def introspection_endpoint_(self, request="", requestor="", **kwargs):
"""
The endpoint URI at which the resource server introspects an RPT
presented to it by a client.
"""
logger.debug("requestor: %s, request: %s" % (requestor, request))
ir = IntrospectionRequest().from_json(request)
try:
_info = self.session.get(ir["token"])
irep = IntrospectionResponse(
valid=True,
expires_at=_info["expires_at"],
)
try:
#requestor = self.rpt[ir["token"]]["requestor"]
perms = self.permit.get_accepted(requestor, ir["token"])
except KeyError:
pass
else:
if perms:
irep["permissions"] = perms
else:
logger.info("No permissions bound to this RPT")
logger.debug("response: %s" % irep.to_json())
response = Response(irep.to_json(), content="application/json")
except ToOld:
logger.info("RPT expired")
irep = IntrospectionResponse(valid=False)
response = Response(irep.to_json(), content="application/json")
except KeyError:
response = BadRequest()
return response
def introspection_endpoint_(self, entity, **kwargs):
"""
The endpoint URI at which the resource server introspects an RPT
presented to it by a client.
"""
request = kwargs["request"]
logger.debug("requestor: %s, request: %s" % (entity, request))
ir = IntrospectionRequest().from_json(request)
owner = safe_name(entity, kwargs["client_id"])
try:
try:
# requestor = self.rpt[ir["token"]]["requestor"]
perms = self.permit.get_accepted(owner, ir["token"])
except KeyError:
response = BadRequest()
else:
if perms:
irep = IntrospectionResponse(active=True, exp=perms[0]["exp"], permissions=perms)
logger.debug("response: %s" % irep.to_json())
response = Response(irep.to_json(), content="application/json")
else:
logger.info("No permissions bound to this RPT")
response = BadRequest()
except ToOld:
logger.info("RPT expired")
irep = IntrospectionResponse(valid=False)
response = Response(irep.to_json(), content="application/json")
except KeyError:
response = BadRequest()
return response
def test_alice_client_read(tmpdir):
root_dir = os.path.join(tmpdir.strpath, "resource/")
jrs = JsonResourceServer(root_dir, "info/", "https://example.com")
create_alice_resource(jrs)
body = json.dumps({"bar": "soap"})
environ = {
"REQUEST_METHOD": "GET",
"REMOTE_USER": "******",
'wsgi.input': StringIO(body),
"CONTENT_LENGTH": len(body)
}
ad = AuthzDescription(resource_set_id=0,
scopes=DEF_SCOPES,
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert not isinstance(resp, ErrorResponse)
assert isinstance(resp, Response)
def test_roger_patch(tmpdir):
root_dir = os.path.join(tmpdir.strpath, "resource/")
jrs = JsonResourceServer(root_dir, "info/", "https://example.com")
create_alice_resource(jrs)
body = json.dumps({"bar": "soap"})
environ = {
"REQUEST_METHOD": "PATCH",
"REMOTE_USER": "******",
'wsgi.input': StringIO(body),
"CONTENT_LENGTH": len(body)
}
ad = AuthzDescription(resource_set_id=0,
scopes=[
"http://dirg.org.umu.se/uma/scopes/read",
"http://dirg.org.umu.se/uma/scopes/patch"
],
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert not isinstance(resp, ErrorResponse)
assert resp.message == '{"_id": "1"}'
def introspection_endpoint_(self, user, **kwargs):
"""
The endpoint URI at which the resource server introspects an RPT
presented to it by a client.
"""
request = kwargs["request"]
logger.debug("requestor: %s, request: %s" % (user, request))
ir = IntrospectionRequest().from_json(request)
adb = self.get_adb(kwargs["client_id"])
try:
try:
# requestor = self.rpt[ir["token"]]["requestor"]
perms = adb.permit.get_accepted_by_rpt(user, ir["token"])
except KeyError:
response = BadRequest()
else:
if perms:
irep = IntrospectionResponse(active=True,
exp=perms[0]["exp"],
permissions=perms)
logger.debug("response: %s" % irep.to_json())
response = Response(irep.to_json(),
content="application/json")
else:
logger.info("No permissions bound to this RPT")
response = BadRequest()
except ToOld:
logger.info("RPT expired")
irep = IntrospectionResponse(valid=False)
response = Response(irep.to_json(), content="application/json")
except KeyError:
response = BadRequest()
return response
def test_introspection_response():
msg = """{
"valid": true,
"expires_at": 1256953732,
"issued_at": 1256912345,
"permissions": [
{
"resource_set_id": "112210f47de98100",
"scopes": [
"http://photoz.example.com/dev/actions/view",
"http://photoz.example.com/dev/actions/all"
],
"expires_at" : 1256923456
}
]
}"""
ir = IntrospectionResponse().from_json(msg)
print(ir)
assert ir["valid"] is True
assert ir["expires_at"] == 1256953732
perm = ir["permissions"]
assert len(perm) == 1
assert perm[0]["resource_set_id"] == "112210f47de98100"
resp = ir.to_json()
print(resp)
assert resp
ir2 = IntrospectionResponse(**ir.to_dict())
assert ir2["valid"] is True
assert ir2["expires_at"] == 1256953732
perm = ir2["permissions"]
assert len(perm) == 1
assert perm[0]["resource_set_id"] == "112210f47de98100"
def test_introspection_response():
msg = """{
"valid": true,
"expires_at": 1256953732,
"issued_at": 1256912345,
"permissions": [
{
"resource_set_id": "112210f47de98100",
"scopes": [
"http://photoz.example.com/dev/actions/view",
"http://photoz.example.com/dev/actions/all"
],
"expires_at" : 1256923456
}
]
}"""
ir = IntrospectionResponse().from_json(msg)
print(ir)
assert ir["valid"] is True
assert ir["expires_at"] == 1256953732
perm = ir["permissions"]
assert len(perm) == 1
assert perm[0]["resource_set_id"] == "112210f47de98100"
resp = ir.to_json()
print(resp)
assert resp
ir2 = IntrospectionResponse(**ir.to_dict())
assert ir2["valid"] is True
assert ir2["expires_at"] == 1256953732
perm = ir2["permissions"]
assert len(perm) == 1
assert perm[0]["resource_set_id"] == "112210f47de98100"
def introspect(_client, rsrv, asrv):
_crpt = _client.token[USER]["RPT"]
_pat = rsrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_client_x = rsrv.client[rsrv.permreg.get(RESOURCE_OWNER, "authzsrv")]
ireq = IntrospectionRequest(token=_crpt)
req_args = {"access_token": _pat}
http_args = _client_x.client_authn_method["bearer_header"](rsrv).construct(
ireq, request_args=req_args)
_iresp = asrv.introspection_endpoint(ireq.to_json(),
http_args["headers"]["Authorization"])
return IntrospectionResponse().from_json(_iresp.message)
def test_roger_read(tmpdir):
root_dir = os.path.join(tmpdir.strpath, "resource/")
jrs = JsonResourceServer(root_dir, "info/", "https://example.com")
create_alice_resource(jrs)
environ = {"REQUEST_METHOD": "GET", "REMOTE_USER": "******"}
ad = AuthzDescription(resource_set_id=0,
scopes=["http://dirg.org.umu.se/uma/scopes/read"],
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert not isinstance(resp, ErrorResponse)
assert resp.message in [
'{"foo": "bar", "_id": 1}', '{"_id": 1, "foo": "bar"}'
]
def test_roger_create():
jrs = JsonResourceServer("resource/", "info/", "https://example.com")
body = json.dumps({"bar": "soap"})
environ = {
"REQUEST_METHOD": "POST",
"REMOTE_USER": "******",
'wsgi.input': StringIO(body),
"CONTENT_LENGTH": len(body)
}
ad = AuthzDescription(resource_set_id=0,
scopes=["http://dirg.org.umu.se/uma/scopes/read"],
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert isinstance(resp, ErrorResponse)
ticket=ticket,
claim_tokens=[ClaimToken(format="json", token=rqp_claims)])
resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json())
rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR] = {}
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# Introspection of the RPT
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method["bearer_header"](ressrv).construct(
ir, request_args=request_args)
resp = authzsrv.introspection_endpoint(ir.to_json(),
ht_args["headers"]["Authorization"])
iresp = IntrospectionResponse().from_json(resp.message)
assert iresp["active"] is True
assert "permissions" in iresp
res = ressrv.collect_info(iresp, ressrv.rs_handler.op2scope['GET'])
print(res)
