def test_cookie_dealer_1():
cd = CookieDealer(DummyServer())
kaka = cd.create_cookie("Something to pass along", "sso", "Foobar")
#print kaka
value, _ts, typ = cd.get_cookie_value(kaka[1], "Foobar")
assert value == "Something to pass along"
assert typ == "sso"
def test_cookie_dealer_1():
cd = CookieDealer(DummyServer())
kaka = cd.create_cookie("Something to pass along", "sso", "Foobar")
# print kaka
value, _ts, typ = cd.get_cookie_value(kaka[1], "Foobar")
assert value == "Something to pass along"
assert typ == "sso"
def _create_cookie(self, user, client_id, c_type="sso"):
cd = CookieDealer(self.provider)
set_cookie = cd.create_cookie("{}][{}".format(user, client_id), c_type,
self.provider.sso_cookie_name)
cookies_string = set_cookie[1]
all_cookies = SimpleCookie() # type: SimpleCookie
try:
cookies_string = cookies_string.decode()
except (AttributeError, UnicodeDecodeError):
pass
all_cookies.load(cookies_string)
return all_cookies
def __init__(self,
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey="",
urlmap=None,
iv=0,
default_scope="",
ca_bundle=None,
verify_ssl=True,
default_acr="",
baseurl='',
server_cls=Server,
client_cert=None):
self.name = name
self.sdb = sdb
self.cdb = cdb
self.server = server_cls(ca_certs=ca_bundle,
verify_ssl=verify_ssl,
client_cert=client_cert)
self.authn_broker = authn_broker
if authn_broker is None:
# default cookie function
self.cookie_func = CookieDealer(srv=self).create_cookie
else:
self.cookie_func = self.authn_broker[0][0].create_cookie
for item in self.authn_broker:
item.srv = self
self.authz = authz
self.client_authn = client_authn
self.symkey = symkey
self.seed = rndstr().encode("utf-8")
self.iv = iv or os.urandom(16)
self.cookie_name = "pyoidc"
self.default_scope = default_scope
self.sso_ttl = 0
self.default_acr = default_acr
if urlmap is None:
self.urlmap = {}
else:
self.urlmap = urlmap
self.response_type_map = {
"code": code_response,
"token": token_response,
"none": none_response,
}
self.session_cookie_name = "pyoic_session"
self.baseurl = baseurl
self.keyjar = None
self.trace = None
self.events = None
def test_cookie_dealer_with_path(self):
class DomServer:
def __init__(self):
self.symkey = b"0123456789012345"
self.cookie_path = "/oidc"
cookie_dealer = CookieDealer(DomServer())
cookie_value = "Something to pass along"
cookie_typ = "sso"
cookie_name = "Foobar"
kaka = cookie_dealer.create_cookie(cookie_value, cookie_typ, cookie_name)
C = SimpleCookie()
C.load(kaka[1])
assert C[cookie_name]["path"] == "/oidc"
def test_cookie_dealer_improperly_configured(self):
class BadServer():
def __init__(self):
self.symkey = ""
with pytest.raises(ImproperlyConfigured) as err:
CookieDealer(BadServer())
expected_msg = "CookieDealer.srv.symkey cannot be an empty value"
assert expected_msg in str(err.value)
def test_cookie_dealer_with_domain(self):
class DomServer:
def __init__(self):
self.symkey = b"0123456789012345"
self.cookie_domain = "op.example.org"
cookie_dealer = CookieDealer(DomServer())
cookie_value = "Something to pass along"
cookie_typ = "sso"
cookie_name = "Foobar"
kaka = cookie_dealer.create_cookie(cookie_value, cookie_typ, cookie_name)
C: SimpleCookie = SimpleCookie()
C.load(kaka[1])
assert C[cookie_name]["domain"] == "op.example.org"
def test_cookie_dealer_with_domain(self):
class DomServer():
def __init__(self):
self.symkey = b"0123456789012345"
self.cookie_domain = "op.example.org"
cookie_dealer = CookieDealer(DomServer())
cookie_value = "Something to pass along"
cookie_typ = "sso"
cookie_name = "Foobar"
kaka = cookie_dealer.create_cookie(cookie_value, cookie_typ,
cookie_name)
C = SimpleCookie()
C.load(kaka[1])
assert C[cookie_name]["domain"] == "op.example.org"
def test_create_cookie_value_no_secure(self):
cookie_value = "Something to pass along"
cookie_typ = "sso"
cookie_name = "Foobar"
class DummyServer:
def __init__(self):
self.symkey = b"0123456789012345"
cookie_dealer = CookieDealer(DummyServer(), secure=False)
kaka = cookie_dealer.create_cookie(cookie_value, cookie_typ, cookie_name)
value, timestamp, typ = cookie_dealer.get_cookie_value(kaka[1], "Foobar")
assert (value, typ) == (cookie_value, cookie_typ)
t = SimpleCookie()
t.load(kaka[1])
morsel = t["Foobar"]
assert not morsel["secure"]
assert morsel["httponly"]
def test_cookie_dealer_with_domain(self):
class DomServer():
def __init__(self):
self.symkey = b"0123456789012345"
self.cookie_domain = "op.example.org"
cookie_dealer = CookieDealer(DomServer())
cookie_value = "Something to pass along"
cookie_typ = "sso"
cookie_name = "Foobar"
kaka = cookie_dealer.create_cookie(cookie_value, cookie_typ,
cookie_name)
C = SimpleCookie()
if PY2:
# the backported SimpleCookie wants py3 str
C.load(newstr(kaka[1]))
else:
C.load(kaka[1])
assert C[cookie_name]["domain"] == "op.example.org"
def __init__(self, name, sdb, cdb, authn_broker, authz, client_authn,
symkey=None, urlmap=None, iv=0, default_scope="",
verify_ssl=True, default_acr="",
baseurl='', server_cls=Server, client_cert=None):
self.name = name
self.sdb = sdb
if not isinstance(cdb, BaseClientDatabase):
warnings.warn('ClientDatabase should be an instance of '
'oic.utils.clientdb.BaseClientDatabase to ensure proper API.')
self.cdb = cdb
self.server = server_cls(verify_ssl=verify_ssl, client_cert=client_cert)
self.authn_broker = authn_broker
if authn_broker is None:
# default cookie function
self.cookie_func = CookieDealer(srv=self).create_cookie
else:
self.cookie_func = self.authn_broker[0][0].create_cookie
for item in self.authn_broker:
item.srv = self
self.authz = authz
self.client_authn = client_authn
self.symkey = symkey
self.seed = rndstr().encode("utf-8")
self.iv = iv or os.urandom(16)
self.cookie_name = "pyoidc"
self.cookie_domain = ""
self.cookie_path = ""
self.default_scope = default_scope
self.sso_ttl = 0
self.default_acr = default_acr
if urlmap is None:
self.urlmap = {}
else:
self.urlmap = urlmap
self.response_type_map = {
"code": code_response,
"token": token_response,
"none": none_response,
}
self.session_cookie_name = "pyoic_session"
self.baseurl = baseurl
self.keyjar = None
self.trace = None
self.events = None
ClaimToken, RPTResponse, IntrospectionRequest, IntrospectionResponse
from uma.message import PermissionRegistrationRequest
from uma.message import PermissionRegistrationResponse
from uma.message import ResourceSetDescription
from uma.message import StatusResponse
from uma.resourcesrv import ResourceServer
import uma_as
from uma.userinfo import UMAUserInfo
__author__ = 'roland'
# AS init
AS_PORT = 8088
AS_BASE = "https://*****:*****@example.org",
},
"linda": {
"displayName": "Linda Lindgren",
def cookie_dealer():
class DummyServer():
def __init__(self):
self.symkey = b"0123456789012345"
return CookieDealer(DummyServer())
from saml2.httputil import ServiceError
from saml2.ident import Unknown
from saml2.s_utils import rndstr, exception_trace
from saml2.s_utils import UnknownPrincipal
from saml2.s_utils import UnsupportedBinding
from saml2.s_utils import PolicyError
from saml2.sigver import verify_redirect_signature
from uma.userinfo import UMAUserInfo
from oic.utils.http_util import Response as oicResponse
from oic.utils.http_util import InvalidCookieSign
from oic.utils.http_util import CookieDealer
logger = logging.getLogger("saml2.idp")
CookieHandler = CookieDealer(None)
COOKIE_NAME = "idp_uma"
class Cache(object):
def __init__(self):
self.user2uid = {}
self.uid2user = {}
self.spq = {}
def _expiration(timeout, tformat="%a, %d-%b-%Y %H:%M:%S GMT"):
"""
:param timeout:
:param tformat:
def __init__(self, srv, ttl=5):
CookieDealer.__init__(self, srv, ttl)
self.query_param = "upm_answer"
def __init__(
self,
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey=None,
urlmap=None,
iv=0,
default_scope="",
verify_ssl=True,
default_acr="",
keyjar=None,
baseurl="",
server_cls=Server,
client_cert=None,
message_factory=OauthMessageFactory,
capabilities=None,
jwks_uri="",
):
self.name = name
self.sdb = sdb
if not isinstance(cdb, BaseClientDatabase):
warnings.warn(
"ClientDatabase should be an instance of "
"oic.utils.clientdb.BaseClientDatabase to ensure proper API.")
self.cdb = cdb
self.server = server_cls(
verify_ssl=verify_ssl,
client_cert=client_cert,
keyjar=keyjar,
message_factory=message_factory,
)
self.authn_broker = authn_broker
if authn_broker is None:
# default cookie function
self.cookie_func = CookieDealer(srv=self).create_cookie
else:
self.cookie_func = self.authn_broker[0][0].create_cookie
for item in self.authn_broker:
item.srv = self
self.authz = authz
self.client_authn = client_authn
self.symkey = symkey
self.seed = rndstr().encode("utf-8")
self.iv = iv or os.urandom(16)
self.cookie_name = "pyoidc"
self.cookie_domain = ""
self.cookie_path = ""
self.default_scope = default_scope
self.sso_ttl = 0
self.default_acr = default_acr
if urlmap is None:
self.urlmap = {} # type: Dict[str, List[str]]
else:
self.urlmap = urlmap
self.response_type_map = {
"code": code_response,
"token": token_response,
"none": none_response,
}
self.session_cookie_name = "pyoic_session"
self.sso_cookie_name = "pyoidc_sso"
self.baseurl = baseurl
self.keyjar = None
self.trace = None
self.events = None
self.scopes = ["offline_access"]
self.jwks_uri = jwks_uri
if capabilities:
self.verify_capabilities(capabilities)
self.capabilities = self.message_factory.get_response_type(
"configuration_endpoint")(**capabilities)
else:
self.capabilities = self.provider_features()
self.capabilities["issuer"] = self.name
def __init__(self, srv, ttl=5):
CookieDealer.__init__(self, srv, ttl)
self.query_param = "upm_answer"
