def as_setup(jconf):
_module = importlib.import_module('oic.utils.authn.user')
ab = AuthnBroker()
for _id, authn in jconf["authn"].items():
cls = getattr(_module, authn["class"])
if "template_lookup" in authn["kwargs"]:
authn["kwargs"]["template_lookup"] = lookup(jconf["template_root"])
ci = cls(None, **authn["kwargs"])
ab.add(_id, ci, authn["level"], authn["authn_authority"])
_base = jconf["configuration"]["issuer"]
cauth = dict([(x, CLIENT_AUTHN_METHOD[x])
for x in jconf["client_auth_methods"]])
return {
"name": _base,
"sdb": {},
"cdb": {},
"authn_broker": ab,
"authz": Implicit("PERMISSION"),
"client_authn": verify_client,
"symkey": "1234567890123456",
"client_authn_methods": cauth,
"client_info_url": jconf["client_info_url"],
"default_acr": jconf["default_acr"],
"keyjar": None
}
def test_pkce_verify_256(self, session_db_factory):
_cli = Client(
config={"code_challenge": {
"method": "S256",
"length": 64
}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider(
"as",
session_db_factory("https://connect-op.heroku.com"),
{},
authn_broker,
Implicit(),
verify_client,
)
assert _prov.verify_code_challenge(cv, args["code_challenge"]) is True
assert _prov.verify_code_challenge(cv, args["code_challenge"],
"S256") is True
resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
assert isinstance(resp, Response)
assert resp.info()["status_code"] == 401
def test_pkce_verify_512():
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],
'S512') is True
def test_pkce_verify_512(self, session_db_factory):
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as",
session_db_factory('https://connect-op.heroku.com'), {},
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
assert isinstance(resp, Response)
assert resp.info()['status_code'] == 401
def create_provider(self):
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
self.provider = Provider("pyoicserv",
sdb.SessionDB(
TestProvider.SERVER_INFO["issuer"]),
TestProvider.CDB,
authn_broker, Implicit(),
verify_client,
client_info_url="https://example.com/as",
client_authn_methods={
"client_secret_post": ClientSecretPost,
"client_secret_basic": ClientSecretBasic,
"bearer_header": BearerHeader})
def test_pkce_verify_256(session_db_factory):
_cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge']) is True
assert _prov.verify_code_challenge(cv, args['code_challenge'],
'S256') is True
resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
assert isinstance(resp, Response)
assert resp.info()['status_code'] == 401
def test_pkce_verify_512(session_db_factory):
_cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider(
"as",
session_db_factory(SERVER_INFO["issuer"]),
CDB,
authn_broker,
Implicit(),
verify_client,
)
assert _prov.verify_code_challenge(cv, args["code_challenge"],
"S512") is True
resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
assert isinstance(resp, Response)
assert resp.info()["status_code"] == 401
import json
import socket
from mako.lookup import TemplateLookup
from oic.utils.authn.authn_context import AuthnBroker
from oic.utils.authn.client import verify_client
from oic.utils.authn.user import UserAuthnMethod, UsernamePasswordMako
from oic.utils.authn.user import BasicAuthn
from oic.utils.authz import Implicit
from oic.utils.keyio import keyjar_init
from oic.utils.sdb import SessionDB
from oic.utils.userinfo import UserInfo
from uma import authzsrv
__author__ = 'roland'
AUTHZ = Implicit("PERMISSION")
CDB = {}
AUTHZSRV = None
PASSWD = {
"linda": "krall",
"hans": "thetake",
}
USER_DB = {
"hans": {
"name": "Hans Granberg",
"sub": "*****@*****.**"
},
"linda": {
"name": "Linda Lindgren",
:param prefix: prefix string
:param lista: list of claims=value
:return: list of possible strings
"""
assert msg.startswith(prefix)
qsl = [
'{}={}'.format(k, v[0])
for k, v in parse_qs(msg[len(prefix):]).items()
]
return set(qsl) == set(lista)
AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add("UNDEFINED", DummyAuthn(None, "username"))
# dealing with authorization
AUTHZ = Implicit()
class TestProvider(object):
@pytest.fixture(autouse=True)
def create_provider(self, session_db_factory):
self.provider = Provider("pyoicserv",
session_db_factory(ISSUER),
CDB,
AUTHN_BROKER,
AUTHZ,
verify_client,
baseurl='https://example.com/as')
def test_init(self, session_db_factory):
provider = Provider("pyoicserv", session_db_factory(ISSUER), CDB,
config.issuer = config.issuer % args.port
config.SERVICE_URL = config.SERVICE_URL % args.port
for cnf in config.AUTHN_METHOD.values():
try:
cnf["config"]["return_to"] = cnf["config"]["return_to"] % args.port
except KeyError:
pass
# Initiate the authentication broker. This is the service that
# chooses which authentication method that is to be used.
broker = authn_setup(config)
# dealing with authorization, this is just everything goes.
authz = Implicit()
# Initiate the OAuth2 provider instance
OAS = Provider(config.issuer,
SessionDB(),
cdb,
broker,
authz,
client_authn=verify_client,
symkey=config.SYM_KEY)
# set some parameters
try:
OAS.cookie_ttl = config.COOKIETTL
except AttributeError:
pass