def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id( self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = [ "user_id", "domain" ] base = SATOSABase(satosa_config) internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.attributes = { "user_id": ["user"], "domain": ["@example.com"] } internal_resp.requester = "test_requester" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing. STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] UserIdHasher.save_state(InternalRequest(UserIdHashType.persistent, ""), context.state) base._auth_resp_callback_func(context, internal_resp) expected_user_id = UserIdHasher.hash_data( satosa_config["USER_ID_HASH_SALT"], "*****@*****.**") expected_user_id = UserIdHasher.hash_id( satosa_config["USER_ID_HASH_SALT"], expected_user_id, internal_resp.requester, context.state) assert internal_resp.user_id == expected_user_id
def _auth_req_callback_func(self, context, internal_request): """ This function is called by a frontend module when an authorization request has been processed. :type context: satosa.context.Context :type internal_request: satosa.internal_data.InternalRequest :rtype: satosa.response.Response :param context: The request context :param internal_request: request processed by the frontend :return: response """ state = context.state state.add(SATOSABase.STATE_KEY, internal_request.requestor) satosa_logging(LOGGER, logging.INFO, "Requesting provider: {}".format(internal_request.requestor), state) context.request = None backend = self.module_router.backend_routing(context) self.consent_module.save_state(internal_request, state) UserIdHasher.save_state(internal_request, state) if self.request_micro_services: internal_request = self.request_micro_services.process_service_queue(context, internal_request) return backend.start_auth(context, internal_request)
def _account_linking_callback_func(self, context, internal_response): """ This function is called by the account linking module when the linking step is done :type context: satosa.context.Context :type internal_response: satosa.internal_data.InternalResponse :rtype: satosa.response.Response :param context: The response context :param internal_response: The authentication response :return: response """ user_id = UserIdHasher.hash_id(self.config.USER_ID_HASH_SALT, internal_response.get_user_id(), internal_response.to_requestor, context.state) internal_response.set_user_id(user_id) internal_response.set_user_id_hash_type(UserIdHasher.hash_type(context.state)) user_id_to_attr = self.config.INTERNAL_ATTRIBUTES.get("user_id_to_attr", None) if user_id_to_attr: attributes = internal_response.get_attributes() attributes[user_id_to_attr] = internal_response.get_user_id() internal_response.add_attributes(attributes) # Hash all attributes specified in INTERNAL_ATTRIBUTES["hash] hash_attributes = self.config.INTERNAL_ATTRIBUTES.get("hash", []) internal_attributes = internal_response.get_attributes() for attribute in hash_attributes: internal_attributes[attribute] = UserIdHasher.hash_data(self.config.USER_ID_HASH_SALT, internal_attributes[attribute]) return self.consent_module.manage_consent(context, internal_response)
def _auth_req_callback_func(self, context, internal_request): """ This function is called by a frontend module when an authorization request has been processed. :type context: satosa.context.Context :type internal_request: satosa.internal_data.InternalRequest :rtype: satosa.response.Response :param context: The request context :param internal_request: request processed by the frontend :return: response """ state = context.state state.add(SATOSABase.STATE_KEY, internal_request.requestor) satosa_logging( LOGGER, logging.INFO, "Requesting provider: {}".format(internal_request.requestor), state) context.request = None backend = self.module_router.backend_routing(context) self.consent_module.save_state(internal_request, state) UserIdHasher.save_state(internal_request, state) if self.request_micro_services: internal_request = self.request_micro_services.process_service_queue( context, internal_request) return backend.start_auth(context, internal_request)
def _account_linking_callback_func(self, context, internal_response): """ This function is called by the account linking module when the linking step is done :type context: satosa.context.Context :type internal_response: satosa.internal_data.InternalResponse :rtype: satosa.response.Response :param context: The response context :param internal_response: The authentication response :return: response """ user_id = UserIdHasher.hash_id(self.config.USER_ID_HASH_SALT, internal_response.get_user_id(), internal_response.to_requestor, context.state) internal_response.set_user_id(user_id) internal_response.set_user_id_hash_type( UserIdHasher.hash_type(context.state)) user_id_to_attr = self.config.INTERNAL_ATTRIBUTES.get( "user_id_to_attr", None) if user_id_to_attr: attributes = internal_response.get_attributes() attributes[user_id_to_attr] = internal_response.get_user_id() internal_response.add_attributes(attributes) # Hash all attributes specified in INTERNAL_ATTRIBUTES["hash] hash_attributes = self.config.INTERNAL_ATTRIBUTES.get("hash", []) internal_attributes = internal_response.get_attributes() for attribute in hash_attributes: internal_attributes[attribute] = UserIdHasher.hash_data( self.config.USER_ID_HASH_SALT, internal_attributes[attribute]) return self.consent_module.manage_consent(context, internal_response)
def _get_id(requestor, user_id, hash_type): state = State() internal_request = InternalRequest(hash_type, requestor) UserIdHasher.save_state(internal_request, state) return UserIdHasher.hash_id(SALT, user_id, requestor, state)
def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id" base = SATOSABase(satosa_config) internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.user_id = "user1234" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) base._auth_resp_callback_func(context, internal_resp) assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
def test_auth_resp_callback_func_respects_user_id_to_attr( self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id" base = SATOSABase(satosa_config) internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.user_id = "user1234" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing. STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) base._auth_resp_callback_func(context, internal_resp) assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"] base = SATOSABase(satosa_config) attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]} internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.attributes = copy.copy(attributes) internal_resp.user_id = "test_user" UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]: assert internal_resp.attributes[attr] == [UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v) for v in attributes[attr]]
def _auth_resp_callback_func(self, context, internal_response): """ This function is called by a backend module when the authorization is complete. :type context: satosa.context.Context :type internal_response: satosa.internal_data.InternalResponse :rtype: satosa.response.Response :param context: The request context :param internal_response: The authentication response :return: response """ context.request = None internal_response.to_requestor = context.state.get(SATOSABase.STATE_KEY) user_id_attr = self.config.INTERNAL_ATTRIBUTES.get("user_id_from_attr", []) if user_id_attr: internal_response.set_user_id_from_attr(user_id_attr) # Hash the user id user_id = UserIdHasher.hash_data(self.config.USER_ID_HASH_SALT, internal_response.get_user_id()) internal_response.set_user_id(user_id) if self.response_micro_services: internal_response = \ self.response_micro_services.process_service_queue(context, internal_response) return self.account_linking_module.manage_al(context, internal_response)
def _auth_resp_callback_func(self, context, internal_response): """ This function is called by a backend module when the authorization is complete. :type context: satosa.context.Context :type internal_response: satosa.internal_data.InternalResponse :rtype: satosa.response.Response :param context: The request context :param internal_response: The authentication response :return: response """ context.request = None internal_response.to_requestor = context.state.get( SATOSABase.STATE_KEY) user_id_attr = self.config.INTERNAL_ATTRIBUTES.get( "user_id_from_attr", []) if user_id_attr: internal_response.set_user_id_from_attr(user_id_attr) # Hash the user id user_id = UserIdHasher.hash_data(self.config.USER_ID_HASH_SALT, internal_response.get_user_id()) internal_response.set_user_id(user_id) if self.response_micro_services: internal_response = \ self.response_micro_services.process_service_queue(context, internal_response) return self.account_linking_module.manage_al(context, internal_response)
def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = ["user_id", "domain"] base = SATOSABase(satosa_config) internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.attributes = {"user_id": ["user"], "domain": ["@example.com"]} internal_resp.requester = "test_requester" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] UserIdHasher.save_state(InternalRequest(UserIdHashType.persistent, ""), context.state) base._auth_resp_callback_func(context, internal_resp) expected_user_id = UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], "*****@*****.**") expected_user_id = UserIdHasher.hash_id(satosa_config["USER_ID_HASH_SALT"], expected_user_id, internal_resp.requester, context.state) assert internal_resp.user_id == expected_user_id
def test_auth_resp_callback_func_hashes_all_specified_attributes( self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"] base = SATOSABase(satosa_config) attributes = { "user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"] } internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.attributes = copy.copy(attributes) internal_resp.user_id = "test_user" UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing. STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]: assert internal_resp.attributes[attr] == [ UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v) for v in attributes[attr] ]