def test_unknown_input_data_allowed(self):
one = copy.deepcopy(_one_dict)
one['foo'] = 'bar'
addr = Nin(data = one, raise_on_unknown = False)
out = addr.to_dict()
self.assertIn('foo', out)
self.assertEqual(out['foo'], one['foo'])
def test_create_oidcproofingstate(self):
"""
{
'eduPersonPrincipalName': 'foob-arra',
'nin': {
'created_ts': datetime.datetime(2016, 11, 16, 14, 47, 0, 379810),
'verified': False,
'number': '190101021234',
'created_by': 'eduid_oidc_proofing'
},
'state': '2c84fedd-a694-46f0-b235-7c4dd7982852'
'nonce': 'bbca50f6-5213-4784-b6e6-289bd1debda5',
'token': 'de5b3f2a-14e9-49b8-9c78-a15fcf60d119',
}
"""
nin = Nin(number='200102034567',
application='eduid_oidc_proofing',
verified=False,
primary=False)
state = OidcProofingState({
'eduPersonPrincipalName':
EPPN,
'nin':
nin.to_dict(),
'state':
'2c84fedd-a694-46f0-b235-7c4dd7982852',
'nonce':
'bbca50f6-5213-4784-b6e6-289bd1debda5',
'token':
'de5b3f2a-14e9-49b8-9c78-a15fcf60d119'
})
state_dict = state.to_dict()
self.assertItemsEqual(state_dict.keys(), [
'_id', 'nin', 'eduPersonPrincipalName', 'state', 'nonce', 'token'
])
self.assertItemsEqual(
state_dict['nin'].keys(),
['created_by', 'created_ts', 'number', 'verified'])
def proofing(user, nin):
current_app.logger.debug('Getting state for user {!s}.'.format(user))
# TODO: Check if a user has a valid letter proofing
# For now a user can just have one verified NIN
if len(user.nins.to_list()) > 0:
return {'_status': 'error', 'error': 'User is already verified'}
proofing_state = current_app.proofing_statedb.get_state_by_eppn(
user.eppn, raise_on_missing=False)
if not proofing_state:
current_app.logger.debug(
'No proofing state found for user {!s}. Initializing new proofing flow.'
.format(user))
state = get_unique_hash()
nonce = get_unique_hash()
token = get_unique_hash()
nin = Nin(number=nin,
application='eduid_oidc_proofing',
verified=False,
primary=False)
proofing_state = OidcProofingState({
'eduPersonPrincipalName': user.eppn,
'nin': nin.to_dict(),
'state': state,
'nonce': nonce,
'token': token
})
# Initiate proofing
oidc_args = {
'client_id':
current_app.oidc_client.client_id,
'response_type':
'code',
'scope': ['openid'],
'redirect_uri':
url_for('oidc_proofing.authorization_response', _external=True),
'state':
state,
'nonce':
nonce,
'claims':
ClaimsRequest(userinfo=Claims(identity=None)).to_json()
}
current_app.logger.debug('AuthenticationRequest args:')
current_app.logger.debug(oidc_args)
try:
response = requests.post(
current_app.oidc_client.authorization_endpoint, data=oidc_args)
except requests.exceptions.ConnectionError as e:
msg = 'No connection to authorization endpoint: {!s}'.format(e)
current_app.logger.error(msg)
return {'_status': 'error', 'error': msg}
# If authentication request went well save user state
if response.status_code == 200:
current_app.logger.debug(
'Authentication request delivered to provider {!s}'.format(
current_app.config['PROVIDER_CONFIGURATION_INFO']
['issuer']))
current_app.proofing_statedb.save(proofing_state)
current_app.logger.debug(
'Proofing state {!s} for user {!s} saved'.format(
proofing_state.state, user))
else:
current_app.logger.error(
'Bad response from OP: {!s} {!s} {!s}'.format(
response.status_code, response.reason, response.content))
return {
'_status': 'error',
'error': 'Temporary technical problems'
}
# Return nonce and nonce as qr code
current_app.logger.debug('Returning nonce for user {!s}'.format(user))
buf = StringIO()
# The "1" below denotes the version of the data exchanged, right now only version 1 is supported.
qr_code = '1' + json.dumps({
'nonce': proofing_state.nonce,
'token': proofing_state.token
})
qrcode.make(qr_code).save(buf)
qr_b64 = buf.getvalue().encode('base64')
return {
'qr_code': qr_code,
'qr_img': 'data:image/png;base64, {!s}'.format(qr_b64),
}