def test_init(self): provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client) assert provider provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, urlmap={"client1": ["https://example.com/authz"]}) assert provider.urlmap["client1"] == ["https://example.com/authz"]
def test_provider_init(): provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client) assert provider provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, urlmap={"client1": ["https://example.com/authz"]}) assert provider.urlmap["client1"] == ["https://example.com/authz"]
def test_provider_authenticated_token(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization", "token") QUERY_STRING = location.split("?")[1] resp = provider.authorization_endpoint(QUERY_STRING) print resp.headers print resp.message txt = resp.message assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_complete_authz_pyoidc_cookie_exists(self, session_db_factory): provider = Provider( "pyoicserver", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, baseurl="https://example.com/as", ) areq = { "client_id": "client1", "response_type": ["code"], "redirect_uri": "http://localhost:8087/authz", } sid = provider.sdb.access_token.key(user="******", areq=areq) access_code = provider.sdb.access_token(sid=sid) provider.sdb[sid] = { "oauth_state": "authz", "sub": "sub", "client_id": "client1", "code": access_code, "redirect_uri": "http://localhost:8087/authz", } cookie = "pyoidc_sso=test::test" response, header, redirect, fragment = provider._complete_authz( "sub", areq, sid, cookie=cookie) assert len(header) == 0 assert not fragment assert redirect == "http://localhost:8087/authz" assert "code" in response
def test_complete_authz_pyoidc_cookie_exists(self, session_db_factory): provider = Provider("pyoicserver", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, baseurl='https://example.com/as') areq = { 'client_id': 'client1', 'response_type': ['code'], 'redirect_uri': 'http://localhost:8087/authz' } sid = provider.sdb.access_token.key(user='******', areq=areq) access_code = provider.sdb.access_token(sid=sid) provider.sdb[sid] = { 'oauth_state': 'authz', 'sub': 'sub', 'client_id': 'client1', 'code': access_code, 'redirect_uri': 'http://localhost:8087/authz' } cookie = 'pyoidc_sso=test::test' response, header, redirect, fragment = provider._complete_authz( 'sub', areq, sid, cookie=cookie) assert len(header) == 0 assert not fragment assert redirect == 'http://localhost:8087/authz' assert 'code' in response
def create_provider(self, session_db_factory): self.provider = Provider("pyoicserv", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, baseurl='https://example.com/as')
def create_provider(self): self.provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, baseurl='https://example.com/as')
def test_init(self, session_db_factory): provider = Provider( "pyoicserv", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, ) assert provider provider = Provider( "pyoicserv", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, urlmap={"client1": ["https://example.com/authz"]}, ) assert provider.urlmap["client1"] == ["https://example.com/authz"]
def test_provider_authorization_endpoint(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client) bib = { "scope": ["openid"], "state": "id-6da9ca0cc23959f5f33e8becd9b08cae", "redirect_uri": "http://localhost:8087authz", "response_type": ["code"], "client_id": "a1b2c3" } arq = AuthorizationRequest(**bib) QUERY_STRING = arq.to_urlencoded() resp = provider.authorization_endpoint(request=QUERY_STRING) assert isinstance(resp, Response)
def test_init_capabilities(self, session_db_factory): provider = Provider( "pyoicserv", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, capabilities={ "grant_types_supported": ["authorization_code"], "version": "1.0", "response_types_supported": ["code", "token"], }, ) assert provider assert provider.capabilities["version"] == "1.0" assert provider.capabilities["grant_types_supported"] == [ "authorization_code" ]
def test_token_endpoint(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", ) print areq.to_dict() resp = provider.token_endpoint(request=areq.to_urlencoded()) print resp.message atr = AccessTokenResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type', 'refresh_token'])
def test_provider_authenticated(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") query_string = location.split("?")[1] resp = provider.authorization_endpoint(query_string) assert resp.status == "302 Found" print resp.headers print resp.message if content_type(resp.headers) == "json": resp = resp.message else: resp = resp.message.split("?")[1] aresp = cons.handle_authorization_response(query=resp) print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['state', 'code']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), [ 'tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time' ])
except KeyError: pass # Initiate the authentication broker. This is the service that # chooses which authentication method that is to be used. broker = authn_setup(config) # dealing with authorization, this is just everything goes. authz = Implicit() # Initiate the OAuth2 provider instance OAS = Provider(config.issuer, SessionDB(), cdb, broker, authz, client_authn=verify_client, symkey=config.SYM_KEY) # set some parameters try: OAS.cookie_ttl = config.COOKIETTL except AttributeError: pass try: OAS.cookie_name = config.COOKIENAME except AttributeError: pass
def create_provider(self): self.provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client)