def test_invalid_jose_400(self):
data = create_token({"v": "0.0.1", "attributes": ["driving_license"]})
data["aud"] = "INVALID"
response = self.harn_post("/aa/v1/attributes/driving_license/%s",
"MRORSS77T05E472I", data)
self.assert400(response,
"Response body is : " + response.data.decode("utf-8"))
def get_attribute_simple(attribute="driving_license"):
taxCode = "".join(session["samlUserdata"]["fiscalNumber"])
AA_URL = pjoin("https://aa/aa/v1/attributes/", attribute, taxCode)
gethostbyname("aa")
token = create_token({"v": "0.0.1", "attributes": [attribute]})
token["iss"] = app.config["entityId"]
token["aud"] = "https://%s/aa/v1/metadata" % gethostbyname("aa")
token = sign_request(token, app_config=app.config, alg="RS256")
ret = post(
AA_URL,
data=token,
verify=False,
headers={"content-type": "application/jose"},
)
if ret.status_code != 200:
app.logger.error(ret.content)
aa_problem = problem(
instance=AA_URL,
status=ret.status_code,
title="errore della AA",
detail=ret.content,
)
return aa_problem
try:
attributes = validate_request(ret.content.decode("utf8"),
alg="ES256",
app_config=app.config)
except jwt.exceptions.InvalidTokenError as e:
return invalid_token_handler(e)
except Exception as e:
raise ValueError(e, request.data)
return attributes
def test_parse_and_validate_response_jose(self):
token = create_token({"v": "0.0.1", "attributes": ["driving_license"]})
token["aud"] = self.dummy_config["entityId"]
response = self.harn_post("/aa/v1/attributes/driving_license/%s",
"MRORSS77T05E472I", token)
self.assert200(response,
"Response body is : " + response.data.decode("utf-8"))
try:
validate_token(response.data.decode("utf-8"))
except Exception as e:
raise ValueError(e, response.data)
def test_missing_consent(self):
token = create_token({
"v": "0.0.1",
"attributes": ["invalido_di_guerra"]
})
token["aud"] = self.dummy_config["entityId"]
response = self.harn_post(
"/aa/v1/consent-attributes/invalido_di_guerra/%s",
"MRORSS77T05E472I",
token,
)
self.assert403(response,
"Response body is : " + response.data.decode("utf-8"))
def test_post_consent(self):
token = create_token({
"v": "0.0.1",
"attributes": ["invalido_di_guerra"]
})
token["aud"] = self.dummy_config["entityId"]
response = self.harn_post(
"/aa/v1/consents/%s?callback_url=https://foo",
"XKFLNX28D67Q295Q",
token,
)
self.assert200(response,
"Response body is : " + response.data.decode("utf-8"))
assert "detail" in response.json
def test_with_consent(self):
token = create_token({
"v": "0.0.1",
"attributes": ["invalido_di_guerra"]
})
token["aud"] = self.dummy_config["entityId"]
# set consent.
response = self.harn_post(
"/aa/v1/consents/%s?callback_url=foo&consent=bar",
"MRORSS77T05E472I",
token,
)
self.assert200(response,
"Response body is : " + response.data.decode("utf-8"))
#
response = self.harn_post(
"/aa/v1/consent-attributes/invalido_di_guerra/%s",
"MRORSS77T05E472I",
token,
)
self.assert200(response,
"Response body is : " + response.data.decode("utf-8"))
def test_get_consent_accept(self):
token = create_token({
"v": "0.0.1",
"attributes": ["invalido_di_guerra"]
})
token["aud"] = self.dummy_config["entityId"]
signed = sign_token(
token,
key=self.private_key,
headers={
"typ": "JWT",
"alg": "ES256",
"x5c": [pem_to_x5c(self.public_cert)],
},
)
response = self.client.open(
"/aa/v1/consents/%s?callback_url=foo&consent={signed}&accept=yes".
format(signed=signed))
self.assert200(response,
"Response body is : " + response.data.decode("utf-8"))
assert response.json["token"]["attributes"]