def test_get_or_post():
uri = u'https://localhost:8092/authorization'
method = 'GET'
values = {'acr_values': 'PASSWORD',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7',
'response_type': 'code', 'client_id': 'ok8tx7ulVlNV',
'scope': 'openid profile email address phone'}
request = AuthorizationRequest(**values)
path, body, ret_kwargs = util.get_or_post(uri, method, request)
assert url_compare(path,
u"https://localhost:8092/authorization?acr_values=PASSWORD&state=urn%3A"
"uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&"
"redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&"
"response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone")
assert not body
assert not ret_kwargs
method = 'POST'
uri = u'https://localhost:8092/token'
values = {
'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7',
'code': 'Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl/YLBBZDB9wefNExQlLDUIIDM2rT'
'2t+gwuoRoapEXJyY2wrvg9cWTW2vxsZU+SuWzZlMDXc=',
'grant_type': 'authorization_code'}
request = AccessTokenRequest(**values)
kwargs = {'scope': '',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'authn_method': 'client_secret_basic', 'key': [],
'headers': {
'Authorization': 'Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJk'
'YjU4ZjU5YWU3MmFlMGM5NDM4YTY1ZmU0N2IxMDA3OTM1'}
}
path, body, ret_kwargs = util.get_or_post(uri, method, request, **kwargs)
assert path == u'https://localhost:8092/token'
assert url_compare("http://test/#{}".format(body),
'http://test/#code=Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl%2FYLBBZDB9wefNExQlLDUIIDM2rT2t%2BgwuoR'
'oapEXJyY2wrvg9cWTW2vxsZU%2BSuWzZlMDXc%3D&grant_type=authorization_code&redirect_uri=https%3A%2'
'F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7')
assert ret_kwargs == {'scope': '',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'authn_method': 'client_secret_basic', 'key': [],
'headers': {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJkYjU4ZjU5YWU3MmFl'
'MGM5NDM4YTY1ZmU0N2IxMDA3OTM1'}}
method = 'UNSUPORTED'
with pytest.raises(UnSupported):
util.get_or_post(uri, method, request, **kwargs)
def test_get_or_post():
uri = u'https://localhost:8092/authorization'
method = 'GET'
values = {'acr_values': 'PASSWORD',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7',
'response_type': 'code', 'client_id': 'ok8tx7ulVlNV',
'scope': 'openid profile email address phone'}
request = AuthorizationRequest(**values)
path, body, ret_kwargs = util.get_or_post(uri, method, request)
assert url_compare(path,
u"https://localhost:8092/authorization?acr_values=PASSWORD&state=urn%3A"
"uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&"
"redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&"
"response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone")
assert not body
assert not ret_kwargs
method = 'POST'
uri = u'https://localhost:8092/token'
values = {
'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7',
'code': 'Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl/YLBBZDB9wefNExQlLDUIIDM2rT'
'2t+gwuoRoapEXJyY2wrvg9cWTW2vxsZU+SuWzZlMDXc=',
'grant_type': 'authorization_code'}
request = AccessTokenRequest(**values)
kwargs = {'scope': '',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'authn_method': 'client_secret_basic', 'key': [],
'headers': {
'Authorization': 'Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJk'
'YjU4ZjU5YWU3MmFlMGM5NDM4YTY1ZmU0N2IxMDA3OTM1'}
}
path, body, ret_kwargs = util.get_or_post(uri, method, request, **kwargs)
assert path == u'https://localhost:8092/token'
assert url_compare("http://test/#{}".format(body),
'http://test/#code=Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl%2FYLBBZDB9wefNExQlLDUIIDM2rT2t%2BgwuoR'
'oapEXJyY2wrvg9cWTW2vxsZU%2BSuWzZlMDXc%3D&grant_type=authorization_code&redirect_uri=https%3A%2'
'F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7')
assert ret_kwargs == {'scope': '',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'authn_method': 'client_secret_basic', 'key': [],
'headers': {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJkYjU4ZjU5YWU3MmFl'
'MGM5NDM4YTY1ZmU0N2IxMDA3OTM1'}}
method = 'UNSUPORTED'
with pytest.raises(UnSupported):
util.get_or_post(uri, method, request, **kwargs)
def test_get_or_post_with_qp():
uri = u"https://localhost:8092/authorization?test=testslice"
method = "GET"
values = {
"acr_values": "PASSWORD",
"state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a",
"redirect_uri":
"https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7",
"response_type": "code",
"client_id": "ok8tx7ulVlNV",
"scope": "openid profile email address phone",
}
request = AuthorizationRequest(**values)
path, body, ret_kwargs = util.get_or_post(uri, method, request)
assert url_compare(
path,
u"https://localhost:8092/authorization?test=testslice&acr_values=PASSWORD&state=urn%3A"
"uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&"
"redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&"
"response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone",
)
assert not body
assert not ret_kwargs
def test_get_or_post_with_qp():
uri = u'https://localhost:8092/authorization?test=testslice'
method = 'GET'
values = {
'acr_values': 'PASSWORD',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'redirect_uri':
'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7',
'response_type': 'code',
'client_id': 'ok8tx7ulVlNV',
'scope': 'openid profile email address phone'
}
request = AuthorizationRequest(**values)
path, body, ret_kwargs = util.get_or_post(uri, method, request)
assert url_compare(
path,
u"https://localhost:8092/authorization?test=testslice&acr_values=PASSWORD&state=urn%3A"
"uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&"
"redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&"
"response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone"
)
assert not body
assert not ret_kwargs
def get_userinfo_claims(self, access_token, endpoint, method="POST", schema_class=OpenIDSchema, **kwargs):
uir = UserInfoRequest(access_token=access_token)
h_args = dict([(k, v) for k, v in kwargs.items() if k in HTTP_ARGS])
if "authn_method" in kwargs:
http_args = self.init_authentication_method(**kwargs)
else:
# If nothing defined this is the default
http_args = self.init_authentication_method(uir, "bearer_header", **kwargs)
h_args.update(http_args)
path, body, kwargs = get_or_post(endpoint, method, uir, **kwargs)
try:
resp = self.http_request(path, method, data=body, **h_args)
except oauth2.MissingRequiredAttribute:
raise
if resp.status_code == 200:
assert "application/json" in resp.headers["content-type"]
elif resp.status_code == 500:
raise PyoidcError("ERROR: Something went wrong: %s" % resp.text)
else:
raise PyoidcError("ERROR: Something went wrong [%s]: %s" % (resp.status_code, resp.text))
res = schema_class().from_json(txt=resp.text)
self.store_response(res, resp.txt)
return res
def uri_and_body(self, reqmsg, cis, method="POST", request_args=None,
**kwargs):
if "endpoint" in kwargs and kwargs["endpoint"]:
uri = kwargs["endpoint"]
else:
uri = self._endpoint(self.request2endpoint[reqmsg.__name__],
**request_args)
uri, body, kwargs = get_or_post(uri, method, cis, **kwargs)
try:
h_args = {"headers": kwargs["headers"]}
except KeyError:
h_args = {}
return uri, body, h_args, cis
def uri_and_body(self, reqmsg, cis, method="POST", request_args=None,
**kwargs):
if "endpoint" in kwargs and kwargs["endpoint"]:
uri = kwargs["endpoint"]
else:
uri = self._endpoint(self.request2endpoint[reqmsg.__name__],
**request_args)
uri, body, kwargs = get_or_post(uri, method, cis, **kwargs)
try:
h_args = {"headers": kwargs["headers"]}
except KeyError:
h_args = {}
return uri, body, h_args, cis
def test_get_or_post_with_qp():
uri = u'https://localhost:8092/authorization?test=testslice'
method = 'GET'
values = {'acr_values': 'PASSWORD',
'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a',
'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7',
'response_type': 'code', 'client_id': 'ok8tx7ulVlNV',
'scope': 'openid profile email address phone'}
request = AuthorizationRequest(**values)
path, body, ret_kwargs = util.get_or_post(uri, method, request)
assert url_compare(path,
u"https://localhost:8092/authorization?test=testslice&acr_values=PASSWORD&state=urn%3A"
"uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&"
"redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&"
"response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone")
assert not body
assert not ret_kwargs
def test_get_or_post():
uri = u"https://localhost:8092/authorization"
method = "GET"
values = {
"acr_values": "PASSWORD",
"state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a",
"redirect_uri":
"https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7",
"response_type": "code",
"client_id": "ok8tx7ulVlNV",
"scope": "openid profile email address phone",
}
request = AuthorizationRequest(**values)
path, body, ret_kwargs = util.get_or_post(uri, method, request)
assert url_compare(
path,
u"https://localhost:8092/authorization?acr_values=PASSWORD&state=urn%3A"
"uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&"
"redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&"
"response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone",
)
assert not body
assert not ret_kwargs
method = "POST"
uri = u"https://localhost:8092/token"
values = {
"redirect_uri":
"https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7",
"code":
"Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl/YLBBZDB9wefNExQlLDUIIDM2rT"
"2t+gwuoRoapEXJyY2wrvg9cWTW2vxsZU+SuWzZlMDXc=",
"grant_type": "authorization_code",
}
request2 = AccessTokenRequest(**values)
kwargs = {
"scope": "",
"state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a",
"authn_method": "client_secret_basic",
"key": [],
"headers": {
"Authorization":
"Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJk"
"YjU4ZjU5YWU3MmFlMGM5NDM4YTY1ZmU0N2IxMDA3OTM1"
},
}
path, body, ret_kwargs = util.get_or_post(uri, method, request2, **kwargs)
assert path == u"https://localhost:8092/token"
assert url_compare(
"http://test/#{}".format(body),
"http://test/#code=Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl%2FYLBBZDB9wefNExQlLDUIIDM2rT2t%2BgwuoR"
"oapEXJyY2wrvg9cWTW2vxsZU%2BSuWzZlMDXc%3D&grant_type=authorization_code&redirect_uri=https%3A%2"
"F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7",
)
assert ret_kwargs == {
"scope": "",
"state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a",
"authn_method": "client_secret_basic",
"key": [],
"headers": {
"Content-Type":
"application/x-www-form-urlencoded",
"Authorization":
"Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJkYjU4ZjU5YWU3MmFl"
"MGM5NDM4YTY1ZmU0N2IxMDA3OTM1",
},
}
method = "UNSUPORTED"
with pytest.raises(UnSupported):
util.get_or_post(uri, method, request2, **kwargs)
def user_info_request(self, method="GET", state="", scope="", **kwargs):
uir = UserInfoRequest()
logger.debug("[user_info_request]: kwargs:%s" % (kwargs,))
if "token" in kwargs:
if kwargs["token"]:
uir["access_token"] = kwargs["token"]
token = Token()
token.token_type = "Bearer"
token.access_token = kwargs["token"]
kwargs["behavior"] = "use_authorization_header"
else:
# What to do ? Need a callback
token = None
elif "access_token" in kwargs and kwargs["access_token"]:
uir["access_token"] = kwargs["access_token"]
del kwargs["access_token"]
token = None
else:
token = self.grant[state].get_token(scope)
if token.is_valid():
uir["access_token"] = token.access_token
if token.token_type == "Bearer" and method == "GET":
kwargs["behavior"] = "use_authorization_header"
else:
# raise oauth2.OldAccessToken
if self.log:
self.log.info("do access token refresh")
try:
self.do_access_token_refresh(token=token)
token = self.grant[state].get_token(scope)
uir["access_token"] = token.access_token
except Exception:
raise
uri = self._endpoint("userinfo_endpoint", **kwargs)
# If access token is a bearer token it might be sent in the
# authorization header
# 3-ways of sending the access_token:
# - POST with token in authorization header
# - POST with token in message body
# - GET with token in authorization header
if "behavior" in kwargs:
_behav = kwargs["behavior"]
_token = uir["access_token"]
try:
_ttype = kwargs["token_type"]
except KeyError:
try:
_ttype = token.token_type
except AttributeError:
raise MissingParameter("Unspecified token type")
# use_authorization_header, token_in_message_body
if "use_authorization_header" in _behav and _ttype == "Bearer":
bh = "Bearer %s" % _token
if "headers" in kwargs:
kwargs["headers"].update({"Authorization": bh})
else:
kwargs["headers"] = {"Authorization": bh}
if "token_in_message_body" not in _behav:
# remove the token from the request
del uir["access_token"]
path, body, kwargs = get_or_post(uri, method, uir, **kwargs)
h_args = dict([(k, v) for k, v in kwargs.items() if k in HTTP_ARGS])
return path, body, method, h_args
