def client_info_endpoint(self, method="GET", **kwargs): """ Operations on this endpoint are switched through the use of different HTTP methods. :param method: HTTP method used for the request :param kwargs: keyword arguments :return: A Response instance """ _query = compact(parse_qs(kwargs["query"])) try: _id = _query["client_id"] except KeyError: return BadRequest("Missing query component") if _id not in self.cdb: return Unauthorized() # authenticated client try: self.verify_client( kwargs["environ"], kwargs["request"], "bearer_header", client_id=_id ) except (AuthnFailure, UnknownAssertionType): return Unauthorized() if method == "GET": return self.client_info(_id) elif method == "PUT": try: _request = self.server.message_factory.get_request_type( "update_endpoint" )().from_json(kwargs["request"]) except ValueError as err: return BadRequest(str(err)) try: _request.verify() except InvalidRedirectUri as err: msg = ClientRegistrationError( error="invalid_redirect_uri", error_description="%s" % err ) return BadRequest(msg.to_json(), content="application/json") except (MissingPage, VerificationError) as err: msg = ClientRegistrationError( error="invalid_client_metadata", error_description="%s" % err ) return BadRequest(msg.to_json(), content="application/json") try: self.client_info_update(_id, _request) return self.client_info(_id) except ModificationForbidden: return Forbidden() elif method == "DELETE": try: del self.cdb[_id] except KeyError: return Unauthorized() else: return NoContent()
def test_verify(self, srv): form = create_return_form_env("user", "hemligt", "query=foo") authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD, "authorization_endpoint") with LogCapture(level=logging.DEBUG) as logcap: response, success = authn.verify(compact(parse_qs(form))) assert query_string_compare( response.message.split("?")[1], "query=foo&upm_answer=true") headers = dict(response.headers) assert headers["Set-Cookie"].startswith("xyzxyz=") expected = { "query": "query=foo", "login": "******", "password": "******", } # We have to use eval() here to avoid intermittent # failures from dict ordering assert eval(logcap.records[0].msg[7:-1]) == expected expected2 = { "query": "query=foo", "login": "******", "password": "******", } assert eval(logcap.records[1].msg[5:]) == expected2 assert logcap.records[2].msg == "Password verification succeeded." expected3 = {"query": ["foo"], "upm_answer": "true"} assert eval(logcap.records[3].msg[8:]) == expected3
def verify(self, request, **kwargs): """ Verifies that the given username and password was correct :param request: Either the query part of a URL a urlencoded body of a HTTP message or a parse such. :param kwargs: Catch whatever else is sent. :return: redirect back to where ever the base applications wants the user after authentication. """ logger.debug("verify(%s)" % sanitize(request)) if isinstance(request, six.string_types): _dict = compact(parse_qs(request)) elif isinstance(request, dict): _dict = request else: raise ValueError("Wrong type of input") logger.debug("dict: %s" % sanitize(_dict)) # verify username and password try: self._verify(_dict["password"], _dict["login"]) # dict origin except TypeError: try: self._verify(_dict["password"][0], _dict["login"][0]) except (AssertionError, KeyError) as err: logger.debug("Password verification failed: {}".format(err)) resp = Unauthorized("Unknown user or wrong password") return resp, False else: try: _qp = _dict["query"] except KeyError: _qp = self.get_multi_auth_cookie(kwargs['cookie']) except (AssertionError, KeyError) as err: logger.debug("Password verification failed: {}".format(err)) resp = Unauthorized("Unknown user or wrong password") return resp, False else: try: _qp = _dict["query"] except KeyError: _qp = self.get_multi_auth_cookie(kwargs['cookie']) logger.debug("Password verification succeeded.") # if "cookie" not in kwargs or self.srv.cookie_name not in kwargs["cookie"]: headers = [self.create_cookie(_dict["login"], "upm")] try: return_to = self.generate_return_url(kwargs["return_to"], _qp) except KeyError: try: return_to = self.generate_return_url(self.return_to, _qp, kwargs["path"]) except KeyError: return_to = self.generate_return_url(self.return_to, _qp) return SeeOther(return_to, headers=headers), True
def client_info_endpoint(self, method="GET", **kwargs): """ Operations on this endpoint are switched through the use of different HTTP methods :param method: HTTP method used for the request :param kwargs: keyword arguments :return: A Response instance """ _query = compact(parse_qs(kwargs['query'])) try: _id = _query["client_id"] except KeyError: return BadRequest("Missing query component") if _id not in self.cdb: return Unauthorized() # authenticated client try: self.verify_client(kwargs['environ'], kwargs['request'], "bearer_header", client_id=_id) except (AuthnFailure, UnknownAssertionType): return Unauthorized() if method == "GET": return self.client_info(_id) elif method == "PUT": try: _request = ClientUpdateRequest().from_json(kwargs['request']) except ValueError as err: return BadRequest(str(err)) try: _request.verify() except InvalidRedirectUri as err: msg = ClientRegistrationError(error="invalid_redirect_uri", error_description="%s" % err) return BadRequest(msg.to_json(), content="application/json") except (MissingPage, VerificationError) as err: msg = ClientRegistrationError(error="invalid_client_metadata", error_description="%s" % err) return BadRequest(msg.to_json(), content="application/json") try: self.client_info_update(_id, _request) return self.client_info(_id) except ModificationForbidden: return Forbidden() elif method == "DELETE": try: del self.cdb[_id] except KeyError: return Unauthorized() else: return NoContent()
def verify(self, request, **kwargs): """ Verifies that the given username and password was correct :param request: Either the query part of a URL a urlencoded body of a HTTP message or a parse such. :param kwargs: Catch whatever else is sent. :return: redirect back to where ever the base applications wants the user after authentication. """ logger.debug("verify(%s)" % sanitize(request)) if isinstance(request, six.string_types): _dict = compact(parse_qs(request)) elif isinstance(request, dict): _dict = request else: raise ValueError("Wrong type of input") logger.debug("dict: %s" % sanitize(_dict)) # verify username and password try: self._verify(_dict["password"], _dict["login"]) # dict origin except TypeError: try: self._verify(_dict["password"][0], _dict["login"][0]) except (AssertionError, KeyError) as err: logger.debug("Password verification failed: {}".format(err)) resp = Unauthorized("Unknown user or wrong password") return resp, False else: try: _qp = _dict["query"] except KeyError: _qp = self.get_multi_auth_cookie(kwargs['cookie']) except (AssertionError, KeyError) as err: logger.debug("Password verification failed: {}".format(err)) resp = Unauthorized("Unknown user or wrong password") return resp, False else: try: _qp = _dict["query"] except KeyError: _qp = self.get_multi_auth_cookie(kwargs['cookie']) logger.debug("Password verification succeeded.") # if "cookie" not in kwargs or self.srv.cookie_name not in kwargs["cookie"]: headers = [self.create_cookie(_dict["login"], "upm")] try: return_to = self.generate_return_url(kwargs["return_to"], _qp) except KeyError: try: return_to = self.generate_return_url(self.return_to, _qp, kwargs["path"]) except KeyError: return_to = self.generate_return_url(self.return_to, _qp) return SeeOther(return_to, headers=headers), True
def test_authenticated_as(self, srv): form = create_return_form_env("user", "hemligt", "QUERY") authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD, "authorization_endpoint") response, success = authn.verify(compact(parse_qs(form))) headers = dict(response.headers) user, timestamp = authn.authenticated_as(headers["Set-Cookie"]) assert user == {"uid": "user"}
def test_authenticated_as(self, srv): form = create_return_form_env("user", "hemligt", "QUERY") authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD, "authorization_endpoint") response, success = authn.verify(compact(parse_qs(form))) headers = dict(response.headers) user, timestamp = authn.authenticated_as(headers["Set-Cookie"]) assert user == {"uid": "user"}
def sign_http_args(method, url, headers, body=""): p = urlparse(url) kwargs = {"path": p.path, "host": p.netloc, "headers": headers, "method": method} if body: kwargs["body"] = body query_params = compact(parse_qs(p.query)) kwargs["query_params"] = query_params return kwargs
def test_not_authenticated(self, srv): form = create_return_form_env("user", "hemligt", "QUERY") authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD, "authorization_endpoint") response, state = authn.verify(compact(parse_qs(form))) headers = dict(response.headers) kaka = headers["Set-Cookie"] kaka = kaka.replace("1", "x") assert authn.authenticated_as(kaka) == (None, 0)
def sign_http_args(method, url, headers, body=''): p = urlparse(url) kwargs = {'path': p.path, 'host': p.netloc, 'headers': headers, 'method': method} if body: kwargs['body'] = body query_params = compact(parse_qs(p.query)) kwargs['query_params'] = query_params return kwargs
def test_not_authenticated(self, srv): form = create_return_form_env("user", "hemligt", "QUERY") authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD, "authorization_endpoint") response, state = authn.verify(compact(parse_qs(form))) headers = dict(response.headers) kaka = headers["Set-Cookie"] kaka = kaka.replace("1", "x") assert authn.authenticated_as(kaka) == (None, 0)
def sign_http_args(method, url, headers, body=''): p = urlparse(url) kwargs = {'path': p.path, 'host': p.netloc, 'headers': headers, 'method': method} if body: kwargs['body'] = body query_params = compact(parse_qs(p.query)) kwargs['query_params'] = query_params return kwargs
def test_verify(self, srv): form = create_return_form_env("user", "hemligt", "query=foo") authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD, "authorization_endpoint") with LogCapture(level=logging.DEBUG) as logcap: response, success = authn.verify(compact(parse_qs(form))) assert query_string_compare(response.message.split("?")[1], "query=foo&upm_answer=true") headers = dict(response.headers) assert headers["Set-Cookie"].startswith('xyzxyz=') expected = {u'query': u'query=foo', u'login': u'user', u'password': '******'} # We have to use eval() here to avoid intermittent # failures from dict ordering assert eval(logcap.records[0].msg[7:-1]) == expected expected = {u'query': u'query=foo', u'login': u'user', u'password': '******'} assert eval(logcap.records[1].msg[5:]) == expected assert logcap.records[2].msg == 'Password verification succeeded.' expected = {u'query': [u'foo'], 'upm_answer': 'true'} assert eval(logcap.records[3].msg[8:]) == expected