def test_unpack_aggregated_response_missing_keys(self):
        claims = {
            "address": {
                "street_address": "1234 Hollywood Blvd.",
                "locality": "Los Angeles",
                "region": "CA",
                "postal_code": "90210",
                "country": "US"
            },
            "phone_number": "+1 (555) 123-4567"
        }

        _keyjar = build_keyjar(KEYSPEC)

        srv = JWT(_keyjar, iss=ISS, sign_alg='ES256')
        _jwt = srv.pack(payload=claims)

        resp = OpenIDSchema(sub='diana', given_name='Diana',
                            family_name='krall',
                            _claim_names={
                                'address': 'src1',
                                'phone_number': 'src1'
                            },
                            _claim_sources={'src1': {'JWT': _jwt}})

        _resp = self.service.parse_response(resp.to_json(), state='abcde')
        assert _resp
Ejemplo n.º 2
0
    def test_finalize(self):
        auth_query = self.rph.begin(issuer_id='github')
        #  The authorization query is sent and after successful authentication
        client = self.rph.get_client_from_session_key(
            state=auth_query['state'])
        # register a response
        p = urlparse(
            CLIENT_CONFIG['github']['provider_info']['authorization_endpoint'])
        self.mock_op.register_get_response(p.path, 'Redirect', 302)

        _ = client.http(auth_query['url'])

        #  the user is redirected back to the RP with a positive response
        auth_response = AuthorizationResponse(code='access_code',
                                              state=auth_query['state'])

        # need session information and the client instance
        _session = self.rph.get_session_information(auth_response['state'])
        client = self.rph.get_client_from_session_key(
            state=auth_response['state'])

        # Faking
        resp = construct_access_token_response(
            _session['auth_request']['nonce'],
            issuer=self.issuer,
            client_id=CLIENT_CONFIG['github']['client_id'],
            key_jar=GITHUB_KEY)

        p = urlparse(
            CLIENT_CONFIG['github']['provider_info']['token_endpoint'])
        self.mock_op.register_post_response(
            p.path, resp.to_json(), 200, {'content-type': "application/json"})

        _info = OpenIDSchema(sub='EndUserSubject',
                             given_name='Diana',
                             family_name='Krall',
                             occupation='Jazz pianist')
        p = urlparse(
            CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint'])
        self.mock_op.register_get_response(
            p.path, _info.to_json(), 200, {'content-type': "application/json"})

        _github_id = iss_id('github')
        client.service_context.keyjar.import_jwks(
            GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

        # do the rest (= get access token and user info)
        # assume code flow
        resp = self.rph.finalize(_session['iss'], auth_response.to_dict())

        assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'}
    def __call__(self, url, method="GET", data=None, headers=None, **kwargs):
        if method == 'GET':
            p = urlparse(url)
            if p.path.endswith('authorize'):
                qp = parse_qs(p.query)
                self.state = qp['state'][0]
                self.nonce = qp['nonce'][0]
                r = MockResponse(302, 'Redirect')
                r.location = qp['redirect_uri'][0]
                return r
            elif p.path.endswith('user'):
                qp = parse_qs(p.query)
                if qp['access_token'][0] == 'accessTok':
                    # what else could it be?
                    _info = OpenIDSchema(sub='EndUserSubject',
                                         given_name='Diana',
                                         family_name='Krall',
                                         occupation='Jazz pianist')
                    return MockResponse(
                        200,
                        _info.to_json(),
                        headers={'content-type': "application/json"})
                else:
                    return MockResponse(400, 'Illegal request')
            else:
                r = MockResponse(200, 'Some text')
                return r
        elif method == 'POST':
            p = urlparse(url)
            if p.path.endswith('access_token'):
                # Content type expected to be urlencoded
                query = parse_qs(data)
                resp = self.construct_access_token_response(
                    query['client_id'][0])

                r = MockResponse(200,
                                 resp.to_json(),
                                 headers={'content-type': "application/json"})
                return r
 def test_unpack_simple_response(self):
     resp = OpenIDSchema(sub='diana', given_name='Diana',
                         family_name='krall')
     _resp = self.service.parse_response(resp.to_json(),
                                         state='abcde')
     assert _resp