def test_verify_error_response():
"""
arg={'error': ['invalid_request', 'invalid_configuration_parameter',
'invalid_redirect_uri']}
"""
_info = setup_conv()
conv = _info['conv']
chk = VerifyErrorMessage()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
# def test_verify_response():
# """
# arg={'error': ['access_denied'], 'response_cls': ['ErrorResponse']}
# arg={'response_cls': ['AccessTokenResponse', 'AuthorizationResponse']}
# arg={'response_cls': ['AuthorizationResponse', 'AccessTokenResponse']}
# arg={'status': 2, 'response_cls': ['OpenIDSchema']}
# arg={'error': ['access_denied', 'invalid_token'], 'status': 2,
# 'response_cls': ['ErrorResponse']}
# """
# _info = setup_conv()
# conv = _info['conv']
# chk = VerifyResponse()
# kwargs = {}
# chk._kwargs = kwargs
# res = chk._func(conv)
# assert True
def test_verify_response():
_info = setup_conv()
_conv = _info['conv']
# Add some reasonable responses
atr = {
"access_token":
"ZDZjNWFmNzgtN2IxMi00YTY1LTk2NTEtODIyZjg5Ym",
"expires_in": 7200,
"id_token": {
"at_hash": "fZlM5SoE8mdM80zBWSOzDQ",
"aud": [
"cb19ff50-6423-4955-92a2-73bea88796b4"
],
"email": "*****@*****.**",
"exp": 1493066674,
"iat": 1493059474,
"iss": "https://guarded-cliffs-8635.herokuapp.com",
"nonce": "WZ3PuYEnGxcM6ddf",
"phone_number": "+49 000 000000",
"phone_number_verified": False,
"sid": "be99eccf-965f-4ba4-b0e4-39b0c26868e1",
"sub": "9842f9ae-eb3c-4eba-8e4c-979ecae15fa1"
},
"token_type": "Bearer"
}
_conv.events.store(EV_PROTOCOL_RESPONSE, AccessTokenResponse(**atr))
vr = VerifyResponse()
vr._kwargs = {
"response_cls": ["AccessTokenResponse", "AuthorizationResponse"]}
res = vr._func(_conv)
assert res == {}
assert vr._status == OK
def test_check_support():
_info = setup_conv()
_info['conv'].entity.provider_info[
'token_endpoint_auth_methods_supported'] = ["private_key_jwt"]
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_support(oper, {
"WARNING": {
"token_endpoint_auth_methods_supported": "private_key_jwt"
}
})
assert oper.fail is False
check_support(oper, {
"WARNING": {
"token_endpoint_auth_methods_supported": "client_secret_jwt"
}
})
assert oper.fail is False
assert len(oper.conv.events) == 1
check_support(oper, {
"ERROR": {
"token_endpoint_auth_methods_supported": "client_secret_jwt"
}
})
assert oper.fail is True
def test_verify_response():
_info = setup_conv()
_conv = _info['conv']
# Add some reasonable responses
atr = {
"access_token": "ZDZjNWFmNzgtN2IxMi00YTY1LTk2NTEtODIyZjg5Ym",
"expires_in": 7200,
"id_token": {
"at_hash": "fZlM5SoE8mdM80zBWSOzDQ",
"aud": ["cb19ff50-6423-4955-92a2-73bea88796b4"],
"email": "*****@*****.**",
"exp": 1493066674,
"iat": 1493059474,
"iss": "https://guarded-cliffs-8635.herokuapp.com",
"nonce": "WZ3PuYEnGxcM6ddf",
"phone_number": "+49 000 000000",
"phone_number_verified": False,
"sid": "be99eccf-965f-4ba4-b0e4-39b0c26868e1",
"sub": "9842f9ae-eb3c-4eba-8e4c-979ecae15fa1"
},
"token_type": "Bearer"
}
_conv.events.store(EV_PROTOCOL_RESPONSE, AccessTokenResponse(**atr))
vr = VerifyResponse()
vr._kwargs = {
"response_cls": ["AccessTokenResponse", "AuthorizationResponse"]
}
res = vr._func(_conv)
assert res == {}
assert vr._status == OK
def test_sub_claims():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
atr = {
"access_token":
"ZDZjNWFmNzgtN2IxMi00YTY1LTk2NTEtODIyZjg5YmRlZThm0iWAl1VJQBnLcBFYdzkwuyh9TGyf9QDx86DZUn6ho3Pbtr5VPxMihwXpO1AAfxas5XSNNdhFAf3bqATAh2BkuQ",
"expires_in": 7200,
"id_token": {
"at_hash": "fZlM5SoE8mdM80zBWSOzDQ",
"aud": [
"cb19ff50-6423-4955-92a2-73bea88796b4"
],
"email": "*****@*****.**",
"exp": 1493066674,
"iat": 1493059474,
"iss": "https://guarded-cliffs-8635.herokuapp.com",
"nonce": "WZ3PuYEnGxcM6ddf",
"phone_number": "+49 000 000000",
"phone_number_verified": False,
"sid": "be99eccf-965f-4ba4-b0e4-39b0c26868e1",
"sub": "9842f9ae-eb3c-4eba-8e4c-979ecae15fa1"
},
"token_type": "Bearer"
}
_info['conv'].events.store(EV_PROTOCOL_RESPONSE,
AccessTokenResponse(**atr))
_sub = atr["id_token"]["sub"]
args = None
sub_claims(oper, args)
assert oper.req_args["claims"] == {"id_token": {"sub": {"value": _sub}}}
def test_verify_error_response():
"""
arg={'error': ['invalid_request', 'invalid_configuration_parameter',
'invalid_redirect_uri']}
"""
_info = setup_conv()
conv = _info['conv']
chk = VerifyErrorMessage()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
# def test_verify_response():
# """
# arg={'error': ['access_denied'], 'response_cls': ['ErrorResponse']}
# arg={'response_cls': ['AccessTokenResponse', 'AuthorizationResponse']}
# arg={'response_cls': ['AuthorizationResponse', 'AccessTokenResponse']}
# arg={'status': 2, 'response_cls': ['OpenIDSchema']}
# arg={'error': ['access_denied', 'invalid_token'], 'status': 2,
# 'response_cls': ['ErrorResponse']}
# """
# _info = setup_conv()
# conv = _info['conv']
# chk = VerifyResponse()
# kwargs = {}
# chk._kwargs = kwargs
# res = chk._func(conv)
# assert True
def test_request_in_file():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
args = None
request_in_file(oper, args)
assert oper.op_args['base_path'].endswith('export/')
def test_operation_other():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
s = op.catch_exception_and_error(func_text)
assert s
def test_ui_locales():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.tool_config = {'ui_locales': ['es']}
args = None
ui_locales(oper, args)
assert oper.req_args["ui_locales"] == ['es']
def test_set_essential_arg_claim_rt_non_i():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.tool_conf = {'profile': 'C.T.T.T'}
args = 'email'
set_essential_arg_claim(oper, args)
assert oper.req_args["claims"] == {"userinfo": {args: {"essential": True}}}
def test_set_state():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.state = rndstr(16)
args = None
set_state(oper, args)
assert oper.op_args['state'] == oper.conv.state
def test_check_config():
_info = setup_conv()
# set tool_config
_info['conv'].tool_config['login_hint'] = 'diana'
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_config(oper, {"login_hint": None})
ev = oper.conv.events.get(EV_CONDITION)
assert ev == []
def test_operation_other():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
s = op.catch_exception_and_error(func_text)
assert s
def test_operation_expected_instance():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
s = op.catch_exception_and_error(authorization_response)
assert s
def test_operation_expected_instance():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
s = op.catch_exception_and_error(authorization_response)
assert s
def test_check_config_missing():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_config(oper, {"login_hint": None})
ev = oper.conv.events.get(EV_CONDITION)
assert len(ev) == 1
assert ev[0].data.status == ERROR
assert oper.unsupported
def test_set_response_where_implicit():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.req_args['response_type'] = ['id_token']
args = None
set_response_where(oper, args)
assert oper.response_where == "fragment"
def test_operation_expected_exception():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
op.expect_exception = 'MissingAttribute'
s = op.catch_exception_and_error(func_exception)
assert s is None
def test_set_principal():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.tool_config = {'foo': 'bar'}
args = {'param': 'foo'}
set_principal(oper, args)
assert oper.req_args["principal"] == oper.conv.tool_config['foo']
def test_operation_expected_exception():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
op.expect_exception = 'MissingAttribute'
s = op.catch_exception_and_error(func_exception)
assert s is None
def test_set_discovery_issuer_dyn():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.dynamic = True
args = None
set_discovery_issuer(oper, args)
assert 'issuer' in oper.op_args
def test_login_hint_without():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.provider_info = {'issuer': 'https://example.com'}
args = None
login_hint(oper, args)
assert oper.req_args["login_hint"] == '*****@*****.**'
def test_acr_value():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
_acrs = ['pinfo']
oper.conv.entity.provider_info = {'acr_values_supported': _acrs}
essential_and_specific_acr_claim(oper, ['one'])
assert 'acr_values' not in oper.req_args
assert oper.req_args['claims']['id_token']['acr'] == {"value": _acrs[0],
'essential': True}
def test_set_response_where_code_args():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.req_args['response_type'] = ['id_token token']
args = {'response_type': ['id_token token'], 'where': 'fragment'}
set_response_where(oper, args)
assert oper.response_where == "fragment"
def test_redirect_uris_with_fragment():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.registration_info = {'redirect_uris': [
'https://example.org/authzcb']}
redirect_uris_with_fragment(oper, {'fragment': 'one'})
assert oper.req_args["redirect_uris"][0].endswith('#fragmentone')
def test_store_sector_redirect_uris():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
store_sector_redirect_uris(oper,
{"other_uris": ["https://example.com/op"]})
assert oper.req_args["sector_identifier_uri"].endswith('export/siu.json')
_siu = json.loads(open('export/siu.json').read())
assert _siu
def test_essential_and_specific_acr_claim_tc():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
_acrs = ['passwd']
_info['conv'].tool_config['acr_value'] = _acrs
essential_and_specific_acr_claim(oper, ['one'])
assert 'acr_values' not in oper.req_args
assert oper.req_args['claims']['id_token']['acr'] == {"value": _acrs[0],
'essential': True}
def test_login_hint_with_domain():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.provider_info = {'issuer': 'https://example.com'}
oper.conv.tool_config = {'login_hint': '*****@*****.**'}
args = None
login_hint(oper, args)
assert oper.req_args["login_hint"] == '*****@*****.**'
def test_redirect_uri_with_query_component():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.registration_info = {'redirect_uris': [
'https://example.org/authzcb']}
redirect_uri_with_query_component(oper, {'foo': 'bar'})
assert oper.req_args["redirect_uri"][0].endswith('?foo=bar')
def test_set_webfinger_resource():
_info = setup_conv()
# set tool_config
_info['conv'].tool_config['webfinger_url'] = 'https://example.com/diana'
oper = Webfinger(_info['conv'], _info['io'], None, profile='C.T.T.T')
# inut.profile_handler.webfinger(self.profile)
set_webfinger_resource(oper, None)
assert oper.resource == 'https://example.com/diana'
def test_store_sector_redirect_uris():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
store_sector_redirect_uris(oper, {"other_uris": [
"https://example.com/op"
]})
assert oper.req_args["sector_identifier_uri"].endswith('export/siu.json')
_siu = json.loads(open('export/siu.json').read())
assert _siu
def test_static_jwk():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.keyjar = build_keyjar(KEYDEFS)[1]
oper.req_args["jwks_uri"] = 'https://example.org/jwks_uri'
args = None
static_jwk(oper, args)
assert 'jwks_uri' not in oper.req_args
assert 'jwks' in oper.req_args
def test_verify_authn_response():
"""
arg=None
"""
_info = setup_conv()
conv = _info['conv']
chk = VerifyAuthnResponse()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
def test_check_http_response():
"""
arg=None
"""
_info = setup_conv()
conv = _info['conv']
chk = CheckHTTPResponse()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
def test_authn_response_or_error():
"""
arg={'error': ['request_uri_not_supported']}
"""
_info = setup_conv()
conv = _info['conv']
chk = VerifyAuthnOrErrorResponse()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
def test_authn_response_or_error():
"""
arg={'error': ['request_uri_not_supported']}
"""
_info = setup_conv()
conv = _info['conv']
chk = VerifyAuthnOrErrorResponse()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
def test_verify_authn_response():
"""
arg=None
"""
_info = setup_conv()
conv = _info['conv']
chk = VerifyAuthnResponse()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
def test_check_http_response():
"""
arg=None
"""
_info = setup_conv()
conv = _info['conv']
chk = CheckHTTPResponse()
kwargs = {}
chk._kwargs = kwargs
res = chk._func(conv)
assert True
def test_operation_unexpected_instance():
_info = setup_conv()
_conv = _info['conv']
op = Operation(_conv, _info['io'], _info['io'].session, test_id='1')
op.message_cls = AuthorizationResponse
try:
op.catch_exception_and_error(access_token_response)
except Break:
assert True
else:
assert False
def test_check_support_strings():
_info = setup_conv()
_info['conv'].entity.provider_info[
'token_endpoint_auth_methods_supported'] = ["private_key_jwt"]
_info['conv'].entity.provider_info.__class__.c_param['token_endpoint_auth_methods_supported'] = (str, None)
oper = AsyncAuthn(_info['conv'], _info['io'], None)
check_support(oper, {"WARNING": {
"token_endpoint_auth_methods_supported": "private_key_jwt"}})
assert oper.fail is False
assert len(oper.conv.events) == 1
def test_multiple_return_uris():
_info = setup_conv()
oper = AsyncAuthn(_info['conv'], _info['io'], None)
oper.conv.entity.registration_info = {'redirect_uris': [
'https://example.org/authzcb']}
oper.conv.entity.base_url = 'https://example.org'
_ruris = len(oper.conv.entity.registration_info['redirect_uris'])
args = None
multiple_return_uris(oper, args)
assert len(oper.req_args["redirect_uris"]) == _ruris + 1
