def test_consumer_parse_access_token():
# implicit flow test
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
cons.response_type = ["token"]
_ = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
state=cons.state)
res = cons.handle_authorization_response(query=atr.to_urlencoded())
assert res.type() == "AccessTokenResponse"
print cons.grant[cons.state]
grant = cons.grant[cons.state]
assert len(grant.tokens) == 1
token = grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_provider_authenticated_none():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS)
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
cons.response_type = "none"
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = provider.authorization_endpoint(environ, start_response)
sid = resp[0][len("FORM with "):]
environ2 = create_return_form_env("user", "password", sid)
resp2 = provider.authenticated(environ2, start_response)
assert len(resp2) == 1
txt = resp2[0]
pos0 = txt.index("<title>") + len("<title>Redirecting to ")
pos1 = txt.index("</title>")
location = txt[pos0:pos1]
print location
assert location.startswith("http://localhost:8087/authz")
query = location.split("?")[1]
assert query.startswith("state=")
assert "&" not in query
def test_provider_authenticated_token():
provider = Provider("pyoicserv",
sdb.SessionDB(),
CDB,
AUTHN_BROKER,
AUTHZ,
verify_client,
symkey=rndstr(16))
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.debug = True
location = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization", "token")
QUERY_STRING = location.split("?")[1]
resp = provider.authorization_endpoint(QUERY_STRING)
print resp.headers
print resp.message
txt = resp.message
assert "access_token=" in txt
assert "token_type=Bearer" in txt
def test_consumer_parse_access_token():
# implicit flow test
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
cons.response_type = ["token"]
_ = cons.begin(environ, start_response)
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
state=cons.state)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = atr.to_urlencoded()
res = cons.handle_authorization_response(environ, start_response)
assert res.type() == "AccessTokenResponse"
print cons.grant[cons.state]
grant = cons.grant[cons.state]
assert len(grant.tokens) == 1
token = grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_consumer_parse_access_token():
# implicit flow test
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
cons.response_type = ["token"]
sid, loc = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
state=sid)
res = cons.handle_authorization_response(query=atr.to_urlencoded())
assert res.type() == "AccessTokenResponse"
print cons.grant[sid]
grant = cons.grant[sid]
assert len(grant.tokens) == 1
token = grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
def test_provider_authenticated_token():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS)
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
cons.response_type = "token"
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = provider.authorization_endpoint(environ, start_response)
sid = resp[0][len("FORM with "):]
environ2 = create_return_form_env("user", "password", sid)
resp2 = provider.authenticated(environ2, start_response)
assert len(resp2) == 1
txt = resp2[0]
assert "access_token=" in txt
assert "token_type=Bearer" in txt
def test_provider_authenticated():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ,
verify_client, symkey=rndstr(16))
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
location = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
query_string = location.split("?")[1]
resp = provider.authorization_endpoint(query_string)
assert resp.status == "302 Found"
print resp.headers
print resp.message
if content_type(resp.headers) == "json":
resp = resp.message
else:
resp = resp.message.split("?")[1]
aresp = cons.handle_authorization_response(query=resp)
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['state', 'code'])
print cons.grant[cons.state].keys()
assert _eq(cons.grant[cons.state].keys(), ['tokens', 'code', 'exp_in',
'seed', 'id_token',
'grant_expiration_time'])
def test_consumer_parse_authz_error_2():
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
_ = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = TokenErrorResponse(error="invalid_client")
QUERY_STRING = atr.to_urlencoded()
raises(AuthzError,
"cons.handle_authorization_response(query=QUERY_STRING)")
def test_provider_authenticated_token():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client)
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
location = cons.begin("http://localhost:8087", "http://localhost:8088/authorization", "token")
QUERY_STRING = location.split("?")[1]
resp = provider.authorization_endpoint(QUERY_STRING)
print resp.headers
print resp.message
txt = resp.message
assert "access_token=" in txt
assert "token_type=Bearer" in txt
def test_consumer_parse_authz_error_2():
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
_ = cons.begin(environ, start_response)
atr = TokenErrorResponse(error="invalid_client")
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = atr.to_urlencoded()
raises(AuthzError,
"cons.handle_authorization_response(environ, start_response)")
def test_consumer_parse_authz_error_2():
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.debug = True
_ = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = TokenErrorResponse(error="invalid_client")
QUERY_STRING = atr.to_urlencoded()
raises(AuthzError,
"cons.handle_authorization_response(query=QUERY_STRING)")
def test_provider_authenticated():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS)
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = provider.authorization_endpoint(environ, start_response)
sid = resp[0][len("FORM with "):]
environ2 = create_return_form_env("user", "password", sid)
resp2 = provider.authenticated(environ2, start_response)
print resp2[0]
assert len(resp2) == 1
txt = resp2[0]
pos0 = txt.index("<title>") + len("<title>Redirecting to ")
pos1 = txt.index("</title>")
location = txt[pos0:pos1]
print location
assert location.startswith("http://localhost:8087/authz")
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
aresp = cons.handle_authorization_response(environ, start_response)
#aresp = client.parse_response(AuthorizationResponse, location,
# format="urlencoded",
# state="id-6da9ca0cc23959f5f33e8becd9b08cae")
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['state', 'code'])
print cons.grant[cons.state].keys()
assert _eq(cons.grant[cons.state].keys(), ['tokens', 'code', 'exp_in',
'seed', 'id_token',
'grant_expiration_time'])
def test_consumer_parse_authz_exception():
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
sid, loc = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
state=sid)
adict = atr.to_dict()
del adict["code"]
QUERY_STRING = urllib.urlencode(adict)
raises(MissingRequiredAttribute,
"cons.handle_authorization_response(query=QUERY_STRING)")
def test_consumer_handle_authorization_response():
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
sid, loc = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
state=sid)
res = cons.handle_authorization_response(query=atr.to_urlencoded())
assert res.type() == "AuthorizationResponse"
print cons.grant[sid]
grant = cons.grant[sid]
assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
def test_consumer_handle_authorization_response():
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.debug = True
sid, loc = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)
res = cons.handle_authorization_response(query=atr.to_urlencoded())
assert res.type() == "AuthorizationResponse"
print cons.grant[sid]
grant = cons.grant[sid]
assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
def test_consumer_parse_authz_exception():
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
_ = cons.begin(environ, start_response)
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
state=cons.state)
adict = atr.to_dict()
del adict["code"]
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = urllib.urlencode(adict)
raises(MissingRequiredAttribute,
"cons.handle_authorization_response(environ, start_response)")
def test_consumer_parse_authz_exception():
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.debug = True
sid, loc = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid)
adict = atr.to_dict()
del adict["code"]
QUERY_STRING = urllib.urlencode(adict)
raises(MissingRequiredAttribute,
"cons.handle_authorization_response(query=QUERY_STRING)")
def test_consumer_handle_authorization_response():
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
_ = cons.begin(environ, start_response)
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
state=cons.state)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = atr.to_urlencoded()
res = cons.handle_authorization_response(environ, start_response)
assert res.type() == "AuthorizationResponse"
print cons.grant[cons.state]
grant = cons.grant[cons.state]
assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
def test_provider_authenticated_1():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS)
_session_db = {}
cons = Consumer(_session_db, client_config = CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
_ = provider.authorization_endpoint(environ, start_response)
#sid = resp[0][len("FORM with "):]
environ2 = create_return_form_env("user", "password", "abcd")
resp2 = provider.authenticated(environ2, start_response)
print resp2
assert resp2 == ['<html>Unknown session identifier</html>']
def test_provider_authenticated():
provider = Provider("pyoicserv",
sdb.SessionDB(),
CDB,
AUTHN_BROKER,
AUTHZ,
verify_client,
symkey=rndstr(16))
_session_db = {}
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons.debug = True
location = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
query_string = location.split("?")[1]
resp = provider.authorization_endpoint(query_string)
assert resp.status == "302 Found"
print resp.headers
print resp.message
if content_type(resp.headers) == "json":
resp = resp.message
else:
resp = resp.message.split("?")[1]
aresp = cons.handle_authorization_response(query=resp)
print aresp.keys()
assert aresp.type() == "AuthorizationResponse"
assert _eq(aresp.keys(), ['state', 'code'])
print cons.grant[cons.state].keys()
assert _eq(cons.grant[cons.state].keys(), [
'tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time'
])
def test_provider_authenticated_none():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN, AUTHZ,
verify_client)
_session_db = {}
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
server_info=SERVER_INFO, **CONSUMER_CONFIG)
cons.debug = True
location = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization",
"none")
QUERY_STRING = location.split("?")[1]
resp2 = provider.authorization_endpoint(request=QUERY_STRING)
location = resp2.message
print location
assert location.startswith("http://localhost:8087/authz")
query = location.split("?")[1]
assert query.startswith("state=")
assert "&" not in query
