def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(
self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = [
"user_id", "domain"
]
base = SATOSABase(satosa_config)
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = {
"user_id": ["user"],
"domain": ["@example.com"]
}
internal_resp.requester = "test_requester"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.
STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
UserIdHasher.save_state(InternalRequest(UserIdHashType.persistent, ""),
context.state)
base._auth_resp_callback_func(context, internal_resp)
expected_user_id = UserIdHasher.hash_data(
satosa_config["USER_ID_HASH_SALT"], "*****@*****.**")
expected_user_id = UserIdHasher.hash_id(
satosa_config["USER_ID_HASH_SALT"], expected_user_id,
internal_resp.requester, context.state)
assert internal_resp.user_id == expected_user_id
def _auth_req_callback_func(self, context, internal_request):
"""
This function is called by a frontend module when an authorization request has been
processed.
:type context: satosa.context.Context
:type internal_request: satosa.internal_data.InternalRequest
:rtype: satosa.response.Response
:param context: The request context
:param internal_request: request processed by the frontend
:return: response
"""
state = context.state
state.add(SATOSABase.STATE_KEY, internal_request.requestor)
satosa_logging(LOGGER, logging.INFO,
"Requesting provider: {}".format(internal_request.requestor), state)
context.request = None
backend = self.module_router.backend_routing(context)
self.consent_module.save_state(internal_request, state)
UserIdHasher.save_state(internal_request, state)
if self.request_micro_services:
internal_request = self.request_micro_services.process_service_queue(context,
internal_request)
return backend.start_auth(context, internal_request)
def _account_linking_callback_func(self, context, internal_response):
"""
This function is called by the account linking module when the linking step is done
:type context: satosa.context.Context
:type internal_response: satosa.internal_data.InternalResponse
:rtype: satosa.response.Response
:param context: The response context
:param internal_response: The authentication response
:return: response
"""
user_id = UserIdHasher.hash_id(self.config.USER_ID_HASH_SALT,
internal_response.get_user_id(),
internal_response.to_requestor,
context.state)
internal_response.set_user_id(user_id)
internal_response.set_user_id_hash_type(UserIdHasher.hash_type(context.state))
user_id_to_attr = self.config.INTERNAL_ATTRIBUTES.get("user_id_to_attr", None)
if user_id_to_attr:
attributes = internal_response.get_attributes()
attributes[user_id_to_attr] = internal_response.get_user_id()
internal_response.add_attributes(attributes)
# Hash all attributes specified in INTERNAL_ATTRIBUTES["hash]
hash_attributes = self.config.INTERNAL_ATTRIBUTES.get("hash", [])
internal_attributes = internal_response.get_attributes()
for attribute in hash_attributes:
internal_attributes[attribute] = UserIdHasher.hash_data(self.config.USER_ID_HASH_SALT,
internal_attributes[attribute])
return self.consent_module.manage_consent(context, internal_response)
def _auth_req_callback_func(self, context, internal_request):
"""
This function is called by a frontend module when an authorization request has been
processed.
:type context: satosa.context.Context
:type internal_request: satosa.internal_data.InternalRequest
:rtype: satosa.response.Response
:param context: The request context
:param internal_request: request processed by the frontend
:return: response
"""
state = context.state
state.add(SATOSABase.STATE_KEY, internal_request.requestor)
satosa_logging(
LOGGER, logging.INFO,
"Requesting provider: {}".format(internal_request.requestor),
state)
context.request = None
backend = self.module_router.backend_routing(context)
self.consent_module.save_state(internal_request, state)
UserIdHasher.save_state(internal_request, state)
if self.request_micro_services:
internal_request = self.request_micro_services.process_service_queue(
context, internal_request)
return backend.start_auth(context, internal_request)
def _account_linking_callback_func(self, context, internal_response):
"""
This function is called by the account linking module when the linking step is done
:type context: satosa.context.Context
:type internal_response: satosa.internal_data.InternalResponse
:rtype: satosa.response.Response
:param context: The response context
:param internal_response: The authentication response
:return: response
"""
user_id = UserIdHasher.hash_id(self.config.USER_ID_HASH_SALT,
internal_response.get_user_id(),
internal_response.to_requestor,
context.state)
internal_response.set_user_id(user_id)
internal_response.set_user_id_hash_type(
UserIdHasher.hash_type(context.state))
user_id_to_attr = self.config.INTERNAL_ATTRIBUTES.get(
"user_id_to_attr", None)
if user_id_to_attr:
attributes = internal_response.get_attributes()
attributes[user_id_to_attr] = internal_response.get_user_id()
internal_response.add_attributes(attributes)
# Hash all attributes specified in INTERNAL_ATTRIBUTES["hash]
hash_attributes = self.config.INTERNAL_ATTRIBUTES.get("hash", [])
internal_attributes = internal_response.get_attributes()
for attribute in hash_attributes:
internal_attributes[attribute] = UserIdHasher.hash_data(
self.config.USER_ID_HASH_SALT, internal_attributes[attribute])
return self.consent_module.manage_consent(context, internal_response)
def _get_id(requestor, user_id, hash_type):
state = State()
internal_request = InternalRequest(hash_type, requestor)
UserIdHasher.save_state(internal_request, state)
return UserIdHasher.hash_id(SALT, user_id, requestor, state)
def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id"
base = SATOSABase(satosa_config)
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.user_id = "user1234"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state)
base._auth_resp_callback_func(context, internal_resp)
assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
def test_auth_resp_callback_func_respects_user_id_to_attr(
self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id"
base = SATOSABase(satosa_config)
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.user_id = "user1234"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.
STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""),
context.state)
base._auth_resp_callback_func(context, internal_resp)
assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
base = SATOSABase(satosa_config)
attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]}
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = copy.copy(attributes)
internal_resp.user_id = "test_user"
UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state)
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
assert internal_resp.attributes[attr] == [UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v)
for v in attributes[attr]]
def _auth_resp_callback_func(self, context, internal_response):
"""
This function is called by a backend module when the authorization is complete.
:type context: satosa.context.Context
:type internal_response: satosa.internal_data.InternalResponse
:rtype: satosa.response.Response
:param context: The request context
:param internal_response: The authentication response
:return: response
"""
context.request = None
internal_response.to_requestor = context.state.get(SATOSABase.STATE_KEY)
user_id_attr = self.config.INTERNAL_ATTRIBUTES.get("user_id_from_attr", [])
if user_id_attr:
internal_response.set_user_id_from_attr(user_id_attr)
# Hash the user id
user_id = UserIdHasher.hash_data(self.config.USER_ID_HASH_SALT,
internal_response.get_user_id())
internal_response.set_user_id(user_id)
if self.response_micro_services:
internal_response = \
self.response_micro_services.process_service_queue(context, internal_response)
return self.account_linking_module.manage_al(context, internal_response)
def _auth_resp_callback_func(self, context, internal_response):
"""
This function is called by a backend module when the authorization is complete.
:type context: satosa.context.Context
:type internal_response: satosa.internal_data.InternalResponse
:rtype: satosa.response.Response
:param context: The request context
:param internal_response: The authentication response
:return: response
"""
context.request = None
internal_response.to_requestor = context.state.get(
SATOSABase.STATE_KEY)
user_id_attr = self.config.INTERNAL_ATTRIBUTES.get(
"user_id_from_attr", [])
if user_id_attr:
internal_response.set_user_id_from_attr(user_id_attr)
# Hash the user id
user_id = UserIdHasher.hash_data(self.config.USER_ID_HASH_SALT,
internal_response.get_user_id())
internal_response.set_user_id(user_id)
if self.response_micro_services:
internal_response = \
self.response_micro_services.process_service_queue(context, internal_response)
return self.account_linking_module.manage_al(context,
internal_response)
def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = ["user_id", "domain"]
base = SATOSABase(satosa_config)
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = {"user_id": ["user"], "domain": ["@example.com"]}
internal_resp.requester = "test_requester"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
UserIdHasher.save_state(InternalRequest(UserIdHashType.persistent, ""), context.state)
base._auth_resp_callback_func(context, internal_resp)
expected_user_id = UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], "*****@*****.**")
expected_user_id = UserIdHasher.hash_id(satosa_config["USER_ID_HASH_SALT"],
expected_user_id,
internal_resp.requester,
context.state)
assert internal_resp.user_id == expected_user_id
def test_auth_resp_callback_func_hashes_all_specified_attributes(
self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
base = SATOSABase(satosa_config)
attributes = {
"user_id": ["user"],
"mail": ["*****@*****.**", "*****@*****.**"]
}
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = copy.copy(attributes)
internal_resp.user_id = "test_user"
UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""),
context.state)
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.
STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
assert internal_resp.attributes[attr] == [
UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v)
for v in attributes[attr]
]