def test_verify_strict(key, value, monkeypatch): result = sign_http_request(alg=ALG, **TEST_DATA) monkeypatch.setitem(TEST_DATA, key, value) with pytest.raises(ValidationError): verify_http_request(signature=result, strict_query_param_verification=True, strict_headers_verification=True, **TEST_DATA)
def test_verify_not_strict(key, value, monkeypatch): result = sign_http_request(alg=ALG, **TEST_DATA) monkeypatch.setitem(TEST_DATA, key, value) verify_http_request(signature=result, strict_query_param_verification=False, strict_headers_verification=False, **TEST_DATA)
def do_user_info_request(self, method="POST", state="", scope="openid", request="openid", **kwargs): kwargs["request"] = request kwargs["behavior"] = "use_authorization_header" url, body, method, h_args = self.user_info_request(method, state, scope, **kwargs) sign_key = self.keyjar.get_signing_key()[0] url_parse = urlparse(url) host = url_parse.netloc path = url_parse.path body = sign_http_request(sign_key, "RS256", path=path, headers=h_args["headers"], method=method, host=host) body = urlencode({"http_signature": body}) logger.debug("[do_user_info_request] PATH:%s BODY:%s H_ARGS: %s", url, body, h_args) try: resp = self.http_request(url, method, data=body, **h_args) except oauth2.MissingRequiredAttribute: raise if resp.status_code == 200: try: assert "application/json" in resp.headers["content-type"] sformat = "json" except AssertionError: assert "application/jwt" in resp.headers["content-type"] sformat = "jwt" elif resp.status_code == 500: raise PyoidcError("ERROR: Something went wrong: %s" % resp.text) else: raise PyoidcError("ERROR: Something went wrong [%s]: %s" % ( resp.status_code, resp.text)) try: _schema = kwargs["user_info_schema"] except KeyError: _schema = OpenIDSchema logger.debug("Reponse text: '%s'", resp.text) _txt = resp.text if sformat == "json": res = _schema().from_json(txt=_txt) else: res = _schema().from_jwt(_txt, keyjar=self.keyjar, sender=self.provider_info["issuer"]) self.store_response(res, _txt) return res
def test_userinfo_endpoint(self, monkeypatch): access_token = self._pop_token_req(self._authz_req())["access_token"] bearer_header = "pop {}".format(access_token) signature = sign_http_request( CLIENT_KEYJAR.get_signing_key(owner="")[0], "RS256", ENVIRON["REQUEST_METHOD"], HOST, "/userinfo", headers=dict( [("Authorization", bearer_header)])) body = "http_signature={}".format(signature).encode("utf-8") monkeypatch.setitem(ENVIRON, "HTTP_AUTHORIZATION", bearer_header) monkeypatch.setitem(ENVIRON, "wsgi.input", BytesIO(body)) monkeypatch.setitem(ENVIRON, "CONTENT_LENGTH", len(body)) resp = self.provider.userinfo_endpoint( self.provider.parse_request(ENVIRON)) userinfo = json.loads(resp.message) assert userinfo["nickname"] == USERDB["username"]["nickname"] assert userinfo["name"] == USERDB["username"]["name"] assert userinfo["sub"]
def test_verify_fail(key, value, monkeypatch): result = sign_http_request(alg=ALG, **TEST_DATA) monkeypatch.setitem(TEST_DATA, key, value) with pytest.raises(ValidationError): verify_http_request(signature=result, **TEST_DATA)
def test_verify(): timestamp = 12347456 result = sign_http_request(alg=ALG, time_stamp=12347456, **TEST_DATA) signature = verify_http_request(signature=result, **TEST_DATA) assert signature["ts"] == timestamp
def test_sign_empty_http_req(): with pytest.raises(EmptyHTTPRequestError): sign_http_request(SIGN_KEY, ALG)