def initialised_session(self, session_storage):
return UserSession(session_storage, self.PROVIDER_NAME)
def test_initialising_session_with_existing_user_session_should_preserve_state(
self):
storage = {}
session1 = UserSession(storage, self.PROVIDER_NAME)
session1.update(id_token=self.GOOD_ID_TOKEN)
assert session1.is_authenticated() is True
assert session1.current_provider == self.PROVIDER_NAME
session2 = UserSession(storage, self.PROVIDER_NAME)
assert session2.is_authenticated() is True
assert session2.current_provider == self.PROVIDER_NAME
session3 = UserSession(storage)
assert session3.is_authenticated() is True
assert session3.current_provider == self.PROVIDER_NAME
def test_trying_to_update_uninitialised_session_should_throw_exception(
self):
with pytest.raises(UninitialisedSession):
UserSession(session_storage={}).update()
def ping():
app.logger.info('ping {}'.format(
UserSession(flask.session, 'default').is_authenticated()))
return {'info': 'Success'}
def login1():
user_session = UserSession(flask.session)
return jsonify(access_token=user_session.access_token,
id_token=user_session.id_token,
userinfo=user_session.userinfo)
def test_failed_rbac(self, time_mock, utc_time_sans_frac_mock, claims,
role_claim, value, source):
self.app.config.update({
"OIDC_REQUIRED_ROLES": value,
"OIDC_ROLE_CLAIM": role_claim,
"OIDC_ROLE_SOURCE": source,
})
# freeze time since ID Token validation includes expiration timestamps
timestamp = time.mktime(datetime(2017, 1, 1).timetuple())
time_mock.return_value = timestamp
utc_time_sans_frac_mock.return_value = int(timestamp)
# mock token response
user_id = "user1"
exp_time = 10
nonce = "test_nonce"
id_token_claims = {
"iss": self.PROVIDER_BASEURL,
"aud": [self.CLIENT_ID],
"sub": user_id,
"exp": int(timestamp) + exp_time,
"iat": int(timestamp),
"nonce": nonce,
}
id_token_claims.update(**claims)
id_token_jwt, id_token_signing_key = signed_id_token(id_token_claims)
access_token = claims
access_token_jwt = jwt.encode(access_token,
"secret",
algorithm="HS256")
token_response = {
"access_token": access_token_jwt,
"token_type": "Bearer",
"id_token": id_token_jwt,
}
token_endpoint = self.PROVIDER_BASEURL + "/token"
responses.add(responses.POST, token_endpoint, json=token_response)
responses.add(
responses.GET,
self.PROVIDER_BASEURL + "/jwks",
json={"keys": [id_token_signing_key.serialize()]},
)
# mock userinfo response
userinfo = {"sub": user_id, "name": "Test User"}
userinfo.update(**claims)
userinfo_endpoint = self.PROVIDER_BASEURL + "/userinfo"
responses.add(responses.GET, userinfo_endpoint, json=userinfo)
authn = self.init_app(
provider_metadata_extras={
"token_endpoint": token_endpoint,
"userinfo_endpoint": userinfo_endpoint,
})
test_endpoint = self.get_auth_endpoint(authn)
state = "test_state"
with self.app.test_request_context(
"/redirect_uri?state={}&code=test".format(state)):
UserSession(flask.session, self.PROVIDER_NAME)
flask.session["destination"] = "/"
flask.session["state"] = state
flask.session["nonce"] = nonce
authn._handle_authentication_response()
with pytest.raises(Unauthorized):
assert test_endpoint()
