Ejemplo n.º 1
0
def test_implicit_grant(client, init_db):
    # simulate the authorization approval -
    with client:
        # use the session_transaction to enable modification of the session object:
        # cf., https://flask.palletsprojects.com/en/1.1.x/testing/#accessing-and-modifying-sessions
        with client.session_transaction() as sess:
            sess['username'] = TEST_USERNAME
        # once we leave the context, session updates applied via sess object are available -
        response = client.post('http://*****:*****@{TEST_TENANT_ID}'
Ejemplo n.º 2
0
def test_custom_claims_show_up_after_refresh(client):

    # First, get an access token
    payload = {
        "token_tenant_id": "admin",
        "account_type": "service",
        "token_username": "******",
        "generate_refresh_token": True,
        "claims": {
            "test_claim": "here it is!"
        },
        "target_site_id": "admin"
    }

    response = client.post("http://localhost:5000/v3/tokens",
                           data=json.dumps(payload),
                           content_type='application/json',
                           headers=get_basic_auth_header())

    # Check that the first access token has the custom claim
    assert response.status_code == 200
    access_token = response.json['result']['access_token']['access_token']
    access_token_data = auth.validate_token(access_token)

    assert access_token_data['test_claim'] == "here it is!"

    # Then refresh the token
    refresh_token = response.json['result']['refresh_token']['refresh_token']

    payload2 = {"refresh_token": refresh_token}

    response2 = client.put("http://localhost:5000/v3/tokens",
                           data=json.dumps(payload2),
                           content_type='application/json')

    # Check the new access token
    assert response2.status_code == 200
    access_token2 = response2.json['result']['access_token']['access_token']

    # Make sure the custom claim is still there
    access_token_data2 = auth.validate_token(access_token2)

    assert access_token_data2['test_claim'] == "here it is!"
Ejemplo n.º 3
0
def validate_access_token(response):
    """
    Validate the a response has an access token and it is properly formatted.
    """
    assert 'access_token' in response.json['result']['access_token']
    assert 'expires_at' in response.json['result']['access_token']
    assert 'expires_in' in response.json['result']['access_token']
    assert 'jti' in response.json['result']['access_token']
    claims = validate_token(response.json['result']['access_token']['access_token'])
    assert claims['tapis/tenant_id'] == TEST_TENANT_ID
    assert claims['tapis/username'] == TEST_USERNAME
    assert claims['sub'] == f'{TEST_USERNAME}@{TEST_TENANT_ID}'
    return claims
Ejemplo n.º 4
0
def validate_refresh_token(response):
    """
    Validate that a response has a refresh token and it is properly formatted.
    """
    assert 'refresh_token' in response.json['result']['refresh_token']
    assert 'expires_at' in response.json['result']['refresh_token']
    assert 'expires_in' in response.json['result']['refresh_token']
    assert 'jti' in response.json['result']['refresh_token']
    claims = validate_token(response.json['result']['refresh_token']['refresh_token'])
    assert claims['tapis/token_type'] == 'refresh'
    assert claims['tapis/tenant_id'] == TEST_TENANT_ID
    # the refresh token embeds the access token claims within:
    assert 'tapis/access_token' in claims
    print(claims['tapis/access_token'])
    assert claims['tapis/access_token']['sub'] == f'{TEST_USERNAME}@{TEST_TENANT_ID}'
    return claims
Ejemplo n.º 5
0
    def put(self):
        logger.debug("top of  PUT /tokens")
        validator = RequestValidator(utils.spec)
        validated = validator.validate(FlaskOpenAPIRequest(request))
        if validated.errors:
            raise errors.ResourceError(msg=f'Invalid PUT data: {validated.errors}.')
        refresh_token = validated.body.refresh_token
        logger.debug(f"type(refresh_token) = {type(refresh_token)}")
        try:
            refresh_token_data = auth.validate_token(refresh_token)
        except errors.AuthenticationError:
            raise errors.ResourceError(msg=f'Invalid PUT data: {request}.')

        # get the original access_token data from within the decoded refresh_token
        token_data = refresh_token_data['tapis/access_token']
        token_data.pop('tapis/token_type')
        token_data['exp'] = TapisAccessToken.compute_exp(token_data['ttl'])
        token_data['jti'] = str(uuid.uuid4())
        # create a dictionary of data that can be used to instantiate access and refresh tokens; the constructors
        # require variable names that do not include the Tapis prefix, so we need to remove that -
        new_token_data = { 'jti': token_data.pop('jti'),
                           'iss': token_data.pop('iss'),
                           'sub': token_data.pop('sub'),
                           'tenant_id': token_data.pop('tapis/tenant_id'),
                           'username': token_data.pop('tapis/username'),
                           'account_type': token_data.pop('tapis/account_type'),
                           'ttl': token_data.pop('ttl'),
                           'exp': token_data.pop('exp'),
                           'delegation': token_data.pop('tapis/delegation'),
                           'delegation_sub': token_data.pop('tapis/delegation_sub', None),
                           'extra_claims': token_data
                           }
        access_token = TapisAccessToken(**new_token_data)
        access_token.sign_token()

        # add the original refresh token's initial_ttl claim as the ttl for the new refresh token
        new_token_data['refresh_token_ttl'] = refresh_token_data['tapis/initial_ttl']
        refresh_token = TokensResource.get_refresh_from_access_token_data(new_token_data, access_token)
        result = {'access_token': access_token.serialize,
                  'refresh_token': refresh_token.serialize
                  }
        return utils.ok(result=result, msg="Token generation successful.")
Ejemplo n.º 6
0
def test_custom_claims_show_up_in_access_token(client):
    payload = {
        "token_tenant_id": "admin",
        "account_type": "service",
        "token_username": "******",
        "generate_refresh_token": True,
        "claims": {
            "test_claim": "here it is!"
        },
        "target_site_id": "admin"
    }

    response = client.post("http://localhost:5000/v3/tokens",
                           data=json.dumps(payload),
                           content_type='application/json',
                           headers=get_basic_auth_header())
    print(f"response.data: {response.data}")

    assert response.status_code == 200
    access_token = response.json['result']['access_token']['access_token']
    access_token_data = auth.validate_token(access_token)

    assert access_token_data['test_claim'] == "here it is!"