def test_init(self): provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client) assert provider provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, urlmap={"client1": ["https://example.com/authz"]}) assert provider.urlmap["client1"] == ["https://example.com/authz"]
def test_provider_init(): provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client) assert provider provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, urlmap={"client1": ["https://example.com/authz"]}) assert provider.urlmap["client1"] == ["https://example.com/authz"]
def test_provider_authenticated_token(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization", "token") QUERY_STRING = location.split("?")[1] resp = provider.authorization_endpoint(QUERY_STRING) print resp.headers print resp.message txt = resp.message assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_client_registration_2(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader}) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_name#ja-Jpan-JP" in _resp.keys() assert "client_name" in _resp.keys()
def test_client_registration_uri_error(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", "logo_uri": "https://client.example.org/logo.png", "jwks_uri": "https://client.example.org/my_public_keys.jwks" } provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/") request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientRegistrationError().from_json(resp.message) assert "error" in _resp assert _resp["error"] == "invalid_client_metadata"
def test_client_registration_delete(): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader }) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), environ={}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) resp = provider.client_info_endpoint( "", environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, method="DELETE", query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, NoContent) # A read should fail resp = provider.client_info_endpoint( "", environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, Unauthorized)
def create_provider(self): self.provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, baseurl='https://example.com/as')
def test_client_registration_update(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader}) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), environ={}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_name#ja-Jpan-JP" in _resp.keys() assert "client_name" in _resp.keys() update = { "client_id": _resp["client_id"], "client_secret": _resp["client_secret"], "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/alt"], "scope": "read write dolphin", "grant_types": ["authorization_code", "refresh_token"], "token_endpoint_auth_method": "client_secret_basic", "jwks_uri": "https://client.example.org/my_public_keys.jwks", "client_name": "My New Example", "client_name#fr": "Mon Nouvel Exemple", } update_req = RegistrationRequest(**update) resp = provider.client_info_endpoint( update_req.to_json(), environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, method="PUT", query="client_id=%s" % _resp["client_id"]) _resp_up = ClientInfoResponse().from_json(resp.message) print _resp_up
def test_provider_init(): provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as") assert provider
def test_pkce_verify_512(): _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client) assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
def create_provider(self): authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) self.provider = Provider("pyoicserv", sdb.SessionDB( TestProvider.SERVER_INFO["issuer"]), TestProvider.CDB, authn_broker, Implicit(), verify_client, client_info_url="https://example.com/as", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader})
def test_client_registration(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/") request = RegistrationRequest(client_name="myself", redirect_uris=["https://example.com/rp"]) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_id" in _resp
def test_provider_authorization_endpoint(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client) bib = { "scope": ["openid"], "state": "id-6da9ca0cc23959f5f33e8becd9b08cae", "redirect_uri": "http://localhost:8087authz", "response_type": ["code"], "client_id": "a1b2c3" } arq = AuthorizationRequest(**bib) QUERY_STRING = arq.to_urlencoded() resp = provider.authorization_endpoint(request=QUERY_STRING) assert isinstance(resp, Response)
def test_token_endpoint(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", ) print areq.to_dict() resp = provider.token_endpoint(request=areq.to_urlencoded()) print resp.message atr = AccessTokenResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type', 'refresh_token'])
def test_provider_authenticated(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") query_string = location.split("?")[1] resp = provider.authorization_endpoint(query_string) assert resp.status == "302 Found" print resp.headers print resp.message if content_type(resp.headers) == "json": resp = resp.message else: resp = resp.message.split("?")[1] aresp = cons.handle_authorization_response(query=resp) print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['state', 'code']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), [ 'tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time' ])
def create_provider(self): self.provider = Provider("pyoicserv", sdb.SessionDB(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client)