def test_server_authenticated_1():
server = provider_init
_session_db = {}
cons = Consumer(
_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO,
)
cons.debug = True
cons.keyjar[""] = KC_RSA
state, location = cons.begin("openid",
"code",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
print resp
aresp = cons.parse_response(AuthorizationResponse,
location,
sformat="urlencoded")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), [
'request', 'state', 'redirect_uri', 'claims', 'response_type',
'client_id', 'scope'
])
def test_userinfo_endpoint():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO)
cons.debug = True
cons.client_secret = "drickyoughurt"
cons.config["response_type"] = ["token"]
cons.config["request_method"] = "parameter"
cons.keyjar[""] = KC_RSA
location = cons.begin("openid", "token", path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
line = resp.message
path, query = line.split("?")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp3 = server.userinfo_endpoint(request=uir.to_urlencoded())
ident = OpenIDSchema().deserialize(resp3.message, "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
assert ident["sub"] == USERDB["username"]["sub"]
def test_server_authenticated_none():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
cons.response_type = "none"
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = server.authorization_endpoint(environ, start_response)
sid = resp[0][len("<form>"):-len("</form>")]
environ2 = create_return_form_env("user", "password", sid)
resp2 = server.authenticated(environ2, start_response)
assert len(resp2) == 1
txt = resp2[0]
pos0 = txt.index("<title>") + len("<title>Redirecting to ")
pos1 = txt.index("</title>")
location = txt[pos0:pos1]
print location
assert location.startswith("http://localhost:8087/authz")
query = location.split("?")[1]
print query
assert "token_type=Bearer" in query
def test_server_authenticated_token():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
cons.config["response_type"] = ["token"]
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = server.authorization_endpoint(environ, start_response)
sid = resp[0][len("<form>"):-len("</form>")]
environ2 = create_return_form_env("user", "password", sid)
resp2 = server.authenticated(environ2, start_response)
assert len(resp2) == 1
txt = resp2[0]
assert "access_token=" in txt
assert "token_type=Bearer" in txt
def test_userinfo_endpoint():
server = provider_init
_session_db = {}
cons = Consumer(_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO)
cons.debug = True
cons.client_secret = "drickyoughurt"
cons.config["response_type"] = ["token"]
cons.config["request_method"] = "parameter"
cons.keyjar[""] = KC_RSA
state, location = cons.begin("openid",
"token",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
line = resp.message
path, query = line.split("#")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp3 = server.userinfo_endpoint(request=uir.to_urlencoded())
ident = OpenIDSchema().deserialize(resp3.message, "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
def test_server_authenticated():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = server.authorization_endpoint(environ, start_response)
sid = resp[0][len("<form>"):-len("</form>")]
environ2 = create_return_form_env("user", "password", sid)
resp2 = server.authenticated(environ2, start_response)
print resp2[0]
assert len(resp2) == 1
txt = resp2[0]
pos0 = txt.index("<title>") + len("<title>Redirecting to ")
pos1 = txt.index("</title>")
location = txt[pos0:pos1]
print location
assert location.startswith("http://localhost:8087/authz")
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location
part = cons.parse_authz(environ, start_response)
aresp = part[0]
assert part[1] is None
assert part[2] is None
#aresp = client.parse_response(AuthorizationResponse, location,
# format="urlencoded",
# state="id-6da9ca0cc23959f5f33e8becd9b08cae")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['code', 'state', 'scope'])
print cons.grant[cons.state].keys()
assert _eq(cons.grant[cons.state].keys(), ['code', 'id_token', 'tokens',
'exp_in',
'grant_expiration_time', 'seed'])
def test_server_authenticated_2():
server = provider_init
server.baseurl = server.name
_session_db = {}
cons = Consumer(
_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO,
)
cons.debug = True
cons.keyjar[""] = KC_RSA
_state, location = cons.begin(scope="openid email claims_in_id_token",
response_type="code id_token",
path="http://localhost:8087")
print location
resp = server.authorization_endpoint(request=location.split("?")[1])
print resp.message
part = cons.parse_authz(resp.message)
print part
aresp = part[0]
assert part[1] is None
assert part[2] is not None
#aresp = cons.parse_response(AuthorizationResponse, location,
# sformat="urlencoded")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['scope', 'state', 'code', 'id_token'])
print cons.grant[_state].keys()
assert _eq(cons.grant[_state].keys(), [
'code', 'id_token', 'tokens', 'exp_in', 'grant_expiration_time', 'seed'
])
id_token = part[2]
assert isinstance(id_token, IdToken)
print id_token.keys()
assert _eq(id_token.keys(), [
'nonce', 'c_hash', 'sub', 'iss', 'acr', 'exp', 'auth_time', 'iat',
'aud'
])
def test_server_authenticated_token():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
location = cons.begin("openid", response_type="token",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
txt = resp.message
assert "access_token=" in txt
assert "token_type=Bearer" in txt
def test_server_authenticated_none():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
location = cons.begin("openid", response_type="none",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
assert resp.message.startswith("http://localhost:8087/authz")
query_part = resp.message.split("?")[1]
print query_part
assert "state" in query_part
def test_server_authenticated():
server = provider_init
_session_db = {}
cons = Consumer(
_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO,
)
cons.debug = True
cons.keyjar[""] = KC_RSA
_state, location = cons.begin("openid",
"code",
path="http://localhost:8087")
QUERY_STRING = location.split("?")[1]
print QUERY_STRING
resp = server.authorization_endpoint(request=QUERY_STRING)
print resp.message
assert resp.message.startswith("http://localhost:8087/authz")
part = cons.parse_authz(query=location)
aresp = part[0]
assert part[1] is None
assert part[2] is None
#aresp = client.parse_response(AuthorizationResponse, location,
# format="urlencoded",
# state="id-6da9ca0cc23959f5f33e8becd9b08cae")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), [
'request', 'state', 'redirect_uri', 'response_type', 'client_id',
'claims', 'scope'
])
print cons.grant[_state].keys()
assert _eq(cons.grant[_state].keys(), [
'code', 'tokens', 'id_token', 'exp_in', 'seed', 'grant_expiration_time'
])
def test_userinfo_endpoint():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO)
cons.debug = True
cons.client_secret = "drickyoughurt"
cons.config["response_type"] = ["token"]
cons.config["request_method"] = "parameter"
cons.keyjar[""] = KC_RSA
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = server.authorization_endpoint(environ, start_response)
sid = resp[0][len("<form>"):-len("</form>")]
environ2 = create_return_form_env("user", "password", sid)
resp2 = server.authenticated(environ2, start_response)
line = resp2[0]
start = line.index("<title>")
start += len("<title>Redirecting to ")
stop = line.index("</title>")
path, query = line[start:stop].split("?")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = uir.to_urlencoded()
resp3 = server.userinfo_endpoint(environ, start_response)
ident = OpenIDSchema().deserialize(resp3[0], "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
assert ident["sub"] == USERDB["user"]["sub"]
def test_server_authenticated_1():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
location = cons.begin("openid", "code", path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
print resp
aresp = cons.parse_response(AuthorizationResponse, location,
sformat="urlencoded")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['request', 'state', 'redirect_uri', 'claims',
'response_type', 'client_id', 'scope'])
def test_server_authenticated_2():
server = provider_init
server.baseurl = server.name
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
location = cons.begin(scope="openid email claims_in_id_token",
response_type="code id_token",
path="http://localhost:8087")
print location
resp = server.authorization_endpoint(request=location.split("?")[1])
print resp.message
part = cons.parse_authz(resp.message)
print part
aresp = part[0]
assert part[1] is None
assert part[2] is not None
#aresp = cons.parse_response(AuthorizationResponse, location,
# sformat="urlencoded")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['scope', 'state', 'code', 'id_token'])
print cons.grant[cons.state].keys()
assert _eq(cons.grant[cons.state].keys(), ['code', 'id_token', 'tokens',
'exp_in',
'grant_expiration_time', 'seed'])
id_token = part[2]
assert isinstance(id_token, IdToken)
print id_token.keys()
assert _eq(id_token.keys(), ['c_hash', 'sub', 'iss', 'acr', 'exp', 'iat',
'aud', 'nonce'])
def test_server_authenticated_none():
server = provider_init
_session_db = {}
cons = Consumer(
_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO,
)
cons.debug = True
cons.keyjar[""] = KC_RSA
_state, location = cons.begin("openid",
response_type="none",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
assert resp.message.startswith("http://localhost:8087/authz")
query_part = resp.message.split("?")[1]
print query_part
assert "state" in query_part
def test_server_authenticated_token():
server = provider_init
_session_db = {}
cons = Consumer(
_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO,
)
cons.debug = True
cons.keyjar[""] = KC_RSA
_state, location = cons.begin("openid",
response_type="token",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
txt = resp.message
assert "access_token=" in txt
assert "token_type=Bearer" in txt
def test_server_authenticated_1():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
_ = server.authorization_endpoint(environ, start_response)
#sid = resp[0][len("FORM with "):]
environ2 = create_return_form_env("user", "password", "abcd")
resp2 = server.authenticated(environ2, start_response)
print resp2
assert resp2 == ['<html>Could not find session</html>']
def test_server_authenticated():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO, )
cons.debug = True
cons.keyjar[""] = KC_RSA
location = cons.begin("openid", "code", path="http://localhost:8087")
QUERY_STRING = location.split("?")[1]
print QUERY_STRING
resp = server.authorization_endpoint(request=QUERY_STRING)
print resp.message
assert resp.message.startswith("http://localhost:8087/authz")
part = cons.parse_authz(query=location)
aresp = part[0]
assert part[1] is None
assert part[2] is None
#aresp = client.parse_response(AuthorizationResponse, location,
# format="urlencoded",
# state="id-6da9ca0cc23959f5f33e8becd9b08cae")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['request', 'state', 'redirect_uri',
'response_type', 'client_id', 'claims', 'scope'])
print cons.grant[cons.state].keys()
assert _eq(cons.grant[cons.state].keys(), ['tokens', 'id_token', 'exp_in',
'seed', 'grant_expiration_time'])
