def test_server_authenticated_1(): server = provider_init _session_db = {} cons = Consumer( _session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA state, location = cons.begin("openid", "code", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) print resp aresp = cons.parse_response(AuthorizationResponse, location, sformat="urlencoded") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), [ 'request', 'state', 'redirect_uri', 'claims', 'response_type', 'client_id', 'scope' ])
def test_userinfo_endpoint(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO) cons.debug = True cons.client_secret = "drickyoughurt" cons.config["response_type"] = ["token"] cons.config["request_method"] = "parameter" cons.keyjar[""] = KC_RSA location = cons.begin("openid", "token", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) line = resp.message path, query = line.split("?") # redirect atr = AuthorizationResponse().deserialize(query, "urlencoded") uir = UserInfoRequest(access_token=atr["access_token"], schema="openid") resp3 = server.userinfo_endpoint(request=uir.to_urlencoded()) ident = OpenIDSchema().deserialize(resp3.message, "json") print ident.keys() assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email']) assert ident["sub"] == USERDB["username"]["sub"]
def test_server_authenticated_none(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA cons.response_type = "none" environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = server.authorization_endpoint(environ, start_response) sid = resp[0][len("<form>"):-len("</form>")] environ2 = create_return_form_env("user", "password", sid) resp2 = server.authenticated(environ2, start_response) assert len(resp2) == 1 txt = resp2[0] pos0 = txt.index("<title>") + len("<title>Redirecting to ") pos1 = txt.index("</title>") location = txt[pos0:pos1] print location assert location.startswith("http://localhost:8087/authz") query = location.split("?")[1] print query assert "token_type=Bearer" in query
def test_server_authenticated_token(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA cons.config["response_type"] = ["token"] environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = server.authorization_endpoint(environ, start_response) sid = resp[0][len("<form>"):-len("</form>")] environ2 = create_return_form_env("user", "password", sid) resp2 = server.authenticated(environ2, start_response) assert len(resp2) == 1 txt = resp2[0] assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_userinfo_endpoint(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO) cons.debug = True cons.client_secret = "drickyoughurt" cons.config["response_type"] = ["token"] cons.config["request_method"] = "parameter" cons.keyjar[""] = KC_RSA state, location = cons.begin("openid", "token", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) line = resp.message path, query = line.split("#") # redirect atr = AuthorizationResponse().deserialize(query, "urlencoded") uir = UserInfoRequest(access_token=atr["access_token"], schema="openid") resp3 = server.userinfo_endpoint(request=uir.to_urlencoded()) ident = OpenIDSchema().deserialize(resp3.message, "json") print ident.keys() assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
def test_server_authenticated(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = server.authorization_endpoint(environ, start_response) sid = resp[0][len("<form>"):-len("</form>")] environ2 = create_return_form_env("user", "password", sid) resp2 = server.authenticated(environ2, start_response) print resp2[0] assert len(resp2) == 1 txt = resp2[0] pos0 = txt.index("<title>") + len("<title>Redirecting to ") pos1 = txt.index("</title>") location = txt[pos0:pos1] print location assert location.startswith("http://localhost:8087/authz") environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location part = cons.parse_authz(environ, start_response) aresp = part[0] assert part[1] is None assert part[2] is None #aresp = client.parse_response(AuthorizationResponse, location, # format="urlencoded", # state="id-6da9ca0cc23959f5f33e8becd9b08cae") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['code', 'state', 'scope']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), ['code', 'id_token', 'tokens', 'exp_in', 'grant_expiration_time', 'seed'])
def test_server_authenticated_2(): server = provider_init server.baseurl = server.name _session_db = {} cons = Consumer( _session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA _state, location = cons.begin(scope="openid email claims_in_id_token", response_type="code id_token", path="http://localhost:8087") print location resp = server.authorization_endpoint(request=location.split("?")[1]) print resp.message part = cons.parse_authz(resp.message) print part aresp = part[0] assert part[1] is None assert part[2] is not None #aresp = cons.parse_response(AuthorizationResponse, location, # sformat="urlencoded") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['scope', 'state', 'code', 'id_token']) print cons.grant[_state].keys() assert _eq(cons.grant[_state].keys(), [ 'code', 'id_token', 'tokens', 'exp_in', 'grant_expiration_time', 'seed' ]) id_token = part[2] assert isinstance(id_token, IdToken) print id_token.keys() assert _eq(id_token.keys(), [ 'nonce', 'c_hash', 'sub', 'iss', 'acr', 'exp', 'auth_time', 'iat', 'aud' ])
def test_server_authenticated_token(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA location = cons.begin("openid", response_type="token", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) txt = resp.message assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_server_authenticated_none(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA location = cons.begin("openid", response_type="none", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) assert resp.message.startswith("http://localhost:8087/authz") query_part = resp.message.split("?")[1] print query_part assert "state" in query_part
def test_server_authenticated(): server = provider_init _session_db = {} cons = Consumer( _session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA _state, location = cons.begin("openid", "code", path="http://localhost:8087") QUERY_STRING = location.split("?")[1] print QUERY_STRING resp = server.authorization_endpoint(request=QUERY_STRING) print resp.message assert resp.message.startswith("http://localhost:8087/authz") part = cons.parse_authz(query=location) aresp = part[0] assert part[1] is None assert part[2] is None #aresp = client.parse_response(AuthorizationResponse, location, # format="urlencoded", # state="id-6da9ca0cc23959f5f33e8becd9b08cae") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), [ 'request', 'state', 'redirect_uri', 'response_type', 'client_id', 'claims', 'scope' ]) print cons.grant[_state].keys() assert _eq(cons.grant[_state].keys(), [ 'code', 'tokens', 'id_token', 'exp_in', 'seed', 'grant_expiration_time' ])
def test_userinfo_endpoint(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO) cons.debug = True cons.client_secret = "drickyoughurt" cons.config["response_type"] = ["token"] cons.config["request_method"] = "parameter" cons.keyjar[""] = KC_RSA environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = server.authorization_endpoint(environ, start_response) sid = resp[0][len("<form>"):-len("</form>")] environ2 = create_return_form_env("user", "password", sid) resp2 = server.authenticated(environ2, start_response) line = resp2[0] start = line.index("<title>") start += len("<title>Redirecting to ") stop = line.index("</title>") path, query = line[start:stop].split("?") # redirect atr = AuthorizationResponse().deserialize(query, "urlencoded") uir = UserInfoRequest(access_token=atr["access_token"], schema="openid") environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = uir.to_urlencoded() resp3 = server.userinfo_endpoint(environ, start_response) ident = OpenIDSchema().deserialize(resp3[0], "json") print ident.keys() assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email']) assert ident["sub"] == USERDB["user"]["sub"]
def test_server_authenticated_1(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA location = cons.begin("openid", "code", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) print resp aresp = cons.parse_response(AuthorizationResponse, location, sformat="urlencoded") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['request', 'state', 'redirect_uri', 'claims', 'response_type', 'client_id', 'scope'])
def test_server_authenticated_2(): server = provider_init server.baseurl = server.name _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA location = cons.begin(scope="openid email claims_in_id_token", response_type="code id_token", path="http://localhost:8087") print location resp = server.authorization_endpoint(request=location.split("?")[1]) print resp.message part = cons.parse_authz(resp.message) print part aresp = part[0] assert part[1] is None assert part[2] is not None #aresp = cons.parse_response(AuthorizationResponse, location, # sformat="urlencoded") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['scope', 'state', 'code', 'id_token']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), ['code', 'id_token', 'tokens', 'exp_in', 'grant_expiration_time', 'seed']) id_token = part[2] assert isinstance(id_token, IdToken) print id_token.keys() assert _eq(id_token.keys(), ['c_hash', 'sub', 'iss', 'acr', 'exp', 'iat', 'aud', 'nonce'])
def test_server_authenticated_none(): server = provider_init _session_db = {} cons = Consumer( _session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA _state, location = cons.begin("openid", response_type="none", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) assert resp.message.startswith("http://localhost:8087/authz") query_part = resp.message.split("?")[1] print query_part assert "state" in query_part
def test_server_authenticated_token(): server = provider_init _session_db = {} cons = Consumer( _session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA _state, location = cons.begin("openid", response_type="token", path="http://localhost:8087") resp = server.authorization_endpoint(request=location.split("?")[1]) txt = resp.message assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_server_authenticated_1(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] _ = server.authorization_endpoint(environ, start_response) #sid = resp[0][len("FORM with "):] environ2 = create_return_form_env("user", "password", "abcd") resp2 = server.authenticated(environ2, start_response) print resp2 assert resp2 == ['<html>Could not find session</html>']
def test_server_authenticated(): server = provider_init _session_db = {} cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG, server_info=SERVER_INFO, ) cons.debug = True cons.keyjar[""] = KC_RSA location = cons.begin("openid", "code", path="http://localhost:8087") QUERY_STRING = location.split("?")[1] print QUERY_STRING resp = server.authorization_endpoint(request=QUERY_STRING) print resp.message assert resp.message.startswith("http://localhost:8087/authz") part = cons.parse_authz(query=location) aresp = part[0] assert part[1] is None assert part[2] is None #aresp = client.parse_response(AuthorizationResponse, location, # format="urlencoded", # state="id-6da9ca0cc23959f5f33e8becd9b08cae") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['request', 'state', 'redirect_uri', 'response_type', 'client_id', 'claims', 'scope']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), ['tokens', 'id_token', 'exp_in', 'seed', 'grant_expiration_time'])