def test_verify_strict(key, value, monkeypatch):
result = sign_http_request(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
with pytest.raises(ValidationError):
verify_http_request(signature=result,
strict_query_param_verification=True,
strict_headers_verification=True, **TEST_DATA)
def test_verify_not_strict(key, value, monkeypatch):
result = sign_http_request(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
verify_http_request(signature=result,
strict_query_param_verification=False,
strict_headers_verification=False,
**TEST_DATA)
def test_verify_strict(key, value, monkeypatch):
result = sign_http_request(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
with pytest.raises(ValidationError):
verify_http_request(signature=result,
strict_query_param_verification=True,
strict_headers_verification=True,
**TEST_DATA)
def do_user_info_request(self, method="POST", state="", scope="openid",
request="openid", **kwargs):
kwargs["request"] = request
kwargs["behavior"] = "use_authorization_header"
url, body, method, h_args = self.user_info_request(method, state,
scope, **kwargs)
sign_key = self.keyjar.get_signing_key()[0]
url_parse = urlparse(url)
host = url_parse.netloc
path = url_parse.path
body = sign_http_request(sign_key, "RS256", path=path, headers=h_args["headers"],
method=method, host=host)
body = urlencode({"http_signature": body})
logger.debug("[do_user_info_request] PATH:%s BODY:%s H_ARGS: %s", url, body, h_args)
try:
resp = self.http_request(url, method, data=body, **h_args)
except oauth2.MissingRequiredAttribute:
raise
if resp.status_code == 200:
try:
assert "application/json" in resp.headers["content-type"]
sformat = "json"
except AssertionError:
assert "application/jwt" in resp.headers["content-type"]
sformat = "jwt"
elif resp.status_code == 500:
raise PyoidcError("ERROR: Something went wrong: %s" % resp.text)
else:
raise PyoidcError("ERROR: Something went wrong [%s]: %s" % (
resp.status_code, resp.text))
try:
_schema = kwargs["user_info_schema"]
except KeyError:
_schema = OpenIDSchema
logger.debug("Reponse text: '%s'", resp.text)
_txt = resp.text
if sformat == "json":
res = _schema().from_json(txt=_txt)
else:
res = _schema().from_jwt(_txt, keyjar=self.keyjar,
sender=self.provider_info["issuer"])
self.store_response(res, _txt)
return res
def test_userinfo_endpoint(self, monkeypatch):
access_token = self._pop_token_req(self._authz_req())["access_token"]
bearer_header = "pop {}".format(access_token)
signature = sign_http_request(
CLIENT_KEYJAR.get_signing_key(owner="")[0],
"RS256",
ENVIRON["REQUEST_METHOD"],
HOST, "/userinfo",
headers=dict(
[("Authorization", bearer_header)]))
body = "http_signature={}".format(signature).encode("utf-8")
monkeypatch.setitem(ENVIRON, "HTTP_AUTHORIZATION", bearer_header)
monkeypatch.setitem(ENVIRON, "wsgi.input", BytesIO(body))
monkeypatch.setitem(ENVIRON, "CONTENT_LENGTH", len(body))
resp = self.provider.userinfo_endpoint(
self.provider.parse_request(ENVIRON))
userinfo = json.loads(resp.message)
assert userinfo["nickname"] == USERDB["username"]["nickname"]
assert userinfo["name"] == USERDB["username"]["name"]
assert userinfo["sub"]
def test_verify_fail(key, value, monkeypatch):
result = sign_http_request(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
with pytest.raises(ValidationError):
verify_http_request(signature=result, **TEST_DATA)
def test_verify():
timestamp = 12347456
result = sign_http_request(alg=ALG, time_stamp=12347456, **TEST_DATA)
signature = verify_http_request(signature=result, **TEST_DATA)
assert signature["ts"] == timestamp
def test_sign_empty_http_req():
with pytest.raises(EmptyHTTPRequestError):
sign_http_request(SIGN_KEY, ALG)
def test_verify_not_strict(key, value, monkeypatch):
result = sign_http_request(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
verify_http_request(signature=result,
strict_query_param_verification=False,
strict_headers_verification=False, **TEST_DATA)
def test_verify_fail(key, value, monkeypatch):
result = sign_http_request(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
with pytest.raises(ValidationError):
verify_http_request(signature=result, **TEST_DATA)
def test_verify():
timestamp = 12347456
result = sign_http_request(alg=ALG, time_stamp=12347456, **TEST_DATA)
signature = verify_http_request(signature=result, **TEST_DATA)
assert signature["ts"] == timestamp
def test_sign_empty_http_req():
with pytest.raises(EmptyHTTPRequestError):
sign_http_request(SIGN_KEY, ALG)
