def client_info_endpoint(self, method="GET", **kwargs):
"""
Operations on this endpoint are switched through the use of different HTTP methods.
:param method: HTTP method used for the request
:param kwargs: keyword arguments
:return: A Response instance
"""
_query = compact(parse_qs(kwargs["query"]))
try:
_id = _query["client_id"]
except KeyError:
return BadRequest("Missing query component")
if _id not in self.cdb:
return Unauthorized()
# authenticated client
try:
self.verify_client(
kwargs["environ"], kwargs["request"], "bearer_header", client_id=_id
)
except (AuthnFailure, UnknownAssertionType):
return Unauthorized()
if method == "GET":
return self.client_info(_id)
elif method == "PUT":
try:
_request = self.server.message_factory.get_request_type(
"update_endpoint"
)().from_json(kwargs["request"])
except ValueError as err:
return BadRequest(str(err))
try:
_request.verify()
except InvalidRedirectUri as err:
msg = ClientRegistrationError(
error="invalid_redirect_uri", error_description="%s" % err
)
return BadRequest(msg.to_json(), content="application/json")
except (MissingPage, VerificationError) as err:
msg = ClientRegistrationError(
error="invalid_client_metadata", error_description="%s" % err
)
return BadRequest(msg.to_json(), content="application/json")
try:
self.client_info_update(_id, _request)
return self.client_info(_id)
except ModificationForbidden:
return Forbidden()
elif method == "DELETE":
try:
del self.cdb[_id]
except KeyError:
return Unauthorized()
else:
return NoContent()
def test_verify(self, srv):
form = create_return_form_env("user", "hemligt", "query=foo")
authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD,
"authorization_endpoint")
with LogCapture(level=logging.DEBUG) as logcap:
response, success = authn.verify(compact(parse_qs(form)))
assert query_string_compare(
response.message.split("?")[1], "query=foo&upm_answer=true")
headers = dict(response.headers)
assert headers["Set-Cookie"].startswith("xyzxyz=")
expected = {
"query": "query=foo",
"login": "******",
"password": "******",
}
# We have to use eval() here to avoid intermittent
# failures from dict ordering
assert eval(logcap.records[0].msg[7:-1]) == expected
expected2 = {
"query": "query=foo",
"login": "******",
"password": "******",
}
assert eval(logcap.records[1].msg[5:]) == expected2
assert logcap.records[2].msg == "Password verification succeeded."
expected3 = {"query": ["foo"], "upm_answer": "true"}
assert eval(logcap.records[3].msg[8:]) == expected3
def verify(self, request, **kwargs):
"""
Verifies that the given username and password was correct
:param request: Either the query part of a URL a urlencoded
body of a HTTP message or a parse such.
:param kwargs: Catch whatever else is sent.
:return: redirect back to where ever the base applications
wants the user after authentication.
"""
logger.debug("verify(%s)" % sanitize(request))
if isinstance(request, six.string_types):
_dict = compact(parse_qs(request))
elif isinstance(request, dict):
_dict = request
else:
raise ValueError("Wrong type of input")
logger.debug("dict: %s" % sanitize(_dict))
# verify username and password
try:
self._verify(_dict["password"], _dict["login"]) # dict origin
except TypeError:
try:
self._verify(_dict["password"][0], _dict["login"][0])
except (AssertionError, KeyError) as err:
logger.debug("Password verification failed: {}".format(err))
resp = Unauthorized("Unknown user or wrong password")
return resp, False
else:
try:
_qp = _dict["query"]
except KeyError:
_qp = self.get_multi_auth_cookie(kwargs['cookie'])
except (AssertionError, KeyError) as err:
logger.debug("Password verification failed: {}".format(err))
resp = Unauthorized("Unknown user or wrong password")
return resp, False
else:
try:
_qp = _dict["query"]
except KeyError:
_qp = self.get_multi_auth_cookie(kwargs['cookie'])
logger.debug("Password verification succeeded.")
# if "cookie" not in kwargs or self.srv.cookie_name not in kwargs["cookie"]:
headers = [self.create_cookie(_dict["login"], "upm")]
try:
return_to = self.generate_return_url(kwargs["return_to"], _qp)
except KeyError:
try:
return_to = self.generate_return_url(self.return_to, _qp,
kwargs["path"])
except KeyError:
return_to = self.generate_return_url(self.return_to, _qp)
return SeeOther(return_to, headers=headers), True
def client_info_endpoint(self, method="GET", **kwargs):
"""
Operations on this endpoint are switched through the use of different
HTTP methods
:param method: HTTP method used for the request
:param kwargs: keyword arguments
:return: A Response instance
"""
_query = compact(parse_qs(kwargs['query']))
try:
_id = _query["client_id"]
except KeyError:
return BadRequest("Missing query component")
if _id not in self.cdb:
return Unauthorized()
# authenticated client
try:
self.verify_client(kwargs['environ'], kwargs['request'],
"bearer_header", client_id=_id)
except (AuthnFailure, UnknownAssertionType):
return Unauthorized()
if method == "GET":
return self.client_info(_id)
elif method == "PUT":
try:
_request = ClientUpdateRequest().from_json(kwargs['request'])
except ValueError as err:
return BadRequest(str(err))
try:
_request.verify()
except InvalidRedirectUri as err:
msg = ClientRegistrationError(error="invalid_redirect_uri",
error_description="%s" % err)
return BadRequest(msg.to_json(), content="application/json")
except (MissingPage, VerificationError) as err:
msg = ClientRegistrationError(error="invalid_client_metadata",
error_description="%s" % err)
return BadRequest(msg.to_json(), content="application/json")
try:
self.client_info_update(_id, _request)
return self.client_info(_id)
except ModificationForbidden:
return Forbidden()
elif method == "DELETE":
try:
del self.cdb[_id]
except KeyError:
return Unauthorized()
else:
return NoContent()
def verify(self, request, **kwargs):
"""
Verifies that the given username and password was correct
:param request: Either the query part of a URL a urlencoded
body of a HTTP message or a parse such.
:param kwargs: Catch whatever else is sent.
:return: redirect back to where ever the base applications
wants the user after authentication.
"""
logger.debug("verify(%s)" % sanitize(request))
if isinstance(request, six.string_types):
_dict = compact(parse_qs(request))
elif isinstance(request, dict):
_dict = request
else:
raise ValueError("Wrong type of input")
logger.debug("dict: %s" % sanitize(_dict))
# verify username and password
try:
self._verify(_dict["password"], _dict["login"]) # dict origin
except TypeError:
try:
self._verify(_dict["password"][0], _dict["login"][0])
except (AssertionError, KeyError) as err:
logger.debug("Password verification failed: {}".format(err))
resp = Unauthorized("Unknown user or wrong password")
return resp, False
else:
try:
_qp = _dict["query"]
except KeyError:
_qp = self.get_multi_auth_cookie(kwargs['cookie'])
except (AssertionError, KeyError) as err:
logger.debug("Password verification failed: {}".format(err))
resp = Unauthorized("Unknown user or wrong password")
return resp, False
else:
try:
_qp = _dict["query"]
except KeyError:
_qp = self.get_multi_auth_cookie(kwargs['cookie'])
logger.debug("Password verification succeeded.")
# if "cookie" not in kwargs or self.srv.cookie_name not in kwargs["cookie"]:
headers = [self.create_cookie(_dict["login"], "upm")]
try:
return_to = self.generate_return_url(kwargs["return_to"], _qp)
except KeyError:
try:
return_to = self.generate_return_url(self.return_to, _qp,
kwargs["path"])
except KeyError:
return_to = self.generate_return_url(self.return_to, _qp)
return SeeOther(return_to, headers=headers), True
def test_authenticated_as(self, srv):
form = create_return_form_env("user", "hemligt", "QUERY")
authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD,
"authorization_endpoint")
response, success = authn.verify(compact(parse_qs(form)))
headers = dict(response.headers)
user, timestamp = authn.authenticated_as(headers["Set-Cookie"])
assert user == {"uid": "user"}
def test_authenticated_as(self, srv):
form = create_return_form_env("user", "hemligt", "QUERY")
authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD,
"authorization_endpoint")
response, success = authn.verify(compact(parse_qs(form)))
headers = dict(response.headers)
user, timestamp = authn.authenticated_as(headers["Set-Cookie"])
assert user == {"uid": "user"}
def sign_http_args(method, url, headers, body=""):
p = urlparse(url)
kwargs = {"path": p.path, "host": p.netloc, "headers": headers, "method": method}
if body:
kwargs["body"] = body
query_params = compact(parse_qs(p.query))
kwargs["query_params"] = query_params
return kwargs
def test_not_authenticated(self, srv):
form = create_return_form_env("user", "hemligt", "QUERY")
authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD,
"authorization_endpoint")
response, state = authn.verify(compact(parse_qs(form)))
headers = dict(response.headers)
kaka = headers["Set-Cookie"]
kaka = kaka.replace("1", "x")
assert authn.authenticated_as(kaka) == (None, 0)
def sign_http_args(method, url, headers, body=''):
p = urlparse(url)
kwargs = {'path': p.path, 'host': p.netloc, 'headers': headers,
'method': method}
if body:
kwargs['body'] = body
query_params = compact(parse_qs(p.query))
kwargs['query_params'] = query_params
return kwargs
def test_not_authenticated(self, srv):
form = create_return_form_env("user", "hemligt", "QUERY")
authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD,
"authorization_endpoint")
response, state = authn.verify(compact(parse_qs(form)))
headers = dict(response.headers)
kaka = headers["Set-Cookie"]
kaka = kaka.replace("1", "x")
assert authn.authenticated_as(kaka) == (None, 0)
def sign_http_args(method, url, headers, body=''):
p = urlparse(url)
kwargs = {'path': p.path, 'host': p.netloc, 'headers': headers,
'method': method}
if body:
kwargs['body'] = body
query_params = compact(parse_qs(p.query))
kwargs['query_params'] = query_params
return kwargs
def test_verify(self, srv):
form = create_return_form_env("user", "hemligt", "query=foo")
authn = UsernamePasswordMako(srv, "login.mako", tl, PASSWD,
"authorization_endpoint")
with LogCapture(level=logging.DEBUG) as logcap:
response, success = authn.verify(compact(parse_qs(form)))
assert query_string_compare(response.message.split("?")[1],
"query=foo&upm_answer=true")
headers = dict(response.headers)
assert headers["Set-Cookie"].startswith('xyzxyz=')
expected = {u'query': u'query=foo', u'login': u'user',
u'password': '******'}
# We have to use eval() here to avoid intermittent
# failures from dict ordering
assert eval(logcap.records[0].msg[7:-1]) == expected
expected = {u'query': u'query=foo', u'login': u'user',
u'password': '******'}
assert eval(logcap.records[1].msg[5:]) == expected
assert logcap.records[2].msg == 'Password verification succeeded.'
expected = {u'query': [u'foo'], 'upm_answer': 'true'}
assert eval(logcap.records[3].msg[8:]) == expected
