def test_consumer_parse_access_token(): # implicit flow test _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON cons.response_type = ["token"] _ = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=cons.state) res = cons.handle_authorization_response(query=atr.to_urlencoded()) assert res.type() == "AccessTokenResponse" print cons.grant[cons.state] grant = cons.grant[cons.state] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_provider_authenticated_none(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS) _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True cons.response_type = "none" environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = provider.authorization_endpoint(environ, start_response) sid = resp[0][len("FORM with "):] environ2 = create_return_form_env("user", "password", sid) resp2 = provider.authenticated(environ2, start_response) assert len(resp2) == 1 txt = resp2[0] pos0 = txt.index("<title>") + len("<title>Redirecting to ") pos1 = txt.index("</title>") location = txt[pos0:pos1] print location assert location.startswith("http://localhost:8087/authz") query = location.split("?")[1] assert query.startswith("state=") assert "&" not in query
def test_provider_authenticated_token(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization", "token") QUERY_STRING = location.split("?")[1] resp = provider.authorization_endpoint(QUERY_STRING) print resp.headers print resp.message txt = resp.message assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_consumer_parse_access_token(): # implicit flow test _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON cons.response_type = ["token"] _ = cons.begin(environ, start_response) atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=cons.state) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = atr.to_urlencoded() res = cons.handle_authorization_response(environ, start_response) assert res.type() == "AccessTokenResponse" print cons.grant[cons.state] grant = cons.grant[cons.state] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_consumer_parse_access_token(): # implicit flow test _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON cons.response_type = ["token"] sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=sid) res = cons.handle_authorization_response(query=atr.to_urlencoded()) assert res.type() == "AccessTokenResponse" print cons.grant[sid] grant = cons.grant[sid] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_provider_authenticated_token(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS) _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True cons.response_type = "token" environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = provider.authorization_endpoint(environ, start_response) sid = resp[0][len("FORM with "):] environ2 = create_return_form_env("user", "password", sid) resp2 = provider.authenticated(environ2, start_response) assert len(resp2) == 1 txt = resp2[0] assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_provider_authenticated(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") query_string = location.split("?")[1] resp = provider.authorization_endpoint(query_string) assert resp.status == "302 Found" print resp.headers print resp.message if content_type(resp.headers) == "json": resp = resp.message else: resp = resp.message.split("?")[1] aresp = cons.handle_authorization_response(query=resp) print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['state', 'code']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), ['tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time'])
def test_consumer_parse_authz_error_2(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True _ = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = TokenErrorResponse(error="invalid_client") QUERY_STRING = atr.to_urlencoded() raises(AuthzError, "cons.handle_authorization_response(query=QUERY_STRING)")
def test_provider_authenticated_token(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization", "token") QUERY_STRING = location.split("?")[1] resp = provider.authorization_endpoint(QUERY_STRING) print resp.headers print resp.message txt = resp.message assert "access_token=" in txt assert "token_type=Bearer" in txt
def test_consumer_parse_authz_error_2(): _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON _ = cons.begin(environ, start_response) atr = TokenErrorResponse(error="invalid_client") environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = atr.to_urlencoded() raises(AuthzError, "cons.handle_authorization_response(environ, start_response)")
def test_consumer_parse_authz_error_2(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True _ = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = TokenErrorResponse(error="invalid_client") QUERY_STRING = atr.to_urlencoded() raises(AuthzError, "cons.handle_authorization_response(query=QUERY_STRING)")
def test_provider_authenticated(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS) _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] resp = provider.authorization_endpoint(environ, start_response) sid = resp[0][len("FORM with "):] environ2 = create_return_form_env("user", "password", sid) resp2 = provider.authenticated(environ2, start_response) print resp2[0] assert len(resp2) == 1 txt = resp2[0] pos0 = txt.index("<title>") + len("<title>Redirecting to ") pos1 = txt.index("</title>") location = txt[pos0:pos1] print location assert location.startswith("http://localhost:8087/authz") environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] aresp = cons.handle_authorization_response(environ, start_response) #aresp = client.parse_response(AuthorizationResponse, location, # format="urlencoded", # state="id-6da9ca0cc23959f5f33e8becd9b08cae") print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['state', 'code']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), ['tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time'])
def test_consumer_parse_authz_exception(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) adict = atr.to_dict() del adict["code"] QUERY_STRING = urllib.urlencode(adict) raises(MissingRequiredAttribute, "cons.handle_authorization_response(query=QUERY_STRING)")
def test_consumer_handle_authorization_response(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) res = cons.handle_authorization_response(query=atr.to_urlencoded()) assert res.type() == "AuthorizationResponse" print cons.grant[sid] grant = cons.grant[sid] assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
def test_consumer_handle_authorization_response(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) res = cons.handle_authorization_response(query=atr.to_urlencoded()) assert res.type() == "AuthorizationResponse" print cons.grant[sid] grant = cons.grant[sid] assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
def test_consumer_parse_authz_exception(): _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON _ = cons.begin(environ, start_response) atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=cons.state) adict = atr.to_dict() del adict["code"] environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = urllib.urlencode(adict) raises(MissingRequiredAttribute, "cons.handle_authorization_response(environ, start_response)")
def test_consumer_parse_authz_exception(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) adict = atr.to_dict() del adict["code"] QUERY_STRING = urllib.urlencode(adict) raises(MissingRequiredAttribute, "cons.handle_authorization_response(query=QUERY_STRING)")
def test_consumer_handle_authorization_response(): _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON _ = cons.begin(environ, start_response) atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=cons.state) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = atr.to_urlencoded() res = cons.handle_authorization_response(environ, start_response) assert res.type() == "AuthorizationResponse" print cons.grant[cons.state] grant = cons.grant[cons.state] assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
def test_provider_authenticated_1(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS) _session_db = {} cons = Consumer(_session_db, client_config = CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON location = cons.begin(environ, start_response) environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = location.split("?")[1] _ = provider.authorization_endpoint(environ, start_response) #sid = resp[0][len("FORM with "):] environ2 = create_return_form_env("user", "password", "abcd") resp2 = provider.authenticated(environ2, start_response) print resp2 assert resp2 == ['<html>Unknown session identifier</html>']
def test_provider_authenticated(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") query_string = location.split("?")[1] resp = provider.authorization_endpoint(query_string) assert resp.status == "302 Found" print resp.headers print resp.message if content_type(resp.headers) == "json": resp = resp.message else: resp = resp.message.split("?")[1] aresp = cons.handle_authorization_response(query=resp) print aresp.keys() assert aresp.type() == "AuthorizationResponse" assert _eq(aresp.keys(), ['state', 'code']) print cons.grant[cons.state].keys() assert _eq(cons.grant[cons.state].keys(), [ 'tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time' ])
def test_provider_authenticated_none(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN, AUTHZ, verify_client) _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization", "none") QUERY_STRING = location.split("?")[1] resp2 = provider.authorization_endpoint(request=QUERY_STRING) location = resp2.message print location assert location.startswith("http://localhost:8087/authz") query = location.split("?")[1] assert query.startswith("state=") assert "&" not in query