Beispiel #1
0
    def test_unpack_aggregated_response_missing_keys(self):
        claims = {
            "address": {
                "street_address": "1234 Hollywood Blvd.",
                "locality": "Los Angeles",
                "region": "CA",
                "postal_code": "90210",
                "country": "US"
            },
            "phone_number": "+1 (555) 123-4567"
        }

        _keyjar = build_keyjar(KEYSPEC)

        srv = JWT(_keyjar, iss=ISS, sign_alg='ES256')
        _jwt = srv.pack(payload=claims)

        resp = OpenIDSchema(sub='diana', given_name='Diana',
                            family_name='krall',
                            _claim_names={
                                'address': 'src1',
                                'phone_number': 'src1'
                            },
                            _claim_sources={'src1': {'JWT': _jwt}})

        _resp = self.service.parse_response(resp.to_json(), state='abcde')
        assert _resp
Beispiel #2
0
 def test_unpack_signed_response(self):
     resp = OpenIDSchema(sub='diana', given_name='Diana',
                         family_name='krall', iss=ISS)
     sk = ISS_KEY.get_signing_key('rsa', owner=ISS)
     alg = self.service.service_context.get_sign_alg('userinfo')
     _resp = self.service.parse_response(resp.to_jwt(sk, algorithm=alg),
                                         state='abcde', sformat='jwt')
     assert _resp
Beispiel #3
0
    def test_finalize(self):
        auth_query = self.rph.begin(issuer_id='github')
        #  The authorization query is sent and after successful authentication
        client = self.rph.get_client_from_session_key(
            state=auth_query['state'])
        # register a response
        p = urlparse(
            CLIENT_CONFIG['github']['provider_info']['authorization_endpoint'])
        self.mock_op.register_get_response(p.path, 'Redirect', 302)

        _ = client.http(auth_query['url'])

        #  the user is redirected back to the RP with a positive response
        auth_response = AuthorizationResponse(code='access_code',
                                              state=auth_query['state'])

        # need session information and the client instance
        _session = self.rph.get_session_information(auth_response['state'])
        client = self.rph.get_client_from_session_key(
            state=auth_response['state'])

        # Faking
        resp = construct_access_token_response(
            _session['auth_request']['nonce'],
            issuer=self.issuer,
            client_id=CLIENT_CONFIG['github']['client_id'],
            key_jar=GITHUB_KEY)

        p = urlparse(
            CLIENT_CONFIG['github']['provider_info']['token_endpoint'])
        self.mock_op.register_post_response(
            p.path, resp.to_json(), 200, {'content-type': "application/json"})

        _info = OpenIDSchema(sub='EndUserSubject',
                             given_name='Diana',
                             family_name='Krall',
                             occupation='Jazz pianist')
        p = urlparse(
            CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint'])
        self.mock_op.register_get_response(
            p.path, _info.to_json(), 200, {'content-type': "application/json"})

        _github_id = iss_id('github')
        client.service_context.keyjar.import_jwks(
            GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

        # do the rest (= get access token and user info)
        # assume code flow
        resp = self.rph.finalize(_session['iss'], auth_response.to_dict())

        assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'}
Beispiel #4
0
    def test_fetch_distributed_claims_3(self, httpserver):
        _url = "https://example.com/claims.json"

        uinfo = OpenIDSchema(
            **{
                "sub": 'jane_doe',
                "name": "Jane Doe",
                "given_name": "Jane",
                "family_name": "Doe",
                "email": "*****@*****.**",
                "birthdate": "0000-03-22",
                "eye_color": "blue",
                "_claim_names": {
                    "credit_score": "src2"
                },
                "_claim_sources": {
                    "src2": {
                        "endpoint": _url,
                    }
                }
            })

        _claims = {"credit_score": 650}

        with responses.RequestsMock() as rsps:
            rsps.add("GET",
                     _url,
                     body=json.dumps(_claims),
                     adding_headers={"Content-Type": "application/json"},
                     status=200)

            res = self.client.fetch_distributed_claims(
                uinfo, callback=access_token_callback)

        assert 'credit_score' in res
Beispiel #5
0
    def test_fetch_distributed_claims_3(self, httpserver):
        _url = httpserver.url

        uinfo = OpenIDSchema(
            **{
                "sub": 'jane_doe',
                "name": "Jane Doe",
                "given_name": "Jane",
                "family_name": "Doe",
                "email": "*****@*****.**",
                "birthdate": "0000-03-22",
                "eye_color": "blue",
                "_claim_names": {
                    "credit_score": "src2"
                },
                "_claim_sources": {
                    "src2": {
                        "endpoint": _url,
                    }
                }
            })

        httpserver.serve_content(json.dumps({"credit_score": 650}))

        res = self.client.fetch_distributed_claims(
            uinfo, callback=access_token_callback)

        assert 'credit_score' in res
Beispiel #6
0
    def test_unpack_encrypted_response(self):
        # Add encryption key
        _kj = build_keyjar([{"type": "RSA", "use": ["enc"]}], owner='')
        # Own key jar gets the private key
        self.service.service_context.keyjar.import_jwks(
            _kj.export_jwks(private=True), issuer='client_id')
        # opponent gets the public key
        ISS_KEY.import_jwks(_kj.export_jwks(), issuer='client_id')

        resp = OpenIDSchema(sub='diana', given_name='Diana',
                            family_name='krall', iss=ISS, aud='client_id')
        enckey = ISS_KEY.get_encrypt_key('rsa', owner='client_id')
        algspec = self.service.service_context.get_enc_alg_enc(
            self.service.service_name)

        enc_resp = resp.to_jwe(enckey, **algspec)
        _resp = self.service.parse_response(enc_resp, state='abcde',
                                            sformat='jwt')
        assert _resp
Beispiel #7
0
    def __call__(self, url, method="GET", data=None, headers=None, **kwargs):
        if method == 'GET':
            p = urlparse(url)
            if p.path.endswith('authorize'):
                qp = parse_qs(p.query)
                self.state = qp['state'][0]
                self.nonce = qp['nonce'][0]
                r = MockResponse(302, 'Redirect')
                r.location = qp['redirect_uri'][0]
                return r
            elif p.path.endswith('user'):
                qp = parse_qs(p.query)
                if qp['access_token'][0] == 'accessTok':
                    # what else could it be?
                    _info = OpenIDSchema(sub='EndUserSubject',
                                         given_name='Diana',
                                         family_name='Krall',
                                         occupation='Jazz pianist')
                    return MockResponse(
                        200,
                        _info.to_json(),
                        headers={'content-type': "application/json"})
                else:
                    return MockResponse(400, 'Illegal request')
            else:
                r = MockResponse(200, 'Some text')
                return r
        elif method == 'POST':
            p = urlparse(url)
            if p.path.endswith('access_token'):
                # Content type expected to be urlencoded
                query = parse_qs(data)
                resp = self.construct_access_token_response(
                    query['client_id'][0])

                r = MockResponse(200,
                                 resp.to_json(),
                                 headers={'content-type': "application/json"})
                return r
Beispiel #8
0
    def test_fetch_distributed_claims_1(self):
        _url = "https://example.com/claims.json"
        # split the example in 5.6.2.2 into two
        uinfo = OpenIDSchema(
            **{
                "sub": 'jane_doe',
                "name": "Jane Doe",
                "given_name": "Jane",
                "family_name": "Doe",
                "email": "*****@*****.**",
                "birthdate": "0000-03-22",
                "eye_color": "blue",
                "_claim_names": {
                    "payment_info": "src1",
                    "shipping_address": "src1",
                },
                "_claim_sources": {
                    "src1": {
                        "endpoint": _url
                    }
                }
            })

        # Wrong set of claims. Actually extra claim
        _info = {
            "shipping_address": {
                "street_address": "1234 Hollywood Blvd.",
                "locality": "Los Angeles",
                "region": "CA",
                "postal_code": "90210",
                "country": "US"
            },
            "payment_info": "Some_Card 1234 5678 9012 3456",
            "phone_number": "+1 (310) 123-4567"
        }

        with responses.RequestsMock() as rsps:
            rsps.add("GET",
                     _url,
                     body=json.dumps(_info),
                     adding_headers={"Content-Type": "application/json"},
                     status=200)

            res = self.client.fetch_distributed_claims(uinfo)

        assert 'payment_info' in res
        assert 'shipping_address' in res
        assert 'phone_number' not in res
Beispiel #9
0
    def test_fetch_distributed_claims_1(self, httpserver):
        _url = httpserver.url

        # split the example in 5.6.2.2 into two
        uinfo = OpenIDSchema(
            **{
                "sub": 'jane_doe',
                "name": "Jane Doe",
                "given_name": "Jane",
                "family_name": "Doe",
                "email": "*****@*****.**",
                "birthdate": "0000-03-22",
                "eye_color": "blue",
                "_claim_names": {
                    "payment_info": "src1",
                    "shipping_address": "src1",
                },
                "_claim_sources": {
                    "src1": {
                        "endpoint": _url
                    }
                }
            })

        # Wrong set of claims. Actually extra claim
        httpserver.serve_content(
            json.dumps({
                "shipping_address": {
                    "street_address": "1234 Hollywood Blvd.",
                    "locality": "Los Angeles",
                    "region": "CA",
                    "postal_code": "90210",
                    "country": "US"
                },
                "payment_info": "Some_Card 1234 5678 9012 3456",
                "phone_number": "+1 (310) 123-4567"
            }))

        res = self.client.fetch_distributed_claims(uinfo)

        assert 'payment_info' in res
        assert 'shipping_address' in res
        assert 'phone_number' not in res
Beispiel #10
0
 def test_unpack_simple_response(self):
     resp = OpenIDSchema(sub='diana', given_name='Diana',
                         family_name='krall')
     _resp = self.service.parse_response(resp.to_json(),
                                         state='abcde')
     assert _resp