Ejemplo n.º 1
0
 def test_get_assertion_info(self):
     assertion = """
     eyJjZXJ0aWZpY2F0ZXMiOlsiZXlKaGJHY2lPaUpTVXpFeU9DSjkuZXlKcGMzTWlPaUppY
     205M2MyVnlhV1F1YjNKbklpd2laWGh3SWpveE16SXhPVFF4T1Rnek1EVXdMQ0p3ZFdKc2
     FXTXRhMlY1SWpwN0ltRnNaMjl5YVhSb2JTSTZJbEpUSWl3aWJpSTZJamd4TmpreE5UQTB
     OVGswTkRVek5EVTFPREF4TlRreU5Ea3hNemsyTkRFNE56RTJNVFUwTkRNNE5EWXdPREl6
     TXpBMU1USXlPRGN3TURRNE56TTFNREk1TURrek16a3lNRFkzTURFMU1qQTBORGd6TWpVM
     U56WXdOREE1TnpFeU9EYzNNVGswT1RVek1UQXdNVFEyTkRVek56TTJOakU0TlRVek5EY3
     hNakkxT0RreU16TTFPRFV4TWpZNU1EQXdOREF5TVRrMk9ERTBNRGtpTENKbElqb2lOalU
     xTXpjaWZTd2ljSEpwYm1OcGNHRnNJanA3SW1WdFlXbHNJam9pY25saGJrQnlabXN1YVdR
     dVlYVWlmWDAua19oaEtYMFRCVnUyX2szbV9uRDVOVWJfTktwX19PLTY1MW1CRUl3S1NZZ
     GlOenQwQm9WRkNEVEVueEhQTWJCVjJaejk0WDgtLVRjVXJidEV0MWV1S1dWdjMtNTFUOU
     xBZnV6SEhfekNCUXJVbmxkMVpXSmpBM185ZEhQeTMwZzRMSU9YZTJWWmd0T1Nva3MyZFE
     4ZDNvazlSUTJQME5ERzB1MDBnN3lGejE4Il0sImFzc2VydGlvbiI6ImV5SmhiR2NpT2lK
     U1V6WTBJbjAuZXlKbGVIQWlPakV6TWpFNU1qazBOelU0TWprc0ltRjFaQ0k2SW1oMGRIQ
     TZMeTl0ZVdaaGRtOXlhWFJsWW1WbGNpNXZjbWNpZlEuQWhnS2Q0eXM0S3FnSGJYcUNSS3
     hHdlluVmFJOUwtb2hYSHk0SVBVWDltXzI0TWdfYlU2aGRIMTNTNnFnQy1vSHBpS3BfTGl
     6cDRGRjlUclBjNjBTRXcifQ
     """.replace(" ", "").replace("\n", "").strip()
     data = get_assertion_info(assertion)
     self.assertEquals(data["principal"]["email"], "*****@*****.**")
     self.assertEquals(data["audience"], "http://myfavoritebeer.org")
     self.assertRaises(ValueError, get_assertion_info, "JUNK")
     self.assertRaises(ValueError, get_assertion_info, "X")
     self.assertRaises(ValueError, get_assertion_info, "\x00\x01\x02")
     bad_assertion = encode_json_bytes({"fake": "assertion"})
     self.assertRaises(ValueError, get_assertion_info, bad_assertion)
Ejemplo n.º 2
0
 def test_get_assertion_info(self):
     assertion = """
     eyJjZXJ0aWZpY2F0ZXMiOlsiZXlKaGJHY2lPaUpTVXpFeU9DSjkuZXlKcGMzTWlPaUppY
     205M2MyVnlhV1F1YjNKbklpd2laWGh3SWpveE16SXhPVFF4T1Rnek1EVXdMQ0p3ZFdKc2
     FXTXRhMlY1SWpwN0ltRnNaMjl5YVhSb2JTSTZJbEpUSWl3aWJpSTZJamd4TmpreE5UQTB
     OVGswTkRVek5EVTFPREF4TlRreU5Ea3hNemsyTkRFNE56RTJNVFUwTkRNNE5EWXdPREl6
     TXpBMU1USXlPRGN3TURRNE56TTFNREk1TURrek16a3lNRFkzTURFMU1qQTBORGd6TWpVM
     U56WXdOREE1TnpFeU9EYzNNVGswT1RVek1UQXdNVFEyTkRVek56TTJOakU0TlRVek5EY3
     hNakkxT0RreU16TTFPRFV4TWpZNU1EQXdOREF5TVRrMk9ERTBNRGtpTENKbElqb2lOalU
     xTXpjaWZTd2ljSEpwYm1OcGNHRnNJanA3SW1WdFlXbHNJam9pY25saGJrQnlabXN1YVdR
     dVlYVWlmWDAua19oaEtYMFRCVnUyX2szbV9uRDVOVWJfTktwX19PLTY1MW1CRUl3S1NZZ
     GlOenQwQm9WRkNEVEVueEhQTWJCVjJaejk0WDgtLVRjVXJidEV0MWV1S1dWdjMtNTFUOU
     xBZnV6SEhfekNCUXJVbmxkMVpXSmpBM185ZEhQeTMwZzRMSU9YZTJWWmd0T1Nva3MyZFE
     4ZDNvazlSUTJQME5ERzB1MDBnN3lGejE4Il0sImFzc2VydGlvbiI6ImV5SmhiR2NpT2lK
     U1V6WTBJbjAuZXlKbGVIQWlPakV6TWpFNU1qazBOelU0TWprc0ltRjFaQ0k2SW1oMGRIQ
     TZMeTl0ZVdaaGRtOXlhWFJsWW1WbGNpNXZjbWNpZlEuQWhnS2Q0eXM0S3FnSGJYcUNSS3
     hHdlluVmFJOUwtb2hYSHk0SVBVWDltXzI0TWdfYlU2aGRIMTNTNnFnQy1vSHBpS3BfTGl
     6cDRGRjlUclBjNjBTRXcifQ
     """.replace(" ", "").replace("\n", "").strip()
     data = get_assertion_info(assertion)
     self.assertEquals(data["principal"]["email"], "*****@*****.**")
     self.assertEquals(data["audience"], "http://myfavoritebeer.org")
     self.assertRaises(ValueError, get_assertion_info, "JUNK")
     self.assertRaises(ValueError, get_assertion_info, "X")
     self.assertRaises(ValueError, get_assertion_info, "\x00\x01\x02")
     bad_assertion = encode_json_bytes({"fake": "assertion"})
     self.assertRaises(ValueError, get_assertion_info, bad_assertion)
Ejemplo n.º 3
0
    def _process_vep_assertion(self, request):
        """Exhange a VEP assertion for some session credentials.

        This  method extracts a submitted VEP assertion, validates it and
        establishes a new session token and secret.  These are returned
        to the user so that they can sign subsequent requests as belonging
        to this session.
        """
        # Make sure they're using a GET request.
        if request.method != "GET":
            resp = Response()
            resp.status = 405
            resp.content_type = "text/plain"
            resp.body = "token requests must get GET"
            request.environ["repoze.who.application"] = resp
            return None
        # Make sure they're sending an Authorization header.
        if not request.authorization:
            msg = "you must provide an authorization header"
            return self._respond_unauthorized(request, msg)
        # Grab the assertion from the Authorization header.
        scheme, assertion = request.authorization
        if scheme.lower() != "browser-id":
            msg = "The auth scheme \"%s\" is not supported" % (scheme, )
            return self._respond_bad_request(request, msg.encode("utf8"))
        # Extract the audience, so we can check against wildcards.
        try:
            audience = get_assertion_info(assertion)["audience"]
        except (ValueError, KeyError):
            return self._respond_bad_request(request, "invalid assertion")
        if not self._check_audience(request, audience):
            msg = "The audience \"%s\" is not acceptable" % (audience, )
            return self._respond_bad_request(request, msg.encode("utf8"))
        # Verify the assertion and find out who they are.
        try:
            data = self.verifier.verify(assertion)
        except Exception, e:
            msg = "Invalid BrowserID assertion: " + str(e)
            return self._respond_bad_request(request, msg)
    def _process_vep_assertion(self, request):
        """Exhange a VEP assertion for some session credentials.

        This  method extracts a submitted VEP assertion, validates it and
        establishes a new session token and secret.  These are returned
        to the user so that they can sign subsequent requests as belonging
        to this session.
        """
        # Make sure they're using a GET request.
        if request.method != "GET":
            resp = Response()
            resp.status = 405
            resp.content_type = "text/plain"
            resp.body = "token requests must get GET"
            request.environ["repoze.who.application"] = resp
            return None
        # Make sure they're sending an Authorization header.
        if not request.authorization:
            msg = "you must provide an authorization header"
            return self._respond_unauthorized(request, msg)
        # Grab the assertion from the Authorization header.
        scheme, assertion = request.authorization
        if scheme.lower() != "browser-id":
            msg = "The auth scheme \"%s\" is not supported" % (scheme,)
            return self._respond_bad_request(request, msg.encode("utf8"))
        # Extract the audience, so we can check against wildcards.
        try:
            audience = get_assertion_info(assertion)["audience"]
        except (ValueError, KeyError):
            return self._respond_bad_request(request, "invalid assertion")
        if not self._check_audience(request, audience):
            msg = "The audience \"%s\" is not acceptable" % (audience,)
            return self._respond_bad_request(request, msg.encode("utf8"))
        # Verify the assertion and find out who they are.
        try:
            data = self.verifier.verify(assertion)
        except Exception, e:
            msg = "Invalid BrowserID assertion: " + str(e)
            return self._respond_bad_request(request, msg)