def test_get_tokens_raises_error_if_response_has_error(mock_send):
c = Client(config_location)
mock_send.return_value.status = "error"
mock_send.return_value.data.error = "MockError"
mock_send.return_value.data.error_description = "No Tokens in Mock"
with assert_raises(RuntimeError):
c.get_tokens_by_code("code", "state")
def test_get_tokens_raises_error_if_response_has_error(mock_send):
c = Client(config_location)
mock_send.return_value.status = "error"
mock_send.return_value.data.error = "MockError"
mock_send.return_value.data.error_description = "No Tokens in Mock"
with assert_raises(RuntimeError):
c.get_tokens_by_code("code", "state")
def oxd_login_callback():
"""Callback for OXD authorization_callback.
"""
config = current_app.config["OXD_CLIENT_CONFIG_FILE"]
oxc = Client(config)
code = request.args.get('code')
state = request.args.get('state')
try:
# these following API calls may raise RuntimeError caused by internal
# error in oxd server.
tokens = oxc.get_tokens_by_code(code, state)
resp = oxc.get_user_info(tokens["access_token"])
# ``user_name`` item is in ``user_name`` scope, hence
# accessing this attribute may raise KeyError
username = resp["user_name"][0]
# ``role`` item is in ``permission`` scope, hence
# accessing this attribute may raise KeyError
role = ''
if 'role' in resp:
role = resp["role"][0].strip("[]")
# disallow role other than ``cluster_manager``
if username == 'admin' or role == "cluster_manager":
user = User(username, "")
login_user(user)
return redirect(url_for("index.home"))
else:
flash("Invalid user's role.", "warning")
except KeyError as exc:
print exc # TODO: use logging
if exc.message == "user_name":
msg = "user_name scope is not enabled in OIDC client"
elif exc.message == "role":
msg = "permission scope is not enabled in OIDC client " \
"or missing role attribute in user's info"
flash(msg, "warning")
except OxdServerError as exc:
print exc # TODO: use logging
flash("Failed to process the request due to error in OXD server.",
"warning")
except socket.error as exc:
print exc # TODO: use logging
flash("Unable to connect to OXD server.", "warning")
logout_user()
logout_resp = make_response(render_template("invalid_login.html"))
logout_resp.set_cookie('sub', 'null', expires=0)
logout_resp.set_cookie('JSESSIONID', 'null', expires=0)
logout_resp.set_cookie('session_state', 'null', expires=0)
logout_resp.set_cookie('session_id', 'null', expires=0)
return logout()
return render_template('invalid_login.html')
def test_openid_commands(config_file):
"""function that runs the commands in a interactive manner
:param config_file: config file location
"""
c = Client(config_file)
print "\n=> Setup Client"
setup_data = c.setup_client()
logging.info("Received: %s", setup_data)
print "\n=> Get Client Token"
tokens = c.get_client_token(auto_update=False)
logging.info("Received: %s", tokens)
print "\n=> Introspect Access Token"
introspection = c.introspect_access_token(
access_token=tokens['access_token'])
logging.info("Received: %s", introspection)
print "\n=> Update site registration"
updated = c.update_site()
c.config.set("client", "scope", "openid,profile")
logging.info("Received: %s", updated)
print "\n=> Getting auth URL"
auth_url = c.get_authorization_url()
print "Visit this URL in your browser: ", auth_url
logging.info("Received: %s", auth_url)
print "\n=> Getting tokens by code"
callback_url = raw_input("Enter redirected URL to parse tokens: ")
parsed = urlparse.urlparse(callback_url)
params = urlparse.parse_qs(parsed.query)
tokens = c.get_tokens_by_code(params['code'][0], params['state'][0])
logging.info("Received: %s", tokens)
print "\n=> Getting user info"
claims = c.get_user_info(tokens['access_token'])
logging.info("Received: %s", claims)
print "\n=> Getting new access token using refresh token"
new_token = c.get_access_token_by_refresh_token(tokens["refresh_token"])
logging.info("Received: %s", new_token)
print "\n=> Getting Logout URI"
logout_uri = c.get_logout_uri()
logging.info("Received: %s", logout_uri)
print "Visit this URL to logout: ", logout_uri
print "\n=> Register Site"
reg = c.register_site()
logging.info("Received: %s", reg)
print "\n=> Remove Site"
oxd_id = c.remove_site()
logging.info("Received: %s", oxd_id)
def test_get_tokens_by_code(mock_send):
c = Client(config_location)
mock_send.return_value.status = "ok"
mock_send.return_value.data = "mock-token"
code = "code"
state = "state"
command = {"command": "get_tokens_by_code", "params": {"oxd_id": c.oxd_id, "code": code, "state": state}}
token = c.get_tokens_by_code(code, state)
mock_send.assert_called_with(command)
assert_equal(token, "mock-token")
def test_get_tokens_by_code(mock_send):
c = Client(config_location)
mock_send.return_value.status = "ok"
mock_send.return_value.data = "mock-token"
code = "code"
state = "state"
command = {
"command": "get_tokens_by_code",
"params": {
"oxd_id": c.oxd_id,
"code": code,
"state": state
}
}
token = c.get_tokens_by_code(code, state)
mock_send.assert_called_with(command)
assert_equal(token, "mock-token")
def test_get_tokens_raises_error_for_invalid_args():
c = Client(config_location)
# Empty code should raise error
with assert_raises(RuntimeError):
c.get_tokens_by_code("", ["openid"], "state")
# Empty list for scopes should raise error
with assert_raises(RuntimeError):
c.get_tokens_by_code("code", [], "state")
# raise error when scopes is not a list
with assert_raises(RuntimeError):
c.get_tokens_by_code("code", "openid", "state")
