def test_invalid_authorized_response(views_fixture):
"""Test login."""
app = views_fixture
oauth = app.extensions['oauthlib.client']
with app.test_client() as client:
# Fake an authorized request
# Ensure remote apps have been loaded (due to before first
# request)
client.get(url_for("invenio_oauthclient.login", remote_app='test'))
oauth.remote_apps['test'].handle_oauth2_response = MagicMock(
side_effect=JSONDecodeError('Expecting value', '', 0))
state = serializer.dumps({
'app': 'test',
'sid': _create_identifier(),
'next': None,
})
with pytest.raises(JSONDecodeError):
client.get(
url_for("invenio_oauthclient.authorized",
remote_app='test',
code='test',
state=state))
def test_invalid_authorized_response():
"""Test login."""
app = setup_app()
oauth = app.extensions['oauthlib.client']
with app.test_client() as client:
# Fake an authorized request
# Ensure remote apps have been loaded (due to before first
# request)
client.get(url_for("invenio_oauthclient.login", remote_app='test'))
oauth.remote_apps['test'].handle_oauth2_response = MagicMock(
side_effect=JSONDecodeError('Expecting value', '', 0)
)
state = serializer.dumps({
'app': 'test',
'sid': _create_identifier(),
'next': None,
})
with pytest.raises(JSONDecodeError):
client.get(url_for(
"invenio_oauthclient.authorized",
remote_app='test',
code='test',
state=state
))
def reset_id(session):
""" Resets the _uid in cases that the session becomes invalid
Args:
session: the Session object
"""
session["_uid"] = "{}|{}".format(_create_identifier(), uuid4())
def authorized(remote_app=None):
"""Authorized handler callback."""
if remote_app not in current_oauthclient.handlers:
return abort(404)
state_token = request.args.get('state')
# Verify state parameter
try:
assert state_token
# Checks authenticity and integrity of state and decodes the value.
state = serializer.loads(state_token)
# Verify that state is for this session, app and that next parameter
# have not been modified.
assert state['sid'] == _create_identifier()
assert state['app'] == remote_app
# Store next URL
set_session_next_url(remote_app, state['next'])
except (AssertionError, BadData):
if current_app.config.get(
'OAUTHCLIENT_STATE_ENABLED',
True) or (not (current_app.debug or current_app.testing)):
abort(403)
return current_oauthclient.handlers[remote_app]()
def login(remote_app):
"""Send user to remote application for authentication."""
oauth = current_app.extensions['oauthlib.client']
if remote_app not in oauth.remote_apps:
return abort(404)
# Get redirect target in safe manner.
next_param = get_safe_redirect_target(arg='next')
# Redirect URI - must be registered in the remote service.
callback_url = url_for(
'.authorized',
remote_app=remote_app,
_external=True,
)
# Create a JSON Web Token that expires after OAUTHCLIENT_STATE_EXPIRES
# seconds.
state_token = serializer.dumps({
'app': remote_app,
'next': next_param,
'sid': _create_identifier(),
})
return oauth.remote_apps[remote_app].authorize(
callback=callback_url,
state=state_token,
)
def login(remote_app):
"""Send user to remote application for authentication."""
oauth = current_app.extensions['oauthlib.client']
if remote_app not in oauth.remote_apps:
return abort(404)
# Get redirect target in safe manner.
next_param = get_safe_redirect_target(arg='next')
# Redirect URI - must be registered in the remote service.
callback_url = url_for(
'.authorized',
remote_app=remote_app,
_external=True,
)
# Create a JSON Web Token that expires after OAUTHCLIENT_STATE_EXPIRES
# seconds.
state_token = serializer.dumps({
'app': remote_app,
'next': next_param,
'sid': _create_identifier(),
})
return oauth.remote_apps[remote_app].authorize(
callback=callback_url,
state=state_token,
)
def resetID(session):
"""
arguments:
session -- (Session) the session object
resets the _uid in cases that the session becomes invalid
"""
session["_uid"] = "{}|{}".format(_create_identifier(), uuid4())
def isSessionSecure(session):
"""
arguments:
session -- (Session) the session object
checks if the user is the one who created the session.
"""
if( "_uid" in session):
if not _create_identifier() in session["_uid"]:
return False
return True
else :
return False
def authorized(remote_app=None):
"""Authorized handler callback."""
if remote_app not in current_oauthclient.handlers:
return abort(404)
state_token = request.args.get('state')
# Verify state parameter
try:
assert state_token
# Checks authenticity and integrity of state and decodes the value.
state = serializer.loads(state_token)
# Verify that state is for this session, app and that next parameter
# have not been modified.
assert state['sid'] == _create_identifier()
assert state['app'] == remote_app
# Store next URL
set_session_next_url(remote_app, state['next'])
except (AssertionError, BadData):
if current_app.config.get('OAUTHCLIENT_STATE_ENABLED', True) or (
not(current_app.debug or current_app.testing)):
abort(403)
return current_oauthclient.handlers[remote_app]()
def get_state(app='test'):
return serializer.dumps({'app': app, 'sid': _create_identifier(),
'next': None, })
def test_authorized():
"""Test login."""
handled = {}
def test_authorized_handler(resp, remote, *args, **kwargs):
"""Save configuration."""
handled['resp'] = resp
handled['remote'] = remote
handled['args'] = args
handled['kwargs'] = kwargs
return "TEST"
def test_invalid_authorized_handler(resp, remote, *args, **kwargs):
"""Set wrong configuration."""
handled['resp'] = 1
handled['remote'] = 1
handled['args'] = 1
handled['kwargs'] = 1
app = setup_app(test_authorized_handler, test_invalid_authorized_handler)
with app.test_client() as client:
# Ensure remote apps have been loaded (due to before first
# request)
client.get(url_for("invenio_oauthclient.login", remote_app='test'))
mock_response(app.extensions['oauthlib.client'], 'test')
mock_response(app.extensions['oauthlib.client'], 'test_invalid')
from invenio_oauthclient.views.client import serializer
state = serializer.dumps({
'app': 'test',
'sid': _create_identifier(),
'next': None,
})
resp = client.get(
url_for(
"invenio_oauthclient.authorized",
remote_app='test',
code='test',
state=state
)
)
assert resp.data == b"TEST"
assert handled['remote'].name == 'test'
assert not handled['args']
assert not handled['kwargs']
assert handled['resp']['access_token'] == 'test_access_token'
state = serializer.dumps({
'app': 'test_invalid',
'sid': _create_identifier(),
'next': None,
})
# handler should be return something
with pytest.raises(ValueError):
client.get(url_for(
"invenio_oauthclient.authorized",
remote_app='test_invalid',
code='test',
state=state,
))
def test_authorized(base_app, params):
"""Test login."""
app = base_app
handled = {}
def test_authorized_handler(resp, remote, *args, **kwargs):
"""Save configuration."""
handled['resp'] = resp
handled['remote'] = remote
handled['args'] = args
handled['kwargs'] = kwargs
return "TEST"
def test_invalid_authorized_handler(resp, remote, *args, **kwargs):
"""Set wrong configuration."""
handled['resp'] = 1
handled['remote'] = 1
handled['args'] = 1
handled['kwargs'] = 1
base_app.config['OAUTHCLIENT_REMOTE_APPS'].update(
dict(
test=dict(
authorized_handler=test_authorized_handler,
params=params('testid'),
title='MyLinkedTestAccount',
),
test_invalid=dict(
authorized_handler=test_invalid_authorized_handler,
params=params('test_invalidid'),
title='Test Invalid',
),
full=dict(
params=params("fullid"),
title='Full',
),
))
FlaskOAuth(app)
InvenioOAuthClient(app)
base_app.register_blueprint(blueprint_client)
base_app.register_blueprint(blueprint_settings)
with app.test_client() as client:
# Ensure remote apps have been loaded (due to before first
# request)
client.get(url_for("invenio_oauthclient.login", remote_app='test'))
mock_response(app.extensions['oauthlib.client'], 'test')
mock_response(app.extensions['oauthlib.client'], 'test_invalid')
from invenio_oauthclient.views.client import serializer
state = serializer.dumps({
'app': 'test',
'sid': _create_identifier(),
'next': None,
})
resp = client.get(
url_for("invenio_oauthclient.authorized",
remote_app='test',
code='test',
state=state))
assert resp.data == b"TEST"
assert handled['remote'].name == 'test'
assert not handled['args']
assert not handled['kwargs']
assert handled['resp']['access_token'] == 'test_access_token'
state = serializer.dumps({
'app': 'test_invalid',
'sid': _create_identifier(),
'next': None,
})
# handler should be return something
with pytest.raises(ValueError):
client.get(
url_for(
"invenio_oauthclient.authorized",
remote_app='test_invalid',
code='test',
state=state,
))
def test_authorized(base_app, params):
"""Test login."""
app = base_app
handled = {}
def test_authorized_handler(resp, remote, *args, **kwargs):
"""Save configuration."""
handled['resp'] = resp
handled['remote'] = remote
handled['args'] = args
handled['kwargs'] = kwargs
return "TEST"
def test_invalid_authorized_handler(resp, remote, *args, **kwargs):
"""Set wrong configuration."""
handled['resp'] = 1
handled['remote'] = 1
handled['args'] = 1
handled['kwargs'] = 1
base_app.config['OAUTHCLIENT_REMOTE_APPS'].update(
dict(
test=dict(
authorized_handler=test_authorized_handler,
params=params('testid'),
title='MyLinkedTestAccount',
),
test_invalid=dict(
authorized_handler=test_invalid_authorized_handler,
params=params('test_invalidid'),
title='Test Invalid',
),
full=dict(
params=params("fullid"),
title='Full',
),
)
)
FlaskOAuth(app)
InvenioOAuthClient(app)
base_app.register_blueprint(blueprint_client)
base_app.register_blueprint(blueprint_settings)
with app.test_client() as client:
# Ensure remote apps have been loaded (due to before first
# request)
client.get(url_for("invenio_oauthclient.login", remote_app='test'))
mock_response(app.extensions['oauthlib.client'], 'test')
mock_response(app.extensions['oauthlib.client'], 'test_invalid')
from invenio_oauthclient.views.client import serializer
state = serializer.dumps({
'app': 'test',
'sid': _create_identifier(),
'next': None,
})
resp = client.get(
url_for(
"invenio_oauthclient.authorized",
remote_app='test',
code='test',
state=state
)
)
assert resp.data == b"TEST"
assert handled['remote'].name == 'test'
assert not handled['args']
assert not handled['kwargs']
assert handled['resp']['access_token'] == 'test_access_token'
state = serializer.dumps({
'app': 'test_invalid',
'sid': _create_identifier(),
'next': None,
})
# handler should be return something
with pytest.raises(ValueError):
client.get(url_for(
"invenio_oauthclient.authorized",
remote_app='test_invalid',
code='test',
state=state,
))
def _get_state():
return serializer.dumps({'app': 'orcid', 'sid': _create_identifier(),
'next': None, })
