def test_get_or_post(): uri = u'https://localhost:8092/authorization' method = 'GET' values = {'acr_values': 'PASSWORD', 'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a', 'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7', 'response_type': 'code', 'client_id': 'ok8tx7ulVlNV', 'scope': 'openid profile email address phone'} request = AuthorizationRequest(**values) path, body, ret_kwargs = util.get_or_post(uri, method, request) assert url_compare(path, u"https://localhost:8092/authorization?acr_values=PASSWORD&state=urn%3A" "uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&" "redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&" "response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone") assert not body assert not ret_kwargs method = 'POST' uri = u'https://localhost:8092/token' values = { 'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7', 'code': 'Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl/YLBBZDB9wefNExQlLDUIIDM2rT' '2t+gwuoRoapEXJyY2wrvg9cWTW2vxsZU+SuWzZlMDXc=', 'grant_type': 'authorization_code'} request = AccessTokenRequest(**values) kwargs = {'scope': '', 'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a', 'authn_method': 'client_secret_basic', 'key': [], 'headers': { 'Authorization': 'Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJk' 'YjU4ZjU5YWU3MmFlMGM5NDM4YTY1ZmU0N2IxMDA3OTM1'} } path, body, ret_kwargs = util.get_or_post(uri, method, request, **kwargs) assert path == u'https://localhost:8092/token' assert url_compare("http://test/#{}".format(body), 'http://test/#code=Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl%2FYLBBZDB9wefNExQlLDUIIDM2rT2t%2BgwuoR' 'oapEXJyY2wrvg9cWTW2vxsZU%2BSuWzZlMDXc%3D&grant_type=authorization_code&redirect_uri=https%3A%2' 'F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7') assert ret_kwargs == {'scope': '', 'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a', 'authn_method': 'client_secret_basic', 'key': [], 'headers': { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJkYjU4ZjU5YWU3MmFl' 'MGM5NDM4YTY1ZmU0N2IxMDA3OTM1'}} method = 'UNSUPORTED' with pytest.raises(UnSupported): util.get_or_post(uri, method, request, **kwargs)
def test_get_or_post_with_qp(): uri = u"https://localhost:8092/authorization?test=testslice" method = "GET" values = { "acr_values": "PASSWORD", "state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a", "redirect_uri": "https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7", "response_type": "code", "client_id": "ok8tx7ulVlNV", "scope": "openid profile email address phone", } request = AuthorizationRequest(**values) path, body, ret_kwargs = util.get_or_post(uri, method, request) assert url_compare( path, u"https://localhost:8092/authorization?test=testslice&acr_values=PASSWORD&state=urn%3A" "uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&" "redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&" "response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone", ) assert not body assert not ret_kwargs
def test_get_or_post_with_qp(): uri = u'https://localhost:8092/authorization?test=testslice' method = 'GET' values = { 'acr_values': 'PASSWORD', 'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a', 'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7', 'response_type': 'code', 'client_id': 'ok8tx7ulVlNV', 'scope': 'openid profile email address phone' } request = AuthorizationRequest(**values) path, body, ret_kwargs = util.get_or_post(uri, method, request) assert url_compare( path, u"https://localhost:8092/authorization?test=testslice&acr_values=PASSWORD&state=urn%3A" "uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&" "redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&" "response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone" ) assert not body assert not ret_kwargs
def get_userinfo_claims(self, access_token, endpoint, method="POST", schema_class=OpenIDSchema, **kwargs): uir = UserInfoRequest(access_token=access_token) h_args = dict([(k, v) for k, v in kwargs.items() if k in HTTP_ARGS]) if "authn_method" in kwargs: http_args = self.init_authentication_method(**kwargs) else: # If nothing defined this is the default http_args = self.init_authentication_method(uir, "bearer_header", **kwargs) h_args.update(http_args) path, body, kwargs = get_or_post(endpoint, method, uir, **kwargs) try: resp = self.http_request(path, method, data=body, **h_args) except oauth2.MissingRequiredAttribute: raise if resp.status_code == 200: assert "application/json" in resp.headers["content-type"] elif resp.status_code == 500: raise PyoidcError("ERROR: Something went wrong: %s" % resp.text) else: raise PyoidcError("ERROR: Something went wrong [%s]: %s" % (resp.status_code, resp.text)) res = schema_class().from_json(txt=resp.text) self.store_response(res, resp.txt) return res
def uri_and_body(self, reqmsg, cis, method="POST", request_args=None, **kwargs): if "endpoint" in kwargs and kwargs["endpoint"]: uri = kwargs["endpoint"] else: uri = self._endpoint(self.request2endpoint[reqmsg.__name__], **request_args) uri, body, kwargs = get_or_post(uri, method, cis, **kwargs) try: h_args = {"headers": kwargs["headers"]} except KeyError: h_args = {} return uri, body, h_args, cis
def test_get_or_post_with_qp(): uri = u'https://localhost:8092/authorization?test=testslice' method = 'GET' values = {'acr_values': 'PASSWORD', 'state': 'urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a', 'redirect_uri': 'https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7', 'response_type': 'code', 'client_id': 'ok8tx7ulVlNV', 'scope': 'openid profile email address phone'} request = AuthorizationRequest(**values) path, body, ret_kwargs = util.get_or_post(uri, method, request) assert url_compare(path, u"https://localhost:8092/authorization?test=testslice&acr_values=PASSWORD&state=urn%3A" "uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&" "redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&" "response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone") assert not body assert not ret_kwargs
def test_get_or_post(): uri = u"https://localhost:8092/authorization" method = "GET" values = { "acr_values": "PASSWORD", "state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a", "redirect_uri": "https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7", "response_type": "code", "client_id": "ok8tx7ulVlNV", "scope": "openid profile email address phone", } request = AuthorizationRequest(**values) path, body, ret_kwargs = util.get_or_post(uri, method, request) assert url_compare( path, u"https://localhost:8092/authorization?acr_values=PASSWORD&state=urn%3A" "uuid%3A92d81fb3-72e8-4e6c-9173-c360b782148a&" "redirect_uri=https%3A%2F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7&" "response_type=code&client_id=ok8tx7ulVlNV&scope=openid+profile+email+address+phone", ) assert not body assert not ret_kwargs method = "POST" uri = u"https://localhost:8092/token" values = { "redirect_uri": "https://localhost:8666/919D3F697FDAAF138124B83E09ECB0B7", "code": "Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl/YLBBZDB9wefNExQlLDUIIDM2rT" "2t+gwuoRoapEXJyY2wrvg9cWTW2vxsZU+SuWzZlMDXc=", "grant_type": "authorization_code", } request2 = AccessTokenRequest(**values) kwargs = { "scope": "", "state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a", "authn_method": "client_secret_basic", "key": [], "headers": { "Authorization": "Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJk" "YjU4ZjU5YWU3MmFlMGM5NDM4YTY1ZmU0N2IxMDA3OTM1" }, } path, body, ret_kwargs = util.get_or_post(uri, method, request2, **kwargs) assert path == u"https://localhost:8092/token" assert url_compare( "http://test/#{}".format(body), "http://test/#code=Je1iKfPN1vCiN7L43GiXAuAWGAnm0mzA7QIjl%2FYLBBZDB9wefNExQlLDUIIDM2rT2t%2BgwuoR" "oapEXJyY2wrvg9cWTW2vxsZU%2BSuWzZlMDXc%3D&grant_type=authorization_code&redirect_uri=https%3A%2" "F%2Flocalhost%3A8666%2F919D3F697FDAAF138124B83E09ECB0B7", ) assert ret_kwargs == { "scope": "", "state": "urn:uuid:92d81fb3-72e8-4e6c-9173-c360b782148a", "authn_method": "client_secret_basic", "key": [], "headers": { "Content-Type": "application/x-www-form-urlencoded", "Authorization": "Basic b2s4dHg3dWxWbE5WOjdlNzUyZDU1MTc0NzA0NzQzYjZiZWJkYjU4ZjU5YWU3MmFl" "MGM5NDM4YTY1ZmU0N2IxMDA3OTM1", }, } method = "UNSUPORTED" with pytest.raises(UnSupported): util.get_or_post(uri, method, request2, **kwargs)
def user_info_request(self, method="GET", state="", scope="", **kwargs): uir = UserInfoRequest() logger.debug("[user_info_request]: kwargs:%s" % (kwargs,)) if "token" in kwargs: if kwargs["token"]: uir["access_token"] = kwargs["token"] token = Token() token.token_type = "Bearer" token.access_token = kwargs["token"] kwargs["behavior"] = "use_authorization_header" else: # What to do ? Need a callback token = None elif "access_token" in kwargs and kwargs["access_token"]: uir["access_token"] = kwargs["access_token"] del kwargs["access_token"] token = None else: token = self.grant[state].get_token(scope) if token.is_valid(): uir["access_token"] = token.access_token if token.token_type == "Bearer" and method == "GET": kwargs["behavior"] = "use_authorization_header" else: # raise oauth2.OldAccessToken if self.log: self.log.info("do access token refresh") try: self.do_access_token_refresh(token=token) token = self.grant[state].get_token(scope) uir["access_token"] = token.access_token except Exception: raise uri = self._endpoint("userinfo_endpoint", **kwargs) # If access token is a bearer token it might be sent in the # authorization header # 3-ways of sending the access_token: # - POST with token in authorization header # - POST with token in message body # - GET with token in authorization header if "behavior" in kwargs: _behav = kwargs["behavior"] _token = uir["access_token"] try: _ttype = kwargs["token_type"] except KeyError: try: _ttype = token.token_type except AttributeError: raise MissingParameter("Unspecified token type") # use_authorization_header, token_in_message_body if "use_authorization_header" in _behav and _ttype == "Bearer": bh = "Bearer %s" % _token if "headers" in kwargs: kwargs["headers"].update({"Authorization": bh}) else: kwargs["headers"] = {"Authorization": bh} if "token_in_message_body" not in _behav: # remove the token from the request del uir["access_token"] path, body, kwargs = get_or_post(uri, method, uir, **kwargs) h_args = dict([(k, v) for k, v in kwargs.items() if k in HTTP_ARGS]) return path, body, method, h_args