def test_verify_strict(key, value, monkeypatch):
    result = sign_http_request(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    with pytest.raises(ValidationError):
        verify_http_request(signature=result,
                            strict_query_param_verification=True,
                            strict_headers_verification=True, **TEST_DATA)
Beispiel #2
0
def test_verify_not_strict(key, value, monkeypatch):
    result = sign_http_request(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    verify_http_request(signature=result,
                        strict_query_param_verification=False,
                        strict_headers_verification=False,
                        **TEST_DATA)
Beispiel #3
0
def test_verify_strict(key, value, monkeypatch):
    result = sign_http_request(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    with pytest.raises(ValidationError):
        verify_http_request(signature=result,
                            strict_query_param_verification=True,
                            strict_headers_verification=True,
                            **TEST_DATA)
Beispiel #4
0
    def do_user_info_request(self, method="POST", state="", scope="openid",
                             request="openid", **kwargs):

        kwargs["request"] = request
        kwargs["behavior"] = "use_authorization_header"
        url, body, method, h_args = self.user_info_request(method, state,
                                                           scope, **kwargs)

        sign_key = self.keyjar.get_signing_key()[0]
        url_parse = urlparse(url)
        host = url_parse.netloc
        path = url_parse.path
        body = sign_http_request(sign_key, "RS256", path=path, headers=h_args["headers"],
                                 method=method, host=host)
        body = urlencode({"http_signature": body})

        logger.debug("[do_user_info_request] PATH:%s BODY:%s H_ARGS: %s", url, body, h_args)

        try:
            resp = self.http_request(url, method, data=body, **h_args)
        except oauth2.MissingRequiredAttribute:
            raise

        if resp.status_code == 200:
            try:
                assert "application/json" in resp.headers["content-type"]
                sformat = "json"
            except AssertionError:
                assert "application/jwt" in resp.headers["content-type"]
                sformat = "jwt"
        elif resp.status_code == 500:
            raise PyoidcError("ERROR: Something went wrong: %s" % resp.text)
        else:
            raise PyoidcError("ERROR: Something went wrong [%s]: %s" % (
                resp.status_code, resp.text))

        try:
            _schema = kwargs["user_info_schema"]
        except KeyError:
            _schema = OpenIDSchema

        logger.debug("Reponse text: '%s'", resp.text)

        _txt = resp.text
        if sformat == "json":
            res = _schema().from_json(txt=_txt)
        else:
            res = _schema().from_jwt(_txt, keyjar=self.keyjar,
                                     sender=self.provider_info["issuer"])

        self.store_response(res, _txt)

        return res
    def test_userinfo_endpoint(self, monkeypatch):
        access_token = self._pop_token_req(self._authz_req())["access_token"]
        bearer_header = "pop {}".format(access_token)
        signature = sign_http_request(
            CLIENT_KEYJAR.get_signing_key(owner="")[0],
            "RS256",
            ENVIRON["REQUEST_METHOD"],
            HOST, "/userinfo",
            headers=dict(
                [("Authorization", bearer_header)]))
        body = "http_signature={}".format(signature).encode("utf-8")
        monkeypatch.setitem(ENVIRON, "HTTP_AUTHORIZATION", bearer_header)
        monkeypatch.setitem(ENVIRON, "wsgi.input", BytesIO(body))
        monkeypatch.setitem(ENVIRON, "CONTENT_LENGTH", len(body))

        resp = self.provider.userinfo_endpoint(
            self.provider.parse_request(ENVIRON))
        userinfo = json.loads(resp.message)
        assert userinfo["nickname"] == USERDB["username"]["nickname"]
        assert userinfo["name"] == USERDB["username"]["name"]
        assert userinfo["sub"]
def test_verify_fail(key, value, monkeypatch):
    result = sign_http_request(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    with pytest.raises(ValidationError):
        verify_http_request(signature=result, **TEST_DATA)
def test_verify():
    timestamp = 12347456
    result = sign_http_request(alg=ALG, time_stamp=12347456, **TEST_DATA)
    signature = verify_http_request(signature=result, **TEST_DATA)

    assert signature["ts"] == timestamp
def test_sign_empty_http_req():
    with pytest.raises(EmptyHTTPRequestError):
        sign_http_request(SIGN_KEY, ALG)
def test_verify_not_strict(key, value, monkeypatch):
    result = sign_http_request(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    verify_http_request(signature=result,
                        strict_query_param_verification=False,
                        strict_headers_verification=False, **TEST_DATA)
Beispiel #10
0
def test_verify_fail(key, value, monkeypatch):
    result = sign_http_request(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    with pytest.raises(ValidationError):
        verify_http_request(signature=result, **TEST_DATA)
Beispiel #11
0
def test_verify():
    timestamp = 12347456
    result = sign_http_request(alg=ALG, time_stamp=12347456, **TEST_DATA)
    signature = verify_http_request(signature=result, **TEST_DATA)

    assert signature["ts"] == timestamp
Beispiel #12
0
def test_sign_empty_http_req():
    with pytest.raises(EmptyHTTPRequestError):
        sign_http_request(SIGN_KEY, ALG)