Esempio n. 1
0
 def setUp(self):
     super(IntegrationTestLTI, self).setUp()  # lint-amnesty, pylint: disable=super-with-arguments
     self.hostname = 'testserver'
     self.client.defaults['SERVER_NAME'] = self.hostname
     self.url_prefix = 'http://{}'.format(self.hostname)
     self.configure_lti_provider(
         name='Other Tool Consumer 1',
         enabled=True,
         lti_consumer_key='other1',
         lti_consumer_secret='secret1',
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='LTI Test Tool Consumer',
         enabled=True,
         lti_consumer_key=LTI_CONSUMER_KEY,
         lti_consumer_secret=LTI_CONSUMER_SECRET,
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='Tool Consumer with Secret in Settings',
         enabled=True,
         lti_consumer_key=OTHER_LTI_CONSUMER_KEY,
         lti_consumer_secret='',
         lti_max_timestamp_age=10,
     )
     self.lti = Client(
         client_key=LTI_CONSUMER_KEY,
         client_secret=LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
Esempio n. 2
0
 def test_client_realm_sign_with_additional_realm(self):
     client = Client("client-key", realm="moo-realm")
     uri, header, body = client.sign("http://example-uri", realm="baa-realm")
     self.assertTrue(
         header["Authorization"].startswith('OAuth realm="baa-realm",'))
     # make sure sign() does not override the default realm
     self.assertEqual(client.realm, "moo-realm")
Esempio n. 3
0
 def test_can_load_consumer_secret_from_settings(self):
     lti = Client(
         client_key=OTHER_LTI_CONSUMER_KEY,
         client_secret=OTHER_LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
     (uri, _headers, body) = lti.sign(
         uri=self.url_prefix + LTI_TPA_LOGIN_URL,
         http_method='POST',
         headers={'Content-Type': FORM_ENCODED},
         body={
             'user_id':
             LTI_USER_ID,
             'custom_tpa_next':
             '/account/finish_auth/?course_id=my_course_id&enrollment_action=enroll',
         })
     with self.settings(SOCIAL_AUTH_LTI_CONSUMER_SECRETS={
             OTHER_LTI_CONSUMER_KEY: OTHER_LTI_CONSUMER_SECRET
     }):
         login_response = self.client.post(path=uri,
                                           content_type=FORM_ENCODED,
                                           data=body)
         # The user should be redirected to the registration form
         self.assertEqual(login_response.status_code, 302)
         self.assertTrue(login_response['Location'].endswith(
             reverse('signin_user')))
         register_response = self.client.get(login_response['Location'])
         self.assertContains(
             register_response,
             '"currentProvider": "Tool Consumer with Secret in Settings"',
         )
         self.assertContains(register_response, '"errorMessage": null')
Esempio n. 4
0
 def test_rsa_method(self):
     private_key = ("-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"
                    "S8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG\nAlwXWfzXw"
                    "SMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVa"
                    "h\n5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjT"
                    "MO7IdrwIDAQAB\nAoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9"
                    "GxocdM1m30WyWRFMEz2nKJ8fR\np3vTD4w8yplTOhcoXdQZl0kRoaD"
                    "zrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC\nDY6xveQczE7qt7V"
                    "k7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i\nrf6"
                    "qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVaw"
                    "Ft3UMhe\n542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+"
                    "XO/2xKp/d/ty1OIeovx\nC60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZL"
                    "eMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT\nSuy30sKjLzqoGw1kR+wv7"
                    "C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA\nkmaMg2PNr"
                    "jUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzV"
                    "S\nJzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lT"
                    "LVduVgh4v5yLT\nGa6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPv"
                    "dMlxqXA==\n-----END RSA PRIVATE KEY-----")
     client = Client('client_key',
                     signature_method=SIGNATURE_RSA,
                     rsa_key=private_key,
                     timestamp='1234567890',
                     nonce='abc')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="RSA-SHA1", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="ktvzkUhtrIawBcq21DRJrAyysTc3E1Zq5GdGu8EzH'
                'OtbeaCmOBDLGHAcqlm92mj7xp5E1Z6i2vbExPimYAJL7FzkLnkRE5YEJR4'
                'rNtIgAf1OZbYsIUmmBO%2BCLuStuu5Lg3tAluwC7XkkgoXCBaRKT1mUXzP'
                'HJILzZ8iFOvS6w5E%3D"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 5
0
def get_request_token(public_key, secret_key, url, method=u'POST'):
    '''
    
    :param public_key:
    :param secret_key:
    :param url:
    :param method:
    '''
    c = Client(
            unicode(public_key),
            unicode(secret_key), 
            signature_type=SIGNATURE_TYPE_QUERY
    )
    uri, headers, body = c.sign(
            uri=url, 
            http_method=method)
    http = httplib2.Http()

    response, content = httplib2.Http.request(http, uri, 
            method=method, 
            body=body,
            headers=headers
    )

    if response.get('status') != '200':
        raise Exception("Invalid request token response: %s." % content)

    tokens = dict(urlparse.parse_qsl(content))
    token = tokens.get('oauth_token')
    token_secret = tokens.get('oauth_token_secret')
    return unicode(token), unicode(token_secret)
Esempio n. 6
0
 def test_uri_provided_realm(self):
     client = Client("foo", callback_uri="https://c.b/cb", client_secret="bar")
     uri = self.uri + "?realm=foo"
     _, headers, _ = client.sign(uri)
     u, h, b, s = self.endpoint.create_request_token_response(uri, headers=headers)
     self.assertEqual(s, 200)
     self.assertIn("oauth_token", b)
Esempio n. 7
0
 def test_check_redirect_uri(self):
     client = Client('foo')
     uri, headers, _ = client.sign(self.uri)
     h, b, s = self.endpoint.create_request_token_response(
             uri, headers=headers)
     self.assertEqual(s, 400)
     self.assertIn('invalid_request', b)
Esempio n. 8
0
def get_access_token(request_token, request_token_secret, 
                     access_token_url, access_token_method,
                     public_key, secret_key,
                     verifier):
    """
    Returns access token and access token secret
    """
    c = Client(public_key,
        secret_key,
        resource_owner_key=request_token,
        resource_owner_secret=request_token_secret,
        signature_type=SIGNATURE_TYPE_QUERY,
        verifier=verifier
    )

    uri, headers, body =  c.sign(uri=access_token_url, http_method=access_token_method)
    http = httplib2.Http()

    response, content = httplib2.Http.request(http, uri, method=access_token_method, body=body,
        headers=headers)

    if response.get('status') != '200':
        raise Exception("Invalid access token response: %s." % content)

    tokens = dict(urlparse.parse_qsl(content))
    access_token = tokens.get('oauth_token')
    access_token_secret = tokens.get('oauth_token_secret')
    return access_token, access_token_secret
Esempio n. 9
0
 def setUp(self):
     super().setUp()
     self.hostname = 'testserver'
     self.client.defaults['SERVER_NAME'] = self.hostname
     self.url_prefix = f'http://{self.hostname}'
     self.configure_lti_provider(
         name='Other Tool Consumer 1',
         enabled=True,
         lti_consumer_key='other1',
         lti_consumer_secret='secret1',
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='LTI Test Tool Consumer',
         enabled=True,
         lti_consumer_key=LTI_CONSUMER_KEY,
         lti_consumer_secret=LTI_CONSUMER_SECRET,
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='Tool Consumer with Secret in Settings',
         enabled=True,
         lti_consumer_key=OTHER_LTI_CONSUMER_KEY,
         lti_consumer_secret='',
         lti_max_timestamp_age=10,
     )
     self.lti = Client(
         client_key=LTI_CONSUMER_KEY,
         client_secret=LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
Esempio n. 10
0
 def test_client_realm_sign_with_additional_realm(self):
     client = Client("client-key", realm="moo-realm")
     uri, header, body = client.sign("example-uri", realm="baa-realm")
     self.assertTrue(
         header["Authorization"].startswith('OAuth realm="baa-realm",'))
     # make sure sign() does not override the default realm
     self.assertEqual(client.realm, "moo-realm")
Esempio n. 11
0
 def setUp(self):
     super(IntegrationTestLTI, self).setUp()
     self.configure_lti_provider(
         name='Other Tool Consumer 1',
         enabled=True,
         lti_consumer_key='other1',
         lti_consumer_secret='secret1',
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='LTI Test Tool Consumer',
         enabled=True,
         lti_consumer_key=LTI_CONSUMER_KEY,
         lti_consumer_secret=LTI_CONSUMER_SECRET,
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='Tool Consumer with Secret in Settings',
         enabled=True,
         lti_consumer_key=OTHER_LTI_CONSUMER_KEY,
         lti_consumer_secret='',
         lti_max_timestamp_age=10,
     )
     self.lti = Client(
         client_key=LTI_CONSUMER_KEY,
         client_secret=LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
 def setUp(self):
     self.validator = MagicMock(wraps=RequestValidator())
     self.validator.check_client_key.return_value = True
     self.validator.check_request_token.return_value = True
     self.validator.check_verifier.return_value = True
     self.validator.allowed_signature_methods = ['HMAC-SHA1']
     self.validator.get_client_secret.return_value = 'bar'
     self.validator.get_request_token_secret.return_value = 'secret'
     self.validator.get_realms.return_value = ['foo']
     self.validator.timestamp_lifetime = 600
     self.validator.validate_client_key.return_value = True
     self.validator.validate_request_token.return_value = True
     self.validator.validate_verifier.return_value = True
     self.validator.validate_timestamp_and_nonce.return_value = True
     self.validator.invalidate_request_token.return_value = True
     self.validator.dummy_client = 'dummy'
     self.validator.dummy_secret = 'dummy'
     self.validator.dummy_request_token = 'dummy'
     self.validator.save_access_token = MagicMock()
     self.endpoint = AccessTokenEndpoint(self.validator)
     self.client = Client('foo',
                          client_secret='bar',
                          resource_owner_key='token',
                          resource_owner_secret='secret',
                          verifier='verfier')
     self.uri, self.headers, self.body = self.client.sign(
         'https://i.b/access_token')
Esempio n. 13
0
 def test_can_load_consumer_secret_from_settings(self):
     lti = Client(
         client_key=OTHER_LTI_CONSUMER_KEY,
         client_secret=OTHER_LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
     (uri, _headers, body) = lti.sign(
         uri=self.url_prefix + LTI_TPA_LOGIN_URL, http_method='POST',
         headers={'Content-Type': FORM_ENCODED},
         body={
             'user_id': LTI_USER_ID,
             'custom_tpa_next': '/account/finish_auth/?course_id=my_course_id&enrollment_action=enroll',
         }
     )
     with self.settings(SOCIAL_AUTH_LTI_CONSUMER_SECRETS={OTHER_LTI_CONSUMER_KEY: OTHER_LTI_CONSUMER_SECRET}):
         login_response = self.client.post(path=uri, content_type=FORM_ENCODED, data=body)
         # The user should be redirected to the registration form
         self.assertEqual(login_response.status_code, 302)
         self.assertTrue(login_response['Location'].endswith(reverse('signin_user')))
         register_response = self.client.get(login_response['Location'])
         self.assertEqual(register_response.status_code, 200)
         self.assertIn(
             '"currentProvider": "Tool Consumer with Secret in Settings"',
             register_response.content
         )
         self.assertIn('"errorMessage": null', register_response.content)
Esempio n. 14
0
 def test_rsa_method(self):
     private_key = (
         "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"
         "S8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG\nAlwXWfzXw"
         "SMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVa"
         "h\n5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjT"
         "MO7IdrwIDAQAB\nAoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9"
         "GxocdM1m30WyWRFMEz2nKJ8fR\np3vTD4w8yplTOhcoXdQZl0kRoaD"
         "zrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC\nDY6xveQczE7qt7V"
         "k7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i\nrf6"
         "qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVaw"
         "Ft3UMhe\n542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+"
         "XO/2xKp/d/ty1OIeovx\nC60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZL"
         "eMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT\nSuy30sKjLzqoGw1kR+wv7"
         "C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA\nkmaMg2PNr"
         "jUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzV"
         "S\nJzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lT"
         "LVduVgh4v5yLT\nGa6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPv"
         "dMlxqXA==\n-----END RSA PRIVATE KEY-----"
     )
     client = Client('client_key', signature_method=SIGNATURE_RSA,
         rsa_key=private_key, timestamp='1234567890', nonce='abc')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="RSA-SHA1", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="ktvzkUhtrIawBcq21DRJrAyysTc3E1Zq5GdGu8EzH'
                'OtbeaCmOBDLGHAcqlm92mj7xp5E1Z6i2vbExPimYAJL7FzkLnkRE5YEJR4'
                'rNtIgAf1OZbYsIUmmBO%2BCLuStuu5Lg3tAluwC7XkkgoXCBaRKT1mUXzP'
                'HJILzZ8iFOvS6w5E%3D"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 15
0
 def test_validate_signature(self):
     client = Client('foo',
                     resource_owner_key='token',
                     resource_owner_secret='secret')
     _, headers, _ = client.sign(self.uri + '/extra')
     v, r = self.endpoint.validate_protected_resource_request(
         self.uri, headers=headers)
     self.assertFalse(v)
Esempio n. 16
0
 def test_hmac_sha1_method(self):
     client = Client('client_key', timestamp='1234567890', nonce='abc')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="HMAC-SHA1", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="hH5BWYVqo7QI4EmPBUUe9owRUUQ%3D"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 17
0
 def test_validate_signature(self):
     client = Client('foo',
             resource_owner_key='token',
             resource_owner_secret='secret')
     _, headers, _ = client.sign(self.uri + '/extra')
     v, r = self.endpoint.validate_protected_resource_request(
             self.uri, headers=headers)
     self.assertFalse(v)
Esempio n. 18
0
 def test_hmac_sha1_method(self):
     client = Client('client_key', timestamp='1234567890', nonce='abc')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="HMAC-SHA1", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="hH5BWYVqo7QI4EmPBUUe9owRUUQ%3D"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 19
0
 def test_uri_provided_realm(self):
     client = Client('foo', callback_uri='https://c.b/cb',
             client_secret='bar')
     uri = self.uri + '?realm=foo'
     _, headers, _ = client.sign(uri)
     h, b, s = self.endpoint.create_request_token_response(
             uri, headers=headers)
     self.assertEqual(s, 200)
     self.assertIn('oauth_token', b)
 def test_validate_signature(self):
     client = Client('foo',
                     resource_owner_key='token',
                     resource_owner_secret='secret',
                     verifier='verfier')
     _, headers, _ = client.sign(self.uri + '/extra')
     h, b, s = self.endpoint.create_access_token_response(self.uri,
                                                          headers=headers)
     self.assertEqual(s, 401)
Esempio n. 21
0
 def test_sign_empty_body(self):
     client = Client('client_key')
     _, h, b = client.sign(
         'http://i.b/path',
         http_method='POST',
         body='',
         headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(h['Content-Type'],
                      'application/x-www-form-urlencoded')
Esempio n. 22
0
 def test_sign_body(self):
     client = Client("client_key")
     _, h, b = client.sign(
         "http://i.b/path",
         http_method="POST",
         body="",
         headers={"Content-Type": "application/x-www-form-urlencoded"},
     )
     self.assertEqual(h["Content-Type"], "application/x-www-form-urlencoded")
Esempio n. 23
0
 def test_validate_signature(self):
     client = Client('foo',
             resource_owner_key='token',
             resource_owner_secret='secret',
             verifier='verfier')
     _, headers, _ = client.sign(self.uri + '/extra')
     h, b, s = self.endpoint.create_access_token_response(
             self.uri, headers=headers)
     self.assertEqual(s, 401)
Esempio n. 24
0
 def test_hmac_sha256_method(self):
     client = Client('client_key', signature_method=SIGNATURE_HMAC_SHA256,
                     timestamp='1234567890', nonce='abc')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="HMAC-SHA256", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="JzgJWBxX664OiMW3WE4MEjtYwOjI%2FpaUWHqtdHe68Es%3D"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 25
0
 def test_decoding(self):
     client = Client('client_key', decoding='utf-8')
     uri, headers, body = client.sign('http://a.b/path?query', body='a=b',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertIsInstance(uri, bytes_type)
     self.assertIsInstance(body, bytes_type)
     for k, v in headers.items():
         self.assertIsInstance(k, bytes_type)
         self.assertIsInstance(v, bytes_type)
Esempio n. 26
0
 def test_decoding(self):
     client = Client('client_key', decoding='utf-8')
     uri, headers, body = client.sign('http://a.b/path?query',
             http_method='POST', body='a=b',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertIsInstance(uri, bytes_type)
     self.assertIsInstance(body, bytes_type)
     for k, v in headers.items():
         self.assertIsInstance(k, bytes_type)
         self.assertIsInstance(v, bytes_type)
Esempio n. 27
0
 def test_params_in_query(self):
     client = Client('client_key', signature_type=SIGNATURE_TYPE_QUERY,
             timestamp='1378988215', nonce='14205877133089081931378988215')
     u, _, _ = client.sign('http://i.b/path', http_method='POST')
     correct = ('http://i.b/path?oauth_nonce=14205877133089081931378988215&'
                'oauth_timestamp=1378988215&'
                'oauth_version=1.0&'
                'oauth_signature_method=HMAC-SHA1&'
                'oauth_consumer_key=client_key&'
                'oauth_signature=08G5Snvw%2BgDAzBF%2BCmT5KqlrPKo%3D')
     self.assertEqual(u, correct)
Esempio n. 28
0
 def test_params_in_query(self):
     client = Client('client_key', signature_type=SIGNATURE_TYPE_QUERY,
             timestamp='1378988215', nonce='14205877133089081931378988215')
     u, _, _ = client.sign('http://i.b/path', http_method='POST')
     correct = ('http://i.b/path?oauth_nonce=14205877133089081931378988215&'
                'oauth_timestamp=1378988215&'
                'oauth_version=1.0&'
                'oauth_signature_method=HMAC-SHA1&'
                'oauth_consumer_key=client_key&'
                'oauth_signature=08G5Snvw%2BgDAzBF%2BCmT5KqlrPKo%3D')
     self.assertEqual(u, correct)
Esempio n. 29
0
 def test_sign_unicode(self):
     client = Client('client_key', nonce='abc', timestamp='abc')
     _, h, b = client.sign('http://i.b/path', http_method='POST',
             body='status=%E5%95%A6%E5%95%A6',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(b, 'status=%E5%95%A6%E5%95%A6')
     self.assertIn('oauth_signature="yrtSqp88m%2Fc5UDaucI8BXK4oEtk%3D"', h['Authorization'])
     _, h, b = client.sign('http://i.b/path', http_method='POST',
             body='status=%C3%A6%C3%A5%C3%B8',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(b, 'status=%C3%A6%C3%A5%C3%B8')
     self.assertIn('oauth_signature="oG5t3Eg%2FXO5FfQgUUlTtUeeZzvk%3D"', h['Authorization'])
Esempio n. 30
0
 def test_sign_unicode(self):
     client = Client('client_key', nonce='abc', timestamp='abc')
     _, h, b = client.sign('http://i.b/path', http_method='POST',
             body='status=%E5%95%A6%E5%95%A6',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(b, 'status=%E5%95%A6%E5%95%A6')
     self.assertIn('oauth_signature="yrtSqp88m%2Fc5UDaucI8BXK4oEtk%3D"', h['Authorization'])
     _, h, b = client.sign('http://i.b/path', http_method='POST',
             body='status=%C3%A6%C3%A5%C3%B8',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(b, 'status=%C3%A6%C3%A5%C3%B8')
     self.assertIn('oauth_signature="oG5t3Eg%2FXO5FfQgUUlTtUeeZzvk%3D"', h['Authorization'])
Esempio n. 31
0
 def test_decoding(self):
     client = Client("client_key", decoding="utf-8")
     uri, headers, body = client.sign(
         "http://a.b/path?query",
         http_method="POST",
         body="a=b",
         headers={"Content-Type": "application/x-www-form-urlencoded"},
     )
     self.assertIsInstance(uri, bytes_type)
     self.assertIsInstance(body, bytes_type)
     for k, v in headers.items():
         self.assertIsInstance(k, bytes_type)
         self.assertIsInstance(v, bytes_type)
Esempio n. 32
0
 def test_hmac_sha256_method(self):
     client = Client('client_key',
                     signature_method=SIGNATURE_HMAC_SHA256,
                     timestamp='1234567890',
                     nonce='abc')
     u, h, b = client.sign('http://example.com')
     correct = (
         'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
         'oauth_version="1.0", oauth_signature_method="HMAC-SHA256", '
         'oauth_consumer_key="client_key", '
         'oauth_signature="JzgJWBxX664OiMW3WE4MEjtYwOjI%2FpaUWHqtdHe68Es%3D"'
     )
     self.assertEqual(h['Authorization'], correct)
Esempio n. 33
0
 def test_plaintext_method(self):
     client = Client('client_key',
                     signature_method=SIGNATURE_PLAINTEXT,
                     timestamp='1234567890',
                     nonce='abc',
                     client_secret='foo',
                     resource_owner_secret='bar')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="PLAINTEXT", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="foo%26bar"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 34
0
 def test_params_in_body(self):
     client = Client('client_key', signature_type=SIGNATURE_TYPE_BODY,
             timestamp='1378988215', nonce='14205877133089081931378988215')
     _, h, b = client.sign('http://i.b/path', http_method='POST', body='a=b',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
     correct = ('a=b&oauth_nonce=14205877133089081931378988215&'
                'oauth_timestamp=1378988215&'
                'oauth_version=1.0&'
                'oauth_signature_method=HMAC-SHA1&'
                'oauth_consumer_key=client_key&'
                'oauth_signature=2JAQomgbShqoscqKWBiYQZwWq94%3D')
     self.assertEqual(b, correct)
Esempio n. 35
0
 def test_validate_signature(self):
     client = Client('foo',
                     resource_owner_key='token',
                     resource_owner_secret='secret')
     _, headers, _ = client.sign(self.uri + '/extra')
     v, r = self.endpoint.validate_protected_resource_request(
         self.uri, headers=headers)
     self.assertFalse(v)
     # the validator log should have `False` values
     self.assertTrue(r.validator_log['client'])
     self.assertTrue(r.validator_log['realm'])
     self.assertTrue(r.validator_log['resource_owner'])
     self.assertFalse(r.validator_log['signature'])
Esempio n. 36
0
 def test_plaintext_method(self):
     client = Client('client_key',
                     signature_method=SIGNATURE_PLAINTEXT,
                     timestamp='1234567890',
                     nonce='abc',
                     client_secret='foo',
                     resource_owner_secret='bar')
     u, h, b = client.sign('http://example.com')
     correct = ('OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="PLAINTEXT", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="foo%26bar"')
     self.assertEqual(h['Authorization'], correct)
Esempio n. 37
0
 def test_params_in_body(self):
     client = Client('client_key', signature_type=SIGNATURE_TYPE_BODY,
             timestamp='1378988215', nonce='14205877133089081931378988215')
     _, h, b = client.sign('http://i.b/path', http_method='POST', body='a=b',
             headers={'Content-Type': 'application/x-www-form-urlencoded'})
     self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')
     correct = ('a=b&oauth_nonce=14205877133089081931378988215&'
                'oauth_timestamp=1378988215&'
                'oauth_version=1.0&'
                'oauth_signature_method=HMAC-SHA1&'
                'oauth_consumer_key=client_key&'
                'oauth_signature=2JAQomgbShqoscqKWBiYQZwWq94%3D')
     self.assertEqual(b, correct)
Esempio n. 38
0
 def test_validate_signature(self):
     client = Client('foo',
             resource_owner_key='token',
             resource_owner_secret='secret')
     _, headers, _ = client.sign(self.uri + '/extra')
     v, r = self.endpoint.validate_protected_resource_request(
             self.uri, headers=headers)
     self.assertFalse(v)
     # the validator log should have `False` values
     self.assertTrue(r.validator_log['client'])
     self.assertTrue(r.validator_log['realm'])
     self.assertTrue(r.validator_log['resource_owner'])
     self.assertFalse(r.validator_log['signature'])
 def setUp(self):
     self.validator = MagicMock(wraps=RequestValidator())
     self.validator.check_client_key.return_value = True
     self.validator.allowed_signature_methods = ['HMAC-SHA1']
     self.validator.get_client_secret.return_value = 'bar'
     self.validator.timestamp_lifetime = 600
     self.validator.validate_client_key.return_value = True
     self.validator.validate_timestamp_and_nonce.return_value = True
     self.validator.dummy_client = 'dummy'
     self.validator.dummy_secret = 'dummy'
     self.endpoint = SignatureOnlyEndpoint(self.validator)
     self.client = Client('foo', client_secret='bar')
     self.uri, self.headers, self.body = self.client.sign(
             'https://i.b/protected_resource')
Esempio n. 40
0
    def send_back(self, grade: float) -> bool:
        """Send the given grade back to the lms."""
        content = settings.XML_REPLACE % (random.randint(
            1, 99999999), self.sourcedid, str(grade))
        content = content.encode()

        headers = {
            "Content-Type": "application/xml",
            "Content-Length": str(len(content)),
        }
        c = Client(client_key=self.lms.key, client_secret=self.lms.secret)

        try:
            uri, headers, body = c.sign(self.url,
                                        "POST",
                                        body=content,
                                        headers=headers)
            response = requests.post(uri, data=body, headers=headers)
        except (requests.RequestException, ValueError):
            logger.warning(
                "Could not join the LMS to send the grade back at url %s" %
                self.url)
            return False

        try:
            if not 200 <= response.status_code < 300:
                logger.warning((
                    "Consumer sent an error response after sending grade for user '%s' and "
                    "sheet '%s' in class '%s' (Status: %d): %s") %
                               (self.user.quser, self.ident,
                                self.activity.wclass.qclass,
                                response.status_code, response.text))
                return False
            root = ElementTree.fromstring(response.text)
            if not root[0][0][2][0].text == "success":
                logger.warning((
                    "Consumer sent an error response after sending grade for user '%s' and "
                    "sheet '%s' in class '%s': %s") %
                               (self.user.quser, self.ident,
                                self.activity.wclass.qclass,
                                root[0][0][2][2].text))
                return False
        except (DefusedXmlException, IndexError, ParseError):
            logger.exception((
                "Consumer sent a badly formatted response after sending grade for user '%s' and "
                "sheet '%s' in class '%s': ") % (self.user.quser, self.ident,
                                                 self.activity.wclass.qclass))
            return False

        return True
Esempio n. 41
0
 def setUp(self):
     self.validator = MagicMock(wraps=RequestValidator())
     self.validator.check_client_key.return_value = True
     self.validator.check_request_token.return_value = True
     self.validator.check_verifier.return_value = True
     self.validator.allowed_signature_methods = ['HMAC-SHA1']
     self.validator.get_client_secret.return_value = 'bar'
     self.validator.get_request_token_secret.return_value = 'secret'
     self.validator.get_realms.return_value = ['foo']
     self.validator.timestamp_lifetime = 600
     self.validator.validate_client_key.return_value = True
     self.validator.validate_request_token.return_value = True
     self.validator.validate_verifier.return_value = True
     self.validator.validate_timestamp_and_nonce.return_value = True
     self.validator.dummy_client = 'dummy'
     self.validator.dummy_secret = 'dummy'
     self.validator.dummy_request_token = 'dummy'
     self.validator.save_access_token = MagicMock()
     self.endpoint = AccessTokenEndpoint(self.validator)
     self.client = Client('foo',
             client_secret='bar',
             resource_owner_key='token',
             resource_owner_secret='secret',
             verifier='verfier')
     self.uri, self.headers, self.body = self.client.sign(
             'https://i.b/access_token')
Esempio n. 42
0
 def test_rsa(self):
     client = Client('client_key', signature_method=SIGNATURE_RSA)
     # instance is using the correct signer method
     self.assertEqual(Client.SIGNATURE_METHODS[SIGNATURE_RSA],
                      client.SIGNATURE_METHODS[client.signature_method])
     # don't need an RSA key to instantiate
     self.assertIsNone(client.rsa_key)
Esempio n. 43
0
 def setUp(self):
     super(IntegrationTestLTI, self).setUp()
     self.configure_lti_provider(
         name='Other Tool Consumer 1', enabled=True,
         lti_consumer_key='other1',
         lti_consumer_secret='secret1',
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='LTI Test Tool Consumer', enabled=True,
         lti_consumer_key=LTI_CONSUMER_KEY,
         lti_consumer_secret=LTI_CONSUMER_SECRET,
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='Tool Consumer with Secret in Settings', enabled=True,
         lti_consumer_key=OTHER_LTI_CONSUMER_KEY,
         lti_consumer_secret='',
         lti_max_timestamp_age=10,
     )
     self.lti = Client(
         client_key=LTI_CONSUMER_KEY,
         client_secret=LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
Esempio n. 44
0
class OAuth1(AuthBase):
    """Signs the request using OAuth 1 (RFC5849)"""
    def __init__(self,
                 client_key,
                 client_secret=None,
                 resource_owner_key=None,
                 resource_owner_secret=None,
                 callback_uri=None,
                 signature_method=SIGNATURE_HMAC,
                 signature_type=SIGNATURE_TYPE_AUTH_HEADER,
                 rsa_key=None,
                 verifier=None):

        try:
            signature_type = signature_type.upper()
        except AttributeError:
            pass

        self.client = Client(client_key, client_secret, resource_owner_key,
                             resource_owner_secret, callback_uri,
                             signature_method, signature_type, rsa_key,
                             verifier)

    def __call__(self, r):
        contenttype = r.headers.get('Content-Type', None)
        decoded_body = extract_params(r.data)
        if contenttype == None and decoded_body != None:
            r.headers['Content-Type'] = 'application/x-www-form-urlencoded'

        r.url, r.headers, r.data = self.client.sign(unicode(r.url),
                                                    unicode(r.method), r.data,
                                                    r.headers)
        return r
Esempio n. 45
0
class OAuth1(AuthBase):
    """Signs the request using OAuth 1 (RFC5849)"""
    def __init__(self, client_key,
            client_secret=None,
            resource_owner_key=None,
            resource_owner_secret=None,
            callback_uri=None,
            signature_method=SIGNATURE_HMAC,
            signature_type=SIGNATURE_TYPE_AUTH_HEADER,
            rsa_key=None, verifier=None):

        try:
            signature_type = signature_type.upper()
        except AttributeError:
            pass

        self.client = Client(client_key, client_secret, resource_owner_key,
            resource_owner_secret, callback_uri, signature_method,
            signature_type, rsa_key, verifier)

    def __call__(self, r):
        contenttype = r.headers.get('Content-Type', None)
        decoded_body = extract_params(r.data)
        if contenttype == None and decoded_body != None:
            r.headers['Content-Type'] = 'application/x-www-form-urlencoded'

        r.url, r.headers, r.data = self.client.sign(
            unicode(r.url), unicode(r.method), r.data, r.headers)
        return r
Esempio n. 46
0
 def setUp(self):
     super(IntegrationTestLTI, self).setUp()
     self.hostname = 'testserver'
     self.client.defaults['SERVER_NAME'] = self.hostname
     self.url_prefix = 'http://{}'.format(self.hostname)
     self.configure_lti_provider(
         name='Other Tool Consumer 1', enabled=True,
         lti_consumer_key='other1',
         lti_consumer_secret='secret1',
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='LTI Test Tool Consumer', enabled=True,
         lti_consumer_key=LTI_CONSUMER_KEY,
         lti_consumer_secret=LTI_CONSUMER_SECRET,
         lti_max_timestamp_age=10,
     )
     self.configure_lti_provider(
         name='Tool Consumer with Secret in Settings', enabled=True,
         lti_consumer_key=OTHER_LTI_CONSUMER_KEY,
         lti_consumer_secret='',
         lti_max_timestamp_age=10,
     )
     self.lti = Client(
         client_key=LTI_CONSUMER_KEY,
         client_secret=LTI_CONSUMER_SECRET,
         signature_type=SIGNATURE_TYPE_BODY,
     )
Esempio n. 47
0
    def get_context_data(self, **kwargs):
        role = self.request.GET.get('role', '')
        campus = self.request.GET.get('campus', '')

        lti_parameters = [
            ("roles", self._lti_role[role]),
            ("ext_roles", self._lti_ext_role[role]),
            ("custom_canvas_account_sis_id",
             'uwcourse:{}:arts-&-sciences:psych:psych'.format(campus)),
            ("oauth_timestamp", generate_timestamp()),
            ("oauth_nonce", generate_nonce()),
            ("resource_link_title",
             "UW LTI Development ({})".format(self.lti_app())),
        ]

        lti_parameters += self._static_lti_parameters

        # sign payload
        lti_app_uri = self.lti_app_uri()
        sbs = signature_base_string('POST', base_string_uri(lti_app_uri + '/'),
                                    normalize_parameters(lti_parameters))
        client_key = self._client_key
        client = Client(client_key,
                        client_secret=self._client_secrets[client_key])
        signature = sign_hmac_sha1_with_client(sbs, client)
        lti_parameters.append(("oauth_signature", signature))

        context = super().get_context_data(**kwargs)
        context['uri'] = lti_app_uri
        context['campus'] = campus
        context['role_name'] = role
        context['lti_parameters'] = lti_parameters
        return context
Esempio n. 48
0
 def test_sign_get_with_body(self):
     client = Client('client_key')
     for method in ('GET', 'HEAD'):
         self.assertRaises(ValueError, client.sign, 'http://a.b/path?query',
                 http_method=method, body='a=b',
                 headers={
                     'Content-Type': 'application/x-www-form-urlencoded'
                 })
Esempio n. 49
0
 def test_params_in_query(self):
     client = Client(
         "client_key",
         signature_type=SIGNATURE_TYPE_QUERY,
         timestamp="1378988215",
         nonce="14205877133089081931378988215",
     )
     u, _, _ = client.sign("http://i.b/path", http_method="POST")
     correct = (
         "http://i.b/path?oauth_nonce=14205877133089081931378988215&"
         "oauth_timestamp=1378988215&"
         "oauth_version=1.0&"
         "oauth_signature_method=HMAC-SHA1&"
         "oauth_consumer_key=client_key&"
         "oauth_signature=08G5Snvw%2BgDAzBF%2BCmT5KqlrPKo%3D"
     )
     self.assertEqual(u, correct)
Esempio n. 50
0
 def test_plaintext_method(self):
     client = Client(
         "client_key",
         signature_method=SIGNATURE_PLAINTEXT,
         timestamp="1234567890",
         nonce="abc",
         client_secret="foo",
         resource_owner_secret="bar",
     )
     u, h, b = client.sign("http://example.com")
     correct = (
         'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
         'oauth_version="1.0", oauth_signature_method="PLAINTEXT", '
         'oauth_consumer_key="client_key", '
         'oauth_signature="foo%26bar"'
     )
     self.assertEqual(h["Authorization"], correct)
Esempio n. 51
0
    def __init__(self, client_key,
            client_secret=None,
            resource_owner_key=None,
            resource_owner_secret=None,
            callback_uri=None,
            signature_method=SIGNATURE_HMAC,
            signature_type=SIGNATURE_TYPE_AUTH_HEADER,
            rsa_key=None, verifier=None):

        try:
            signature_type = signature_type.upper()
        except AttributeError:
            pass

        self.client = Client(client_key, client_secret, resource_owner_key,
            resource_owner_secret, callback_uri, signature_method,
            signature_type, rsa_key, verifier)
Esempio n. 52
0
    def test_register_method(self):
        Client.register_signature_method('PIZZA',
            lambda base_string, client: 'PIZZA')

        self.assertTrue('PIZZA' in Client.SIGNATURE_METHODS)

        client = Client('client_key', signature_method='PIZZA',
            timestamp='1234567890', nonce='abc')

        u, h, b = client.sign('http://example.com')

        self.assertEquals(h['Authorization'], (
            'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
            'oauth_version="1.0", oauth_signature_method="PIZZA", '
            'oauth_consumer_key="client_key", '
            'oauth_signature="PIZZA"'
        ))
Esempio n. 53
0
    def test_register_method(self):
        Client.register_signature_method('PIZZA',
            lambda base_string, client: 'PIZZA')

        self.assertTrue('PIZZA' in Client.SIGNATURE_METHODS)

        client = Client('client_key', signature_method='PIZZA',
            timestamp='1234567890', nonce='abc')

        u, h, b = client.sign('http://example.com')

        self.assertEqual(h['Authorization'], (
            'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
            'oauth_version="1.0", oauth_signature_method="PIZZA", '
            'oauth_consumer_key="client_key", '
            'oauth_signature="PIZZA"'
        ))
Esempio n. 54
0
 def test_sign_unicode(self):
     client = Client("client_key", nonce="abc", timestamp="abc")
     _, h, b = client.sign(
         "http://i.b/path",
         http_method="POST",
         body="status=%E5%95%A6%E5%95%A6",
         headers={"Content-Type": "application/x-www-form-urlencoded"},
     )
     self.assertEqual(b, "status=%E5%95%A6%E5%95%A6")
     self.assertIn('oauth_signature="yrtSqp88m%2Fc5UDaucI8BXK4oEtk%3D"', h["Authorization"])
     _, h, b = client.sign(
         "http://i.b/path",
         http_method="POST",
         body="status=%C3%A6%C3%A5%C3%B8",
         headers={"Content-Type": "application/x-www-form-urlencoded"},
     )
     self.assertEqual(b, "status=%C3%A6%C3%A5%C3%B8")
     self.assertIn('oauth_signature="oG5t3Eg%2FXO5FfQgUUlTtUeeZzvk%3D"', h["Authorization"])
Esempio n. 55
0
 def test_sign_no_body(self):
     client = Client('client_key', decoding='utf-8')
     self.assertRaises(
         ValueError,
         client.sign,
         'http://i.b/path',
         http_method='POST',
         body=None,
         headers={'Content-Type': 'application/x-www-form-urlencoded'})
Esempio n. 56
0
    def test_register_method(self):
        Client.register_signature_method("PIZZA", lambda base_string, client: "PIZZA")

        self.assertTrue("PIZZA" in Client.SIGNATURE_METHODS)

        client = Client("client_key", signature_method="PIZZA", timestamp="1234567890", nonce="abc")

        u, h, b = client.sign("http://example.com")

        self.assertEquals(
            h["Authorization"],
            (
                'OAuth oauth_nonce="abc", oauth_timestamp="1234567890", '
                'oauth_version="1.0", oauth_signature_method="PIZZA", '
                'oauth_consumer_key="client_key", '
                'oauth_signature="PIZZA"'
            ),
        )
Esempio n. 57
0
 def setUp(self):
     self.validator = MagicMock(wraps=RequestValidator())
     self.validator.check_client_key.return_value = True
     self.validator.allowed_signature_methods = ['HMAC-SHA1']
     self.validator.get_client_secret.return_value = 'bar'
     self.validator.get_default_realms.return_value = ['foo']
     self.validator.timestamp_lifetime = 600
     self.validator.check_realms.return_value = True
     self.validator.validate_client_key.return_value = True
     self.validator.validate_requested_realms.return_value = True
     self.validator.validate_redirect_uri.return_value = True
     self.validator.validate_timestamp_and_nonce.return_value = True
     self.validator.dummy_client = 'dummy'
     self.validator.dummy_secret = 'dummy'
     self.validator.save_request_token = MagicMock()
     self.endpoint = RequestTokenEndpoint(self.validator)
     self.client = Client('foo', client_secret='bar', realm='foo',
             callback_uri='https://c.b/cb')
     self.uri, self.headers, self.body = self.client.sign(
             'https://i.b/request_token')
Esempio n. 58
0
    def test_case_insensitive_headers(self):
        client = Client('client_key')
        # Uppercase
        _, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
                headers={'Content-Type': 'application/x-www-form-urlencoded'})
        self.assertEqual(h['Content-Type'], 'application/x-www-form-urlencoded')

        # Lowercase
        _, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
                headers={'content-type': 'application/x-www-form-urlencoded'})
        self.assertEqual(h['content-type'], 'application/x-www-form-urlencoded')

        # Capitalized
        _, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
                headers={'Content-type': 'application/x-www-form-urlencoded'})
        self.assertEqual(h['Content-type'], 'application/x-www-form-urlencoded')

        # Random
        _, h, _ = client.sign('http://i.b/path', http_method='POST', body='',
                headers={'conTent-tYpe': 'application/x-www-form-urlencoded'})
        self.assertEqual(h['conTent-tYpe'], 'application/x-www-form-urlencoded')