def test_set_essential_arg_claim_rt_non_i():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.tool_conf = {'profile': 'C.T.T.T'}
args = 'email'
set_essential_arg_claim(oper, args)
assert oper.req_args["claims"] == {"userinfo": {args: {"essential": True}}}
def test_set_response_where_implicit():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.req_args['response_type'] = ['id_token']
args = None
set_response_where(oper, args)
assert oper.response_where == "fragment"
def test_set_discovery_issuer_dyn():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.dynamic = True
args = None
set_discovery_issuer(oper, args)
assert 'issuer' in oper.op_args
def test_set_response_where_code_args():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.req_args['response_type'] = ['id_token token']
args = {'response_type': ['id_token token'], 'where': 'fragment'}
set_response_where(oper, args)
assert oper.response_where == "fragment"
def test_static_jwk():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.keyjar = build_keyjar(KEYDEFS)[1]
oper.req_args["jwks_uri"] = 'https://example.org/jwks_uri'
args = None
static_jwk(oper, args)
assert 'jwks_uri' not in oper.req_args
assert 'jwks' in oper.req_args
def test_sub_claims():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
atr = {
"access_token":
"ZDZjNWFmNzgtN2IxMi00YTY1LTk2NTEtODIyZjg5YmRlZThm0iWAl1VJQBnLcBFYdzkwuyh9TGyf9QDx86DZUn6ho3Pbtr5VPxMihwXpO1AAfxas5XSNNdhFAf3bqATAh2BkuQ",
"expires_in": 7200,
"id_token": {
"at_hash": "fZlM5SoE8mdM80zBWSOzDQ",
"aud": [
"cb19ff50-6423-4955-92a2-73bea88796b4"
],
"email": "*****@*****.**",
"exp": 1493066674,
"iat": 1493059474,
"iss": "https://guarded-cliffs-8635.herokuapp.com",
"nonce": "WZ3PuYEnGxcM6ddf",
"phone_number": "+49 000 000000",
"phone_number_verified": False,
"sid": "be99eccf-965f-4ba4-b0e4-39b0c26868e1",
"sub": "9842f9ae-eb3c-4eba-8e4c-979ecae15fa1"
},
"token_type": "Bearer"
}
_info['conv'].events.store(EV_PROTOCOL_RESPONSE,
AccessTokenResponse(**atr))
_sub = atr["id_token"]["sub"]
args = None
sub_claims(oper, args)
assert oper.req_args["claims"] == {"id_token": {"sub": {"value": _sub}}}
def test_check_support():
_info = setup_conv()
_info['conv'].entity.provider_info[
'token_endpoint_auth_methods_supported'] = ["private_key_jwt"]
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_support(oper, {
"WARNING": {
"token_endpoint_auth_methods_supported": "private_key_jwt"
}
})
assert oper.fail is False
check_support(oper, {
"WARNING": {
"token_endpoint_auth_methods_supported": "client_secret_jwt"
}
})
assert oper.fail is False
assert len(oper.conv.events) == 1
check_support(oper, {
"ERROR": {
"token_endpoint_auth_methods_supported": "client_secret_jwt"
}
})
assert oper.fail is True
def test_request_in_file():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
args = None
request_in_file(oper, args)
assert oper.op_args['base_path'].endswith('export/')
def test_set_state():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.state = rndstr(16)
args = None
set_state(oper, args)
assert oper.op_args['state'] == oper.conv.state
def test_ui_locales():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.tool_config = {'ui_locales': ['es']}
args = None
ui_locales(oper, args)
assert oper.req_args["ui_locales"] == ['es']
def test_check_config():
_info = setup_conv()
# set tool_config
_info['conv'].tool_config['login_hint'] = 'diana'
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_config(oper, {"login_hint": None})
ev = oper.conv.events.get(EV_CONDITION)
assert ev == []
def test_check_config_missing():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_config(oper, {"login_hint": None})
ev = oper.conv.events.get(EV_CONDITION)
assert len(ev) == 1
assert ev[0].data.status == ERROR
assert oper.unsupported
def test_set_principal():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.tool_config = {'foo': 'bar'}
args = {'param': 'foo'}
set_principal(oper, args)
assert oper.req_args["principal"] == oper.conv.tool_config['foo']
def test_login_hint_without():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.provider_info = {'issuer': 'https://example.com'}
args = None
login_hint(oper, args)
assert oper.req_args["login_hint"] == '*****@*****.**'
def test_store_sector_redirect_uris():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
store_sector_redirect_uris(oper,
{"other_uris": ["https://example.com/op"]})
assert oper.req_args["sector_identifier_uri"].endswith('export/siu.json')
_siu = json.loads(open('export/siu.json').read())
assert _siu
def test_login_hint_with_domain():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.provider_info = {'issuer': 'https://example.com'}
oper.conv.tool_config = {'login_hint': '*****@*****.**'}
args = None
login_hint(oper, args)
assert oper.req_args["login_hint"] == '*****@*****.**'
def test_essential_and_specific_acr_claim_tc():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
_acrs = ['passwd']
_info['conv'].tool_config['acr_value'] = _acrs
essential_and_specific_acr_claim(oper, ['one'])
assert 'acr_values' not in oper.req_args
assert oper.req_args['claims']['id_token']['acr'] == {"value": _acrs[0],
'essential': True}
def test_acr_value():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
_acrs = ['pinfo']
oper.conv.entity.provider_info = {'acr_values_supported': _acrs}
essential_and_specific_acr_claim(oper, ['one'])
assert 'acr_values' not in oper.req_args
assert oper.req_args['claims']['id_token']['acr'] == {"value": _acrs[0],
'essential': True}
def test_redirect_uri_with_query_component():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.registration_info = {'redirect_uris': [
'https://example.org/authzcb']}
redirect_uri_with_query_component(oper, {'foo': 'bar'})
assert oper.req_args["redirect_uri"][0].endswith('?foo=bar')
def test_redirect_uris_with_fragment():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.registration_info = {'redirect_uris': [
'https://example.org/authzcb']}
redirect_uris_with_fragment(oper, {'fragment': 'one'})
assert oper.req_args["redirect_uris"][0].endswith('#fragmentone')
def test_check_support_strings():
_info = setup_conv()
_info['conv'].entity.provider_info[
'token_endpoint_auth_methods_supported'] = ["private_key_jwt"]
_info['conv'].entity.provider_info.__class__.c_param['token_endpoint_auth_methods_supported'] = (str, None)
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_support(oper, {"WARNING": {
"token_endpoint_auth_methods_supported": "private_key_jwt"}})
assert oper.fail is False
assert len(oper.conv.events) == 1
def test_multiple_return_uris():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.registration_info = {'redirect_uris': [
'https://example.org/authzcb']}
oper.conv.entity.base_url = 'https://example.org'
_ruris = len(oper.conv.entity.registration_info['redirect_uris'])
args = None
multiple_return_uris(oper, args)
assert len(oper.req_args["redirect_uris"]) == _ruris + 1
def test_id_token_hint_dict():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
# test specific setup
atr = {
"access_token":
"ZDZjNWFmNzgtN2IxMi00YTY1LTk2NTEtODIyZjg5YmRlZThm0iWAl1VJQBnLcBFYdzkwuyh9TGyf9QDx86DZUn6ho3Pbtr5VPxMihwXpO1AAfxas5XSNNdhFAf3bqATAh2BkuQ",
"expires_in": 7200,
"id_token":
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmYmVmOGUzYWQ4ZjVjOGY4MTcxYzYyNDM5ZDk5MjU0MDRiMDY1OWZkM2E4NGQ0MjRiNDcyMWE5ZjNlMWUxMmNmIiwibm9uY2UiOiIwUlBNTENUUGo1OWNvbGwyIiwiYXRfaGFzaCI6Ing2b2ZUYXlUQWZrRlB1QVB2emstNWciLCJzaWQiOiIxNmVlNzlkMi1kNDcxLTRlMzMtODk3OC04OTYwMjBjOGFiNjAiLCJpYXQiOjE0OTI3OTY3OTYsImV4cCI6MTQ5MjgwMzk5NiwiYXVkIjoiNjNjNzQzNTAtOWE0ZS00YWE4LTlhYjItNWM5YzcwOWJiYjY0IiwiaXNzIjoiaHR0cHM6Ly9ndWFyZGVkLWNsaWZmcy04NjM1Lmhlcm9rdWFwcC5jb20ifQ.ZhpdAoaUXWSHN3UtTXabdZcm5LsbgHt48uTPXXPs62R4d9wrKeEF_vAqrxlBZVJ49p_FlRbmm-ItCgVDh3MJE6l2L8wFswH-htEiATNVMUT8a4BzW5NyRz63Dj0REBvfDfLXi80A0_gcfbzBk4KXfRdGYV-_hwJNNztRvRm2KJPWvC6UNaFgnuu0OwvDzoEqboAa3zvWv9AgzoIjPB6yqYlwpcPQuABAzgjl2ERzYw1dtrkKOQEL4oGZ38Q9hZyzs9RjeGq1MYPuNSBzr3EyeI_v1rKaN9WRu_h4nH0YOpL5YUdkeYSB2G929gpXtx6jBYvMloozDv3FEiUELOQItA",
"token_type": "Bearer"}
_info['conv'].events.store(EV_RESPONSE, atr)
args = None
id_token_hint(oper, args)
assert oper.req_args["id_token_hint"] == atr['id_token']
def test_conditional_execution_false():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.profile = ['I', 'T', 'T', 'T']
conditional_execution(oper, {"return_type": ["CIT", "CI", "C", "CT"]})
assert oper.skip is True
