict):
            _req = request
        else:
            _req = {}
            for key, val in parse_qs(request).items():
                if len(val) == 1:
                    _req[key] = val[0]
                else:
                    _req[key] = val

        # self.events.store(EV_REQUEST, _req)

        try:
            _scope = _req["scope"]
        except KeyError:
            return error_response(
                error="incorrect_behavior",
                descr="No scope parameter"
            )
        else:
            # verify that openid is among the scopes
            _scopes = _scope.split(" ")
            if "openid" not in _scopes:
                return error_response(
                    error="incorrect_behavior",
                    descr="Scope does not contain 'openid'"
                )

        client_id = _req["client_id"]

        try:
            f = response_type_cmp(self.capabilities['response_types_supported'],
                                  _req['response_type'])
        except KeyError:
            pass
        else:
            if f is False:
                self.events.store(
                    EV_FAULT,
                    'Wrong response type: {}'.format(_req['response_type']))
                return error_response(error="incorrect_behavior",
                                      descr="Not supported response_type")

        _rtypes = _req['response_type'].split(' ')

        if 'id_token' in _rtypes:
            try:
                self._update_client_keys(client_id)
            except TestError:
                return error_response(error="incorrect_behavior",
                                      descr="No change in client keys")

        if isinstance(request, dict):
            request = urlencode(request)

        if "max_age" in _req and _req["max_age"] == "0" and "prompt" in _req and _req["prompt"] == "none":
            aresp = {
                "error": "login_required",
            }
            if "state" in _req:
                aresp['state'] = _req["state"]

            return self.response_mode(_req, False,
                                      aresp=aresp,
                                      redirect_uri=_req['redirect_uri'],
                                      headers={})
        else:
            _response = provider.Provider.authorization_endpoint(self, request,
                                                                 cookie,
                                                                 **kwargs)

        if "rotenc" in self.behavior_type:  # Rollover encryption keys
            rsa_key = RSAKey(kid="rotated_rsa_{}".format(time.time()),
                             use="enc").load_key(RSA.generate(2048))
            ec_key = ECKey(kid="rotated_ec_{}".format(time.time()),
                           use="enc").load_key(P256)

            keys = [rsa_key.serialize(private=True),
                    ec_key.serialize(private=True)]
            new_keys = {"keys": keys}
            self.events.store("New encryption keys", new_keys)
            self.do_key_rollover(new_keys, "%d")
            self.events.store("Rotated encryption keys", '')
            logger.info(
                'Rotated OP enc keys, new set: {}'.format(
                    key_summary(self.keyjar, '')))

        # This is just for logging purposes
        try:
            _resp = self.server.http_request(_req["request_uri"])
        except KeyError:
            pass
        except requests.ConnectionError as err:
            self.events.store(EV_EXCEPTION, err)
            err = unwrap_exception(err)
            return error_response(error="server_error", descr=err)
        else:
            if _resp.status_code == 200:
                self.events.store(EV_REQUEST,
                                  "Request from request_uri: {}".format(
                                      _resp.text))

        return _response
Beispiel #48
0
def redirect_uris_with_query_component(oper, kwargs):
    ru = oper.conv.get_redirect_uris()[0]
    ru += "?%s" % urlencode(kwargs)
    oper.req_args["redirect_uris"] = ru
Beispiel #49
0
def redirect_uri_with_query_component(oper, args):
    ru = oper.conv.get_redirect_uris()[0]
    ru += "?%s" % urlencode(args)
    oper.req_args.update({"redirect_uri": ru})
Beispiel #50
0
def application(environ, start_response):
    session = Session(environ['beaker.session'])

    path = environ.get('PATH_INFO', '').lstrip('/')
    if path == "robots.txt":
        return static(environ, start_response, LOGGER, "static/robots.txt")

    if path.startswith("static/"):
        return static(environ, start_response, LOGGER, path)

    query = parse_qs(environ["QUERY_STRING"])

    if path == "logout":
        try:
            logoutUrl = session['client'].end_session_endpoint
            plru = "{}post_logout".format(SERVER_ENV["base_url"])
            logoutUrl += "?" + urlencode({"post_logout_redirect_uri": plru})
            try:
                logoutUrl += "&" + urlencode({
                    "id_token_hint": id_token_as_signed_jwt(
                        session['client'], "HS256")})
            except AttributeError as err:
                pass
            session.clear()
            resp = SeeOther(str(logoutUrl))
            return resp(environ, start_response)
        except Exception as err:
            pass

    if path == "post_logout":
        return post_logout(environ, start_response)

    if session['callback']:
        _uri = "%s%s" % (conf.BASE, path)
        for _cli in SERVER_ENV["OIC_CLIENT"].values():
            if _uri in _cli.redirect_uris:
                session['callback'] = False
                func = getattr(RP, "callback")
                return func(environ, SERVER_ENV, start_response, query, session)

    if path == "rpAcr":
        return choose_acr_value(environ, start_response, session)

    if path == "rpAuth":
    # Only called if multiple arc_values (that is authentications) exists.
        if "acr" in query and query["acr"][0] in session['acr_values']:
            func = getattr(RP, "create_authnrequest")
            return func(environ, SERVER_ENV, start_response, session,
                        query["acr"][0])

    if session["client"] is not None:
        session['callback'] = True
        func = getattr(RP, "begin")
        return func(environ, SERVER_ENV, start_response, session, "")

    if path == "rp":
        if "uid" in query:
            try:
                link = RP.find_srv_discovery_url(resource=query["uid"][0])
            except requests.ConnectionError:
                resp = ServiceError("Webfinger lookup failed, connection error")
                return resp(environ, start_response)

            RP.srv_discovery_url = link
            md5 = hashlib.md5()
            md5.update(link.encode("utf-8"))
            opkey = base64.b16encode(md5.digest()).decode("utf-8")
            session['callback'] = True
            func = getattr(RP, "begin")
            return func(environ, SERVER_ENV, start_response, session, opkey)

    return opbyuid(environ, start_response)
Beispiel #51
0
        def _pick_idp(self, query, end_point_index):
            """
            If more than one idp and if none is selected, I have to do wayf or
            disco
            """
            query_dict = {}
            if isinstance(query, six.string_types):
                query_dict = dict(parse_qs(query))
            else:
                for key, value in six.iteritems(query):
                    if isinstance(value, list):
                        query_dict[key] = value[0]
                    else:
                        query_dict[key] = value
                query = urlencode(query_dict)

            _cli = self.sp
            # Find all IdPs
            idps = self.sp.metadata.with_descriptor("idpsso")

            idp_entity_id = None

            if len(idps) == 1:
                # idps is a dictionary
                idp_entity_id = list(idps.keys())[0]

            if not idp_entity_id and query:
                try:
                    _idp_entity_id = query_dict[self.idp_query_param][0]
                    if _idp_entity_id in idps:
                        idp_entity_id = _idp_entity_id
                except KeyError:
                    logger.debug("No IdP entity ID in query: %s" % query)
                    pass

            if not idp_entity_id:
                cookie = self.create_cookie(
                    '{"' + self.CONST_QUERY + '": "' + base64.b64encode(query) +
                    '" , "' + self.CONST_HASIDP + '": "False" }',
                    self.CONST_SAML_COOKIE, self.CONST_SAML_COOKIE)
                if self.sp_conf.WAYF:
                    if query:
                        try:
                            wayf_selected = query_dict["wayf_selected"][0]
                        except KeyError:
                            return self._wayf_redirect(cookie)
                        idp_entity_id = wayf_selected
                    else:
                        return self._wayf_redirect(cookie)
                elif self.sp_conf.DISCOSRV:
                    if query:
                        idp_entity_id = _cli.parse_discovery_service_response(query=query)
                    if not idp_entity_id:
                        sid_ = sid()
                        self.cache_outstanding_queries[sid_] = self.verification_endpoint
                        eid = _cli.config.entityid

                        disco_end_point_index = end_point_index["disco_end_point_index"]
                        ret = _cli.config.getattr("endpoints", "sp")[
                            "discovery_response"][disco_end_point_index][0]
                        ret += "?sid=%s" % sid_
                        loc = _cli.create_discovery_service_request(
                            self.sp_conf.DISCOSRV, eid, **{"return": ret})
                        return -1, SeeOther(loc, headers=[cookie])
                elif not len(idps):
                    raise ServiceErrorException(
                        'Misconfiguration for the SAML Service Provider!')
                else:
                    return -1, NotImplemented("No WAYF or DS present!")
            return 0, idp_entity_id
Beispiel #52
0
    def application(self, environ, start_response):
        b_session = environ['beaker.session']

        jlog = JLog(LOGGER, b_session.id)

        path = environ.get('PATH_INFO', '').lstrip('/')
        try:
            jlog.info({'cookie': environ['HTTP_COOKIE'].split(';'),
                       'path': path})
        except KeyError:
            jlog.info({'path': path})

        if path == "robots.txt":
            return static(environ, start_response, LOGGER, "static/robots.txt")
        elif path.startswith("static/"):
            return static(environ, start_response, LOGGER, path)
        elif '/static/' in path:
            pre, post = path.split('static')
            return static(environ, start_response, LOGGER, 'static' + post)

        query = parse_qs(environ["QUERY_STRING"])

        try:
            session = b_session['session_info']
        except KeyError:
            session = self.find_session(**query)
            if session:
                b_session['session_info'] = session
            else:
                session = {}
                b_session['session_info'] = session
                self.session[b_session.id] = session

        if path == '':
            if 'access_token' not in session:
                return opchoice(environ, start_response, self.clients)
            else:
                client = self.clients[session["op"]]
                # check_session_iframe_url = None
                try:
                    # check_session_iframe_url = client.provider_info[
                    #     "check_session_iframe"]

                    session["session_management"] = {
                        "session_state": query["session_state"][0],
                        "client_id": client.client_id,
                        "issuer": client.provider_info["issuer"]
                    }
                except KeyError:
                    pass

                kwargs = dict(
                    [(p, session[p]) for p in
                     ['id_token', 'userinfo', 'user_id'] if
                     p in session])

                return opresult(environ, start_response, **kwargs)
        elif path == "rp":  # After having chosen which OP to authenticate at
            if "uid" in query:
                try:
                    client = self.clients.dynamic_client(userid=query["uid"][0])
                except (ConnectionError, OIDCError) as err:
                    return operror(environ, start_response, '{}'.format(err))
            elif 'issuer' in query:
                try:
                    client = self.clients[query["issuer"][0]]
                except (ConnectionError, OIDCError) as err:
                    return operror(environ, start_response, '{}'.format(err))
            else:
                client = self.clients[query["op"][0]]

            return self.init_client(client, session, query, environ,
                                    start_response)
        elif path.endswith('authz_post'):
            try:
                _iss = session['op']
            except KeyError:
                jlog.error({'reason': 'No active session',
                            'remote_addr': environ['REMOTE_ADDR']})

                return opchoice(environ, start_response, self.clients)
            else:
                client = self.clients[_iss]

            query = parse_qs(get_post(environ))
            try:
                info = query["fragment"][0]
            except KeyError:
                return sorry_response(environ, start_response, self.base,
                                      "missing fragment ?!")
            if info == ['x']:
                return sorry_response(environ, start_response, self.base,
                                      "Expected fragment didn't get one ?!")

            jlog.info({'fragment': info})

            try:
                result = client.callback(info, session, 'urlencoded')
                if isinstance(result, SeeOther):
                    return result(environ, start_response)
            except OIDCError as err:
                return operror(environ, start_response, "%s" % err)
            except Exception as err:
                raise
            else:
                session.update(result)
                res = SeeOther(self.conf['base_url'])
                return res(environ, start_response)
        elif path in self.clients.return_paths():  # After having
            # authenticated at the OP
            jlog.info({'query': query})

            _client = None
            for cli in self.clients.client.values():
                if query['state'][0] in cli.authz_req:
                    _client = cli
                    break

            if not _client:
                jlog.error({
                    'reason': 'No active session',
                    'remote_addr': environ['REMOTE_ADDR'],
                    'state': query['state'][0]
                })
                return opchoice(environ, start_response, self.clients)

            if 'error' in query:  # something amiss
                if query['error'][0] == 'access_denied':  # Try reregistering
                    _iss = _client.provider_info['issuer']
                    del self.clients[_iss]
                    try:
                        client = self.clients[_iss]
                    except (ConnectionError, OIDCError) as err:
                        return operror(environ, start_response,
                                       '{}'.format(err))
                    return self.init_client(client, session, query, environ,
                                            start_response)

            try:
                _iss = query['iss'][0]
            except KeyError:
                pass
            else:
                if _iss != _client.provider_info['issuer']:
                    jlog.error({'reason': 'Got response from wrong OP'})
                    return opchoice(environ, start_response, self.clients)

            _response_type = _client.behaviour["response_type"]
            try:
                _response_mode = _client.authz_req[session['state']][
                    'response_mode']
            except KeyError:
                _response_mode = ''

            jlog.info({
                "response_type": _response_type,
                "response_mode": _response_mode})

            if _response_type and _response_type != "code":
                # Fall through if it's a query response anyway
                if query:
                    pass
                elif _response_mode:
                    # form_post encoded
                    pass
                else:
                    return opresult_fragment(environ, start_response)

            try:
                result = _client.callback(query, session)
                if isinstance(result, SeeOther):
                    return result(environ, start_response)
            except OIDCError as err:
                return operror(environ, start_response, "%s" % err)
            except Exception:
                raise
            else:
                session.update(result)
                res = SeeOther(self.conf['base_url'])
                return res(environ, start_response)
        elif path == "logout":  # After the user has pressed the logout button
            try:
                _iss = session['op']
            except KeyError:
                jlog.error(
                    {'reason': 'No active session',
                     'remote_addr': environ['REMOTE_ADDR']})
                return opchoice(environ, start_response, self.clients)
            client = self.clients[_iss]
            try:
                del client.authz_req[session['state']]
            except KeyError:
                pass

            logout_url = client.end_session_endpoint
            try:
                # Specify to which URL the OP should return the user after
                # log out. That URL must be registered with the OP at client
                # registration.
                logout_url += "?" + urlencode(
                    {"post_logout_redirect_uri": client.registration_response[
                        "post_logout_redirect_uris"][0]})
            except KeyError:
                pass
            else:
                # If there is an ID token send it along as a id_token_hint
                _idtoken = get_id_token(client, session)
                if _idtoken:
                    logout_url += "&" + urlencode({
                        "id_token_hint": id_token_as_signed_jwt(client,
                                                                _idtoken,
                                                                "HS256")})
                # Also append the ACR values
                logout_url += "&" + urlencode({"acr_values": self.acr_values},
                                              True)

            session.delete()
            resp = SeeOther(str(logout_url))
            return resp(environ, start_response)
        elif path == "logout_success":  # post_logout_redirect_uri
            return Response("Logout successful!")(environ, start_response)
        elif path == "session_iframe":  # session management
            kwargs = session["session_management"]
            resp = Response(mako_template="rp_session_iframe.mako",
                            template_lookup=LOOKUP)
            return resp(environ, start_response,
                        session_change_url="{}session_change".format(
                            self.conf["base_url"]),
                        **kwargs)
        elif path == "session_change":
            try:
                _iss = session['op']
            except KeyError:
                jlog.error({
                    'reason': 'No active session',
                    'remote_addr': environ['REMOTE_ADDR']})
                return opchoice(environ, start_response, self.clients)

            try:
                client = self.clients[_iss]
            except KeyError:
                return Response("No valid session.")(environ, start_response)

            kwargs = {"prompt": "none"}
            # If there is an ID token send it along as a id_token_hint
            idt = get_id_token(client, session)
            if idt:
                kwargs["id_token_hint"] = id_token_as_signed_jwt(client, idt,
                                                                 "HS256")
            resp = client.create_authn_request(session, self.acr_values,
                                               **kwargs)
            return resp(environ, start_response)

        return opchoice(environ, start_response, self.clients)