def create_cookie_dealer(self):
cookie_conf = {
"enc_key": SYMKey(k="NXi6HD473d_YS4exVRn7z9z23mGmvU641MuvKqH0o7Y"),
"default_values": {
"name": "oidc_op",
"domain": "127.0.0.1",
"path": "/",
"max_age": 3600,
},
}
self.cookie_dealer = CookieDealer(**cookie_conf)
def create_cookie_dealer(self):
cookie_conf = {
"sign_key":
SYMKey(k="ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch"),
"default_values": {
"name": "oidc_op",
"domain": "127.0.0.1",
"path": "/",
"max_age": 3600,
},
}
self.cookie_dealer = CookieDealer(**cookie_conf)
class TestCookieDealerSignEnc(object):
@pytest.fixture(autouse=True)
def create_cookie_dealer(self):
cookie_conf = {
"sign_key":
SYMKey(k="ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch"),
"enc_key":
SYMKey(k="NXi6HD473d_YS4exVRn7z9z23mGmvU641MuvKqH0o7Y"),
"default_values": {
"name": "oidc_op",
"domain": "127.0.0.1",
"path": "/",
"max_age": 3600,
},
}
self.cookie_dealer = CookieDealer(**cookie_conf)
def test_init(self):
assert self.cookie_dealer
def test_create_cookie(self):
_cookie = self.cookie_dealer.create_cookie("value", "sso")
assert _cookie
def test_read_created_cookie(self):
_cookie = self.cookie_dealer.create_cookie("value", "sso")
_value = self.cookie_dealer.get_cookie_value(_cookie)
assert len(_value) == 3
assert _value[0] == "value"
assert _value[2] == "sso"
def test_delete_cookie(self):
_cookie = self.cookie_dealer.delete_cookie("openid")
_morsel = _cookie["openid"]
assert _morsel["expires"]
_value = self.cookie_dealer.get_cookie_value(_cookie, "openid")
assert _value[0] == ""
assert _value[2] == ""
def test_mult_cookie(self):
_cookie = self.cookie_dealer.create_cookie("value", "sso")
_cookie = self.cookie_dealer.append_cookie(_cookie, "session",
"session_state", "session")
assert len(_cookie) == 2
_value = self.cookie_dealer.get_cookie_value(_cookie, "session")
assert _value[0] == "session_state"
assert _value[2] == "session"
_value = self.cookie_dealer.get_cookie_value(_cookie, "oidc_op")
assert _value[0] == "value"
assert _value[2] == "sso"
'tools.staticdir.content_types': {
'json': 'application/json',
'jwks': 'application/json',
'jose': 'application/jose'
},
'log.screen': True,
'cors.expose_public.on': True
}
}
_server_info_config = config.CONFIG['server_info']
_jwks_config = _server_info_config['jwks']
_kj = init_key_jar(owner=_server_info_config['issuer'], **_jwks_config)
cookie_dealer = CookieDealer(**_server_info_config['cookie_dealer'])
endpoint_context = EndpointContext(config.CONFIG['server_info'],
keyjar=_kj,
cwd=folder,
cookie_dealer=cookie_dealer)
cookie_dealer.endpoint_context = endpoint_context
for endp in endpoint_context.endpoint.values():
p = urlparse(endp.endpoint_path)
_vpath = p.path.split('/')
if _vpath[0] == '':
endp.vpath = _vpath[1:]
else:
endp.vpath = _vpath
def create_endpoint(self):
conf = {
"issuer": ISS,
"password": "******",
"token_expires_in": 600,
"grant_expires_in": 300,
"refresh_token_expires_in": 86400,
"verify_ssl": False,
"capabilities": CAPABILITIES,
"jwks": {"uri_path": "jwks.json", "key_defs": KEYDEFS},
"endpoint": {
"provider_config": {
"path": "{}/.well-known/openid-configuration",
"class": ProviderConfiguration,
"kwargs": {"client_authn_method": None},
},
"registration": {
"path": "{}/registration",
"class": Registration,
"kwargs": {"client_authn_method": None},
},
"authorization": {
"path": "{}/authorization",
"class": Authorization,
"kwargs": {"client_authn_method": None},
},
"token": {"path": "{}/token", "class": AccessToken, "kwargs": {}},
"userinfo": {
"path": "{}/userinfo",
"class": userinfo.UserInfo,
"kwargs": {"db_file": "users.json"},
},
"session": {
"path": "{}/end_session",
"class": Session,
"kwargs": {
"post_logout_uri_path": "post_logout",
"signing_alg": "ES256",
"logout_verify_url": "{}/verify_logout".format(ISS),
"client_authn_method": None,
},
},
},
"authentication": {
"anon": {
"acr": INTERNETPROTOCOLPASSWORD,
"class": "oidcendpoint.user_authn.user.NoAuthn",
"kwargs": {"user": "******"},
}
},
"userinfo": {"class": UserInfo, "kwargs": {"db": USERINFO_db}},
"template_dir": "template",
# 'cookie_name':{
# 'session': 'oidcop',
# 'register': 'oidcreg'
# }
}
cookie_conf = {
"sign_key": "ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch",
"default_values": {
"name": "oidcop",
"domain": "127.0.0.1",
"path": "/",
"max_age": 3600,
},
}
self.cd = CookieDealer(**cookie_conf)
endpoint_context = EndpointContext(conf, cookie_dealer=self.cd, keyjar=KEYJAR)
endpoint_context.cdb = {
"client_1": {
"client_secret": "hemligt",
"redirect_uris": [("{}cb".format(CLI1), None)],
"client_salt": "salted",
"token_endpoint_auth_method": "client_secret_post",
"response_types": ["code", "token", "code id_token", "id_token"],
"post_logout_redirect_uris": [("{}logout_cb".format(CLI1), "")],
},
"client_2": {
"client_secret": "hemligare",
"redirect_uris": [("{}cb".format(CLI2), None)],
"client_salt": "saltare",
"token_endpoint_auth_method": "client_secret_post",
"response_types": ["code", "token", "code id_token", "id_token"],
"post_logout_redirect_uris": [("{}logout_cb".format(CLI2), "")],
},
}
self.authn_endpoint = endpoint_context.endpoint["authorization"]
self.session_endpoint = endpoint_context.endpoint["session"]
self.token_endpoint = endpoint_context.endpoint["token"]
def create_authn_broker(self):
conf = {
"issuer": "https://example.com/",
"password": "******",
"token_expires_in": 600,
"grant_expires_in": 300,
"refresh_token_expires_in": 86400,
"verify_ssl": False,
"capabilities": CAPABILITIES,
"jwks": {"uri_path": "static/jwks.json", "key_defs": KEYDEFS},
"id_token": {
"class": IDToken,
"kwargs": {
"default_claims": {
"email": {"essential": True},
"email_verified": {"essential": True},
}
},
},
"endpoint": {
"provider_config": {
"path": "{}/.well-known/openid-configuration",
"class": ProviderConfiguration,
"kwargs": {},
},
"authorization": {
"path": "{}/authorization",
"class": Authorization,
"kwargs": {},
},
"token": {"path": "{}/token", "class": AccessToken, "kwargs": {}},
},
"authentication": METHOD,
"userinfo": {"class": UserInfo, "kwargs": {"db": USERINFO_db}},
"template_dir": "template",
}
cookie_conf = {
"sign_key": SYMKey(k="ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch"),
"default_values": {
"name": "oidcop",
"domain": "127.0.0.1",
"path": "/",
"max_age": 3600,
},
}
cookie_dealer = CookieDealer(**cookie_conf)
endpoint_context = EndpointContext(conf, cookie_dealer=cookie_dealer)
endpoint_context.cdb["client_1"] = {
"client_secret": "hemligt",
"redirect_uris": [("https://example.com/cb", None)],
"client_salt": "salted",
"token_endpoint_auth_method": "client_secret_post",
"response_types": [
"code",
"token",
"code id_token",
"id_token",
"code id_token token",
],
}
endpoint_context.keyjar.import_jwks(
endpoint_context.keyjar.export_jwks(True, ""), conf["issuer"]
)
self.endpoint_context = endpoint_context
"default_values": {
"name": "oidc_op",
"domain": "example.com",
"path": "/",
"max_age": 3600,
},
}
client_id = "client_id"
client_secret = "a_longer_client_secret"
# Need to add the client_secret as a symmetric key bound to the client_id
KEYJAR.add_symmetric(client_id, client_secret, ["sig"])
endpoint_context = EndpointContext(conf, keyjar=KEYJAR)
endpoint_context.cdb[client_id] = {"client_secret": client_secret}
endpoint_context.cookie_dealer = CookieDealer(**cookie_conf)
def test_new_cookie():
kaka = new_cookie(endpoint_context,
"foobar",
client_id="client_id",
sid="sessionID")
assert isinstance(kaka, SimpleCookie)
assert {"foobar"} == set(kaka.keys())
val = endpoint_context.cookie_dealer.get_cookie_value(kaka, "foobar")
assert isinstance(val, tuple)
b64val, ts, typ = val
info = cookie_value(b64val)
assert set(info.keys()) == {"client_id", "sid"}
