def _authn_response(self, context):
"""
Handles the authentication response from the AS.
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The context in SATOSA
:return: A SATOSA response. This method is only responsible to call the callback function
which generates the Response object.
"""
state_data = context.state[self.name]
aresp = self.consumer.parse_response(AuthorizationResponse,
info=json.dumps(context.request))
self._verify_state(aresp, state_data, context.state)
rargs = {
"code": aresp["code"],
"redirect_uri": self.redirect_url,
"state": state_data["state"]
}
atresp = self.consumer.do_access_token_request(request_args=rargs,
state=aresp["state"])
if "verify_accesstoken_state" not in self.config or self.config[
"verify_accesstoken_state"]:
self._verify_state(atresp, state_data, context.state)
user_info = self.user_information(atresp["access_token"])
internal_response = InternalData(
auth_info=self.auth_info(context.request))
internal_response.attributes = self.converter.to_internal(
self.external_type, user_info)
internal_response.subject_id = user_info[self.user_id_attr]
del context.state[self.name]
return self.auth_callback_func(context, internal_response)
def _authn_response(self, context):
state_data = context.state[self.name]
aresp = self.consumer.parse_response(
AuthorizationResponse, info=json.dumps(context.request))
self._verify_state(aresp, state_data, context.state)
url = self.config['server_info']['token_endpoint']
data = dict(
grant_type='authorization_code',
code=aresp['code'],
redirect_uri=self.redirect_url,
client_id=self.config['client_config']['client_id'],
client_secret=self.config['client_secret'], )
r = requests.post(url, data=data)
response = r.json()
if self.config.get('verify_accesstoken_state', True):
self._verify_state(response, state_data, context.state)
user_info = self.user_information(response["access_token"])
auth_info = self.auth_info(context.request)
internal_response = InternalData(auth_info=auth_info)
internal_response.attributes = self.converter.to_internal(
self.external_type, user_info)
internal_response.subject_id = user_info[self.user_id_attr]
del context.state[self.name]
return self.auth_callback_func(context, internal_response)
def handle_response(self, context):
auth_info = AuthenticationInformation("test", str(datetime.now()),
"test_issuer")
internal_resp = InternalData(auth_info=auth_info)
internal_resp.attributes = context.request
internal_resp.subject_id = "test_user"
return self.auth_callback_func(context, internal_resp)
def _authn_response(self, context):
state_data = context.state[self.name]
aresp = self.consumer.parse_response(AuthorizationResponse,
info=json.dumps(context.request))
self._verify_state(aresp, state_data, context.state)
url = self.config['server_info']['token_endpoint']
data = dict(
grant_type='authorization_code',
code=aresp['code'],
redirect_uri=self.redirect_url,
client_id=self.config['client_config']['client_id'],
client_secret=self.config['client_secret'],
)
r = requests.post(url, data=data)
response = r.json()
if self.config.get('verify_accesstoken_state', True):
self._verify_state(response, state_data, context.state)
user_info = self.user_information(response["access_token"])
auth_info = self.auth_info(context.request)
internal_response = InternalData(auth_info=auth_info)
internal_response.attributes = self.converter.to_internal(
self.external_type, user_info)
internal_response.subject_id = user_info[self.user_id_attr]
del context.state[self.name]
return self.auth_callback_func(context, internal_response)
def setup_for_authn_response(self, context, frontend, auth_req):
context.state[frontend.name] = {"oidc_request": auth_req.to_urlencoded()}
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", "unittest_idp.xml")
internal_response = InternalData(auth_info=auth_info)
internal_response.attributes = AttributeMapper(INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
internal_response.subject_id = USERS["testuser1"]["eduPersonTargetedID"][0]
return internal_response
def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id"
base = SATOSABase(satosa_config)
internal_resp = InternalData(auth_info=AuthenticationInformation("", "", ""))
internal_resp.subject_id = "user1234"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
assert internal_resp.attributes["user_id"] == [internal_resp.subject_id]
def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
base = SATOSABase(satosa_config)
attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]}
internal_resp = InternalData(auth_info=AuthenticationInformation("", "", ""))
internal_resp.attributes = copy.copy(attributes)
internal_resp.subject_id = "test_user"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
assert internal_resp.attributes[attr] == [
util.hash_data(satosa_config.get("USER_ID_HASH_SALT", ""), v)
for v in attributes[attr]
]
def _translate_response(self, response, issuer):
"""
Translates oidc response to SATOSA internal response.
:type response: dict[str, str]
:type issuer: str
:type subject_type: str
:rtype: InternalData
:param response: Dictioary with attribute name as key.
:param issuer: The oidc op that gave the repsonse.
:param subject_type: public or pairwise according to oidc standard.
:return: A SATOSA internal response.
"""
auth_info = AuthenticationInformation(UNSPECIFIED, str(datetime.now()), issuer)
internal_resp = InternalData(auth_info=auth_info)
internal_resp.attributes = self.converter.to_internal("openid", response)
internal_resp.subject_id = response["sub"]
return internal_resp
def _authn_response(self, context):
aresp = self.consumer.parse_response(
AuthorizationResponse, info=json.dumps(context.request))
url = self.config['server_info']['token_endpoint']
data = dict(
grant_type='authorization_code',
code=aresp['code'],
redirect_uri=self.redirect_url,
client_id=self.config['client_config']['client_id'],
client_secret=self.config['client_secret'], )
headers = {'Accept': 'application/json'}
r = requests.post(url, data=data, headers=headers)
response = r.json()
token = response['access_token']
orcid, name = response['orcid'], response['name']
user_info = self.user_information(token, orcid, name)
auth_info = self.auth_info(context.request)
internal_response = InternalData(auth_info=auth_info)
internal_response.attributes = self.converter.to_internal(
self.external_type, user_info)
internal_response.subject_id = orcid
return self.auth_callback_func(context, internal_response)
def _authn_response(self, context):
state_data = context.state[self.name]
aresp = self.consumer.parse_response(AuthorizationResponse,
info=json.dumps(context.request))
self._verify_state(aresp, state_data, context.state)
rargs = {
"code": aresp["code"],
"redirect_uri": self.redirect_url,
"state": state_data["state"]
}
atresp = self.consumer.do_access_token_request(request_args=rargs,
state=aresp['state'])
user_info = self.user_information(atresp['access_token'],
atresp['orcid'], atresp['name'])
internal_response = InternalData(
auth_info=self.auth_info(context.request))
internal_response.attributes = self.converter.to_internal(
self.external_type, user_info)
internal_response.subject_id = user_info[self.user_id_attr]
del context.state[self.name]
return self.auth_callback_func(context, internal_response)
def _authn_response(self, context):
aresp = self.consumer.parse_response(AuthorizationResponse,
info=json.dumps(context.request))
url = self.config['server_info']['token_endpoint']
data = dict(
grant_type='authorization_code',
code=aresp['code'],
redirect_uri=self.redirect_url,
client_id=self.config['client_config']['client_id'],
client_secret=self.config['client_secret'],
)
headers = {'Accept': 'application/json'}
r = requests.post(url, data=data, headers=headers)
response = r.json()
token = response['access_token']
orcid, name = response['orcid'], response['name']
user_info = self.user_information(token, orcid, name)
auth_info = self.auth_info(context.request)
internal_response = InternalData(auth_info=auth_info)
internal_response.attributes = self.converter.to_internal(
self.external_type, user_info)
internal_response.subject_id = orcid
return self.auth_callback_func(context, internal_response)
def internal_response(self):
auth_info = AuthenticationInformation("auth_class_ref", "timestamp",
"issuer")
internal_response = InternalData(auth_info=auth_info)
internal_response.subject_id = "user1"
return internal_response
def internal_response(self):
auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer")
internal_response = InternalData(auth_info=auth_info)
internal_response.subject_id = "user1"
return internal_response
