def test_unpack_aggregated_response_missing_keys(self):
claims = {
"address": {
"street_address": "1234 Hollywood Blvd.",
"locality": "Los Angeles",
"region": "CA",
"postal_code": "90210",
"country": "US"
},
"phone_number": "+1 (555) 123-4567"
}
_keyjar = build_keyjar(KEYSPEC)
srv = JWT(_keyjar, iss=ISS, sign_alg='ES256')
_jwt = srv.pack(payload=claims)
resp = OpenIDSchema(sub='diana', given_name='Diana',
family_name='krall',
_claim_names={
'address': 'src1',
'phone_number': 'src1'
},
_claim_sources={'src1': {'JWT': _jwt}})
_resp = self.service.parse_response(resp.to_json(), state='abcde')
assert _resp
def test_unpack_signed_response(self):
resp = OpenIDSchema(sub='diana', given_name='Diana',
family_name='krall', iss=ISS)
sk = ISS_KEY.get_signing_key('rsa', owner=ISS)
alg = self.service.service_context.get_sign_alg('userinfo')
_resp = self.service.parse_response(resp.to_jwt(sk, algorithm=alg),
state='abcde', sformat='jwt')
assert _resp
def test_finalize(self):
auth_query = self.rph.begin(issuer_id='github')
# The authorization query is sent and after successful authentication
client = self.rph.get_client_from_session_key(
state=auth_query['state'])
# register a response
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['authorization_endpoint'])
self.mock_op.register_get_response(p.path, 'Redirect', 302)
_ = client.http(auth_query['url'])
# the user is redirected back to the RP with a positive response
auth_response = AuthorizationResponse(code='access_code',
state=auth_query['state'])
# need session information and the client instance
_session = self.rph.get_session_information(auth_response['state'])
client = self.rph.get_client_from_session_key(
state=auth_response['state'])
# Faking
resp = construct_access_token_response(
_session['auth_request']['nonce'],
issuer=self.issuer,
client_id=CLIENT_CONFIG['github']['client_id'],
key_jar=GITHUB_KEY)
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['token_endpoint'])
self.mock_op.register_post_response(
p.path, resp.to_json(), 200, {'content-type': "application/json"})
_info = OpenIDSchema(sub='EndUserSubject',
given_name='Diana',
family_name='Krall',
occupation='Jazz pianist')
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint'])
self.mock_op.register_get_response(
p.path, _info.to_json(), 200, {'content-type': "application/json"})
_github_id = iss_id('github')
client.service_context.keyjar.import_jwks(
GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
# do the rest (= get access token and user info)
# assume code flow
resp = self.rph.finalize(_session['iss'], auth_response.to_dict())
assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'}
def test_fetch_distributed_claims_3(self, httpserver):
_url = "https://example.com/claims.json"
uinfo = OpenIDSchema(
**{
"sub": 'jane_doe',
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"email": "*****@*****.**",
"birthdate": "0000-03-22",
"eye_color": "blue",
"_claim_names": {
"credit_score": "src2"
},
"_claim_sources": {
"src2": {
"endpoint": _url,
}
}
})
_claims = {"credit_score": 650}
with responses.RequestsMock() as rsps:
rsps.add("GET",
_url,
body=json.dumps(_claims),
adding_headers={"Content-Type": "application/json"},
status=200)
res = self.client.fetch_distributed_claims(
uinfo, callback=access_token_callback)
assert 'credit_score' in res
def test_fetch_distributed_claims_3(self, httpserver):
_url = httpserver.url
uinfo = OpenIDSchema(
**{
"sub": 'jane_doe',
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"email": "*****@*****.**",
"birthdate": "0000-03-22",
"eye_color": "blue",
"_claim_names": {
"credit_score": "src2"
},
"_claim_sources": {
"src2": {
"endpoint": _url,
}
}
})
httpserver.serve_content(json.dumps({"credit_score": 650}))
res = self.client.fetch_distributed_claims(
uinfo, callback=access_token_callback)
assert 'credit_score' in res
def test_unpack_encrypted_response(self):
# Add encryption key
_kj = build_keyjar([{"type": "RSA", "use": ["enc"]}], owner='')
# Own key jar gets the private key
self.service.service_context.keyjar.import_jwks(
_kj.export_jwks(private=True), issuer='client_id')
# opponent gets the public key
ISS_KEY.import_jwks(_kj.export_jwks(), issuer='client_id')
resp = OpenIDSchema(sub='diana', given_name='Diana',
family_name='krall', iss=ISS, aud='client_id')
enckey = ISS_KEY.get_encrypt_key('rsa', owner='client_id')
algspec = self.service.service_context.get_enc_alg_enc(
self.service.service_name)
enc_resp = resp.to_jwe(enckey, **algspec)
_resp = self.service.parse_response(enc_resp, state='abcde',
sformat='jwt')
assert _resp
def __call__(self, url, method="GET", data=None, headers=None, **kwargs):
if method == 'GET':
p = urlparse(url)
if p.path.endswith('authorize'):
qp = parse_qs(p.query)
self.state = qp['state'][0]
self.nonce = qp['nonce'][0]
r = MockResponse(302, 'Redirect')
r.location = qp['redirect_uri'][0]
return r
elif p.path.endswith('user'):
qp = parse_qs(p.query)
if qp['access_token'][0] == 'accessTok':
# what else could it be?
_info = OpenIDSchema(sub='EndUserSubject',
given_name='Diana',
family_name='Krall',
occupation='Jazz pianist')
return MockResponse(
200,
_info.to_json(),
headers={'content-type': "application/json"})
else:
return MockResponse(400, 'Illegal request')
else:
r = MockResponse(200, 'Some text')
return r
elif method == 'POST':
p = urlparse(url)
if p.path.endswith('access_token'):
# Content type expected to be urlencoded
query = parse_qs(data)
resp = self.construct_access_token_response(
query['client_id'][0])
r = MockResponse(200,
resp.to_json(),
headers={'content-type': "application/json"})
return r
def test_fetch_distributed_claims_1(self):
_url = "https://example.com/claims.json"
# split the example in 5.6.2.2 into two
uinfo = OpenIDSchema(
**{
"sub": 'jane_doe',
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"email": "*****@*****.**",
"birthdate": "0000-03-22",
"eye_color": "blue",
"_claim_names": {
"payment_info": "src1",
"shipping_address": "src1",
},
"_claim_sources": {
"src1": {
"endpoint": _url
}
}
})
# Wrong set of claims. Actually extra claim
_info = {
"shipping_address": {
"street_address": "1234 Hollywood Blvd.",
"locality": "Los Angeles",
"region": "CA",
"postal_code": "90210",
"country": "US"
},
"payment_info": "Some_Card 1234 5678 9012 3456",
"phone_number": "+1 (310) 123-4567"
}
with responses.RequestsMock() as rsps:
rsps.add("GET",
_url,
body=json.dumps(_info),
adding_headers={"Content-Type": "application/json"},
status=200)
res = self.client.fetch_distributed_claims(uinfo)
assert 'payment_info' in res
assert 'shipping_address' in res
assert 'phone_number' not in res
def test_fetch_distributed_claims_1(self, httpserver):
_url = httpserver.url
# split the example in 5.6.2.2 into two
uinfo = OpenIDSchema(
**{
"sub": 'jane_doe',
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"email": "*****@*****.**",
"birthdate": "0000-03-22",
"eye_color": "blue",
"_claim_names": {
"payment_info": "src1",
"shipping_address": "src1",
},
"_claim_sources": {
"src1": {
"endpoint": _url
}
}
})
# Wrong set of claims. Actually extra claim
httpserver.serve_content(
json.dumps({
"shipping_address": {
"street_address": "1234 Hollywood Blvd.",
"locality": "Los Angeles",
"region": "CA",
"postal_code": "90210",
"country": "US"
},
"payment_info": "Some_Card 1234 5678 9012 3456",
"phone_number": "+1 (310) 123-4567"
}))
res = self.client.fetch_distributed_claims(uinfo)
assert 'payment_info' in res
assert 'shipping_address' in res
assert 'phone_number' not in res
def test_unpack_simple_response(self):
resp = OpenIDSchema(sub='diana', given_name='Diana',
family_name='krall')
_resp = self.service.parse_response(resp.to_json(),
state='abcde')
assert _resp