def test_consumer_client_get_access_token_reques():
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.client_secret = "secret0"
_state = "state"
cons.redirect_uris = ["https://www.example.com/oic/cb"]
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(),
"urlencoded")
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer", expires_in=0,
state=_state)
cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
"urlencoded")
url, body, http_args = cons.get_access_token_request(_state)
assert url == "http://localhost:8088/token"
print body
assert body == ("code=auth_grant&client_secret=secret0&"
"grant_type=authorization_code&client_id=number5&"
"redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb")
assert http_args == {'headers': {
'Content-type': 'application/x-www-form-urlencoded'}}
def test_consumer_client_get_access_token_reques():
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.client_secret = "secret0"
cons.state = "state"
cons.redirect_uris = ["https://www.example.com/oic/cb"]
resp1 = AuthorizationResponse(code="auth_grant", state="state")
cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(),
"urlencoded")
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state="state")
cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
"urlencoded")
url, body, http_args = cons.get_access_token_request()
assert url == "http://localhost:8088/token"
print body
assert body == ("code=auth_grant&client_secret=secret0&"
"grant_type=authorization_code&client_id=number5&"
"redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb")
assert http_args == {
'headers': {
'Content-type': 'application/x-www-form-urlencoded'
}
}
def test_consumer_client_get_access_token_reques():
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.client_secret = "secret0"
_state = "state"
cons.redirect_uris = ["https://www.example.com/oic/cb"]
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(),
"urlencoded")
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_state)
cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
"urlencoded")
url, body, http_args = cons.get_access_token_request(_state)
url_obj = URLObject.create(url)
expected_url_obj = URLObject.create("http://localhost:8088/token")
assert url_obj == expected_url_obj
body_splits = body.split('&')
expected_body_splits = "code=auth_grant&client_secret=secret0&" \
"grant_type=authorization_code&client_id=number5&" \
"redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb".split('&')
assert set(body_splits) == set(expected_body_splits)
assert http_args == {
'headers': {
'Content-type': 'application/x-www-form-urlencoded'
}
}
assert res.status == "302 Found"
url = res.headers["location"]
# Parse by the client
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = url
_cli = Consumer(SESSION_DB, CLIENT_CONFIG, SERVER_INFO, **CONSUMER_CONFIG)
aresp = _cli.handle_authorization_response(environ, start_response, DEVNULL())
print "ARESP: %s" % aresp
assert isinstance(aresp, AuthorizationResponse)
# Create the AccessTokenRequest
url, body, http_args = _cli.get_access_token_request(environ, start_response,
DEVNULL())
assert url == "http://localhost:8088/token"
assert len(body) != 0
assert http_args == {"client_password": "******"}
# complete with access token request
app = TestApp(application)
cres = app.post('/token', body,
extra_environ={"oic.server":SERVER,
"mako.lookup":LOOKUP,
"REMOTE_USER":_cli.client_id})
print cres.status
class TestConsumer(object):
@pytest.fixture(autouse=True)
def create_consumer(self):
self.consumer = Consumer({}, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
def test_init(self):
cons = Consumer({}, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons._backup("123456")
assert "123456" in cons.sdb
cons = Consumer({}, client_config=CLIENT_CONFIG, **CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
cons = Consumer({}, **CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
def test_begin(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
# state is dynamic
params = {"scope": "openid",
"state": sid,
"redirect_uri": "http://localhost:8087/authz",
"response_type": "code",
"client_id": "number5"}
url = "http://localhost:8088/authorization?{}".format(urlencode(params))
assert url_compare(loc, url)
def test_handle_authorization_response(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
state=sid)
res = self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
assert isinstance(res, AuthorizationResponse)
assert self.consumer.grant[sid].code == "SplxlOBeZQQYbYS6WxSbIA"
def test_parse_authz_without_code(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
state=sid)
adict = atr.to_dict()
del adict["code"]
with pytest.raises(MissingRequiredAttribute):
self.consumer.handle_authorization_response(query=urlencode(adict))
def test_parse_authz_access_denied(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationErrorResponse(error="access_denied", state=sid)
with pytest.raises(AuthzError):
self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
def test_parse_access_token(self):
# implicit flow test
self.consumer.response_type = ["token"]
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
state=sid)
res = self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
assert isinstance(res, AccessTokenResponse)
grant = self.consumer.grant[sid]
assert len(grant.tokens) == 1
token = grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_parse_authz_invalid_client(self):
self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = TokenErrorResponse(error="invalid_client")
with pytest.raises(AuthzError):
self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
def test_consumer_client_auth_info(self):
self.consumer.client_secret = "secret0"
ra, ha, extra = self.consumer.client_auth_info()
assert ra == {'client_secret': 'secret0', 'client_id': 'number5'}
assert ha == {}
assert extra == {'auth_method': 'bearer_body'}
def test_client_get_access_token_request(self):
self.consumer.client_secret = "secret0"
_state = "state"
self.consumer.redirect_uris = ["https://www.example.com/oic/cb"]
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
self.consumer.parse_response(AuthorizationResponse,
resp1.to_urlencoded(),
"urlencoded")
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer", expires_in=0,
state=_state)
self.consumer.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
"urlencoded")
url, body, http_args = self.consumer.get_access_token_request(_state)
assert url_compare(url, "http://localhost:8088/token")
expected_params = 'code=auth_grant&redirect_uri=https%3A%2F%2Fwww' \
'.example.com%2Foic%2Fcb&client_id=number5' \
'&client_secret=secret0&grant_type=authorization_code&state_hash=S6aXNcpTdl7WpwnttWxuoja3GTo7KaazkMNG8PQ0Dk4%3D'
assert query_string_compare(body, expected_params)
assert http_args == {'headers': {
'Content-Type': 'application/x-www-form-urlencoded'}}
class TestConsumer(object):
@pytest.fixture(autouse=True)
def create_consumer(self):
self.consumer = Consumer(
DictSessionBackend(),
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
settings=CLIENT_SETTINGS,
**CONSUMER_CONFIG,
)
def test_init(self):
cons = Consumer(
DictSessionBackend(),
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
settings=CLIENT_SETTINGS,
**CONSUMER_CONFIG,
)
cons._backup("123456")
assert "123456" in cons.sdb
cons = Consumer(
DictSessionBackend(),
client_config=CLIENT_CONFIG,
settings=CLIENT_SETTINGS,
**CONSUMER_CONFIG,
)
assert cons.authorization_endpoint is None
cons = Consumer(DictSessionBackend, **CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
def test_begin(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
# state is dynamic
params = {
"scope": "openid",
"state": sid,
"redirect_uri": "http://localhost:8087/authz",
"response_type": "code",
"client_id": "number5",
}
url = "http://localhost:8088/authorization?{}".format(
urlencode(params))
assert url_compare(loc, url)
def test_handle_authorization_response(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)
res = self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
assert isinstance(res, AuthorizationResponse)
assert self.consumer.grant[sid].code == "SplxlOBeZQQYbYS6WxSbIA"
def test_parse_authz_without_code(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)
adict = atr.to_dict()
del adict["code"]
with pytest.raises(MissingRequiredAttribute):
self.consumer.handle_authorization_response(query=urlencode(adict))
def test_parse_authz_access_denied(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationErrorResponse(error="access_denied", state=sid)
with pytest.raises(AuthzError):
self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
def test_parse_access_token(self):
# implicit flow test
self.consumer.response_type = ["token"]
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AccessTokenResponse(
access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
state=sid,
)
res = self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
assert isinstance(res, AccessTokenResponse)
grant = self.consumer.grant[sid]
assert len(grant.tokens) == 1
token = grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_parse_authz_invalid_client(self):
self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = TokenErrorResponse(error="invalid_client")
with pytest.raises(AuthzError):
self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
def test_consumer_client_auth_info(self):
self.consumer.client_secret = "secret0"
ra, ha, extra = self.consumer.client_auth_info()
assert ra == {"client_secret": "secret0", "client_id": "number5"}
assert ha == {}
assert extra == {"auth_method": "bearer_body"}
def test_provider_config(self):
c = Consumer(None, None)
response = ASConfigurationResponse(
**{
"issuer": "https://example.com",
"end_session_endpoint": "https://example.com/end_session",
})
with responses.RequestsMock() as rsps:
rsps.add(
responses.GET,
"https://example.com/.well-known/openid-configuration",
json=response.to_dict(),
)
info = c.provider_config("https://example.com")
assert isinstance(info, ASConfigurationResponse)
assert _eq(info.keys(), ["issuer", "version", "end_session_endpoint"])
assert info[
"end_session_endpoint"] == "https://example.com/end_session"
def test_client_get_access_token_request(self):
self.consumer.client_secret = "secret0"
_state = "state"
self.consumer.redirect_uris = ["https://www.example.com/oic/cb"]
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
self.consumer.parse_response(AuthorizationResponse,
resp1.to_urlencoded(), "urlencoded")
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_state)
self.consumer.parse_response(AccessTokenResponse,
resp2.to_urlencoded(), "urlencoded")
url, body, http_args = self.consumer.get_access_token_request(_state)
assert url_compare(url, "http://localhost:8088/token")
expected_params = (
"redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb&client_id=number5&state=state&"
"code=auth_grant&grant_type=authorization_code&client_secret=secret0"
)
assert query_string_compare(body, expected_params)
assert http_args == {
"headers": {
"Content-Type": "application/x-www-form-urlencoded"
}
}
def test_access_token_storage_with_custom_response_class(self):
_state = "state"
# AccessTokenResponse custom class
class AccessTokenResponseWrapper(AccessTokenResponse):
"""Response wrapper to get "expires_in" in hours."""
c_param = AccessTokenResponse.c_param.copy()
c_param.update({"expires_in_hours": SINGLE_OPTIONAL_INT})
def __init__(self, **kwargs):
super(AccessTokenResponseWrapper, self).__init__(**kwargs)
if "expires_in" in self and self["expires_in"]:
self["expires_in_hours"] = self["expires_in"] // 3600
resp = AccessTokenResponseWrapper(
access_token="2YotnFZFEjr1zCsiAB",
token_type="Bearer",
expires_in=3600,
state=_state,
)
self.consumer.parse_response(AccessTokenResponseWrapper,
resp.to_urlencoded(), "urlencoded")
grant = self.consumer.grant[_state]
assert len(grant.tokens) == 1
assert grant.tokens[0].access_token == "2YotnFZFEjr1zCsiAB"
assert grant.tokens[
0].token_expiration_time > time_util.time_sans_frac()
assert grant.tokens[0].expires_in_hours == 1 # type: ignore
class TestConsumer(object):
@pytest.fixture(autouse=True)
def create_consumer(self):
self.consumer = Consumer({},
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
def test_init(self):
cons = Consumer({},
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons._backup("123456")
assert "123456" in cons.sdb
cons = Consumer({}, client_config=CLIENT_CONFIG, **CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
cons = Consumer({}, **CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
def test_begin(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
# state is dynamic
params = {
"scope": "openid",
"state": sid,
"redirect_uri": "http://localhost:8087/authz",
"response_type": "code",
"client_id": "number5"
}
url = "http://localhost:8088/authorization?{}".format(
urlencode(params))
assert url_compare(loc, url)
def test_handle_authorization_response(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)
res = self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
assert isinstance(res, AuthorizationResponse)
assert self.consumer.grant[sid].code == "SplxlOBeZQQYbYS6WxSbIA"
def test_parse_authz_without_code(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)
adict = atr.to_dict()
del adict["code"]
with pytest.raises(MissingRequiredAttribute):
self.consumer.handle_authorization_response(query=urlencode(adict))
def test_parse_authz_access_denied(self):
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationErrorResponse(error="access_denied", state=sid)
with pytest.raises(AuthzError):
self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
def test_parse_access_token(self):
# implicit flow test
self.consumer.response_type = ["token"]
sid, loc = self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
state=sid)
res = self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
assert isinstance(res, AccessTokenResponse)
grant = self.consumer.grant[sid]
assert len(grant.tokens) == 1
token = grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_parse_authz_invalid_client(self):
self.consumer.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = TokenErrorResponse(error="invalid_client")
with pytest.raises(AuthzError):
self.consumer.handle_authorization_response(
query=atr.to_urlencoded())
def test_consumer_client_auth_info(self):
self.consumer.client_secret = "secret0"
ra, ha, extra = self.consumer.client_auth_info()
assert ra == {'client_secret': 'secret0', 'client_id': 'number5'}
assert ha == {}
assert extra == {'auth_method': 'bearer_body'}
def test_client_get_access_token_request(self):
self.consumer.client_secret = "secret0"
_state = "state"
self.consumer.redirect_uris = ["https://www.example.com/oic/cb"]
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
self.consumer.parse_response(AuthorizationResponse,
resp1.to_urlencoded(), "urlencoded")
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_state)
self.consumer.parse_response(AccessTokenResponse,
resp2.to_urlencoded(), "urlencoded")
url, body, http_args = self.consumer.get_access_token_request(_state)
assert url_compare(url, "http://localhost:8088/token")
expected_params = 'redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb&client_id=number5&state=state&' \
'code=auth_grant&grant_type=authorization_code&client_secret=secret0'
assert query_string_compare(body, expected_params)
assert http_args == {
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
}
}
