def test_explicit_registration(self):
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
config.rp.federation.web_cert_path = "{}/{}".format(
dir_path, lower_or_upper(config.web_conf, "server_cert"))
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
rp.client_get(
"service_context").federation_entity.collector = DummyCollector(
httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_service = rp.client_get("service", 'provider_info')
args = self.provider_endpoint.process_request()
info = self.provider_endpoint.do_response(**args)
_resp = _service.parse_response(info["response"])
with responses.RequestsMock() as rsps:
_jwks = open(
os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
'jwks.json')).read()
rsps.add("GET",
"https://op.ntnu.no/static/jwks.json",
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_service.update_service_context(_resp)
# Do the client registration request
# First let the client construct the client registration request
_service = rp.client_get("service", 'registration')
_request_args = _service.get_request_parameters()
# send it to the provider
args = self.registration_endpoint.process_request(
_request_args["body"])
response_args = self.provider_endpoint.do_response(**args)
# Let the client deal with the response from the provider
_resp = _service.parse_response(response_args["response"],
request=_request_args["body"])
_service.update_service_context(_resp)
# and we're done
reg_resp = _service.client_get("service_context").get(
"registration_response")
assert reg_resp["token_endpoint_auth_method"] == "private_key_jwt"
def oidc_provider_init_app(config_file, name=None, **kwargs):
name = name or __name__
app = Flask(name, static_url_path='', **kwargs)
app.srv_config = create_from_config_file(Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=config_file,
base_path=dir_path)
app.users = {'test_user': {'name': 'Testing Name'}}
try:
from .views import oidc_rp_views
except ImportError:
from views import oidc_rp_views
app.register_blueprint(oidc_rp_views)
# Initialize the oidc_provider after views to be able to set correct urls
app.rph = init_oidc_rp_handler(app.srv_config.rp, dir_path)
return app
def test_init_rp():
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
assert rp
def test_automatic_registration(self):
config = create_from_config_file(
Configuration,
entity_conf=[{
"class": FedRPConfiguration,
"attr": "rp"
}],
filename=full_path('conf_foodle.uninett.no.yaml'),
base_path=BASE_PATH)
rph = init_oidc_rp_handler(config.rp, BASE_PATH)
rp = rph.init_client('ntnu')
rp.client_get(
"service_context").federation_entity.collector = DummyCollector(
httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
_service = rp.client_get("service", 'provider_info')
# don't need to parse the request since there is none
args = self.provider_endpoint.process_request()
info = self.provider_endpoint.do_response(**args)
_resp = _service.parse_response(info["response"])
with responses.RequestsMock() as rsps:
_jwks = open(
os.path.join(BASE_PATH, 'base_data', 'ntnu.no', 'op.ntnu.no',
'jwks.json')).read()
rsps.add("GET",
"https://op.ntnu.no/static/jwks.json",
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_service.update_service_context(_resp)
# Do the client authorization request
# First let the client construct the authorization request
_service = rp.client_get("service", 'authorization')
_request_args = _service.get_request_parameters()
# send it to the provider
_req_args = parse_qs(_request_args['url'].split('?')[1])
with responses.RequestsMock() as rsps:
_jwks = open(os.path.join(BASE_PATH,
'static/jwks_auto.json')).read()
_url = 'https://foodle.uninett.no/jwks.json'
rsps.add("GET",
_url,
body=_jwks,
adding_headers={"Content-Type": "application/json"},
status=200)
_req_args = self.authorization_endpoint.parse_request(
compact(_req_args))
# need to register a user session info
args = self.authorization_endpoint.process_request(_req_args)
response_args = self.authorization_endpoint.do_response(**args)
# Let the client deal with the response from the provider
_resp = _service.parse_response(response_args["response"],
request=compact(_req_args))
_service.update_service_context(_resp)
# and we're done
assert 'trust_anchor_id' in _resp
