def test_begin_file(self, tmpdir):
path = tmpdir.strpath
self.consumer.consumer_config["request_method"] = "file"
self.consumer.consumer_config["temp_dir"] = path
self.consumer.consumer_config["temp_path"] = path
self.consumer.consumer_config["authz_page"] = "/authz"
srv = Server()
srv.keyjar = SRVKEYS
sid, location = self.consumer.begin("openid",
"code",
path="http://localhost:8087")
with responses.RequestsMock() as rsps:
p = urlparse(self.consumer.request_uri)
rsps.add(rsps.GET,
self.consumer.request_uri,
body=open(p.path).read(),
status=200,
content_type='application/urlencoded')
authreq = srv.parse_authorization_request(url=location)
assert _eq(list(authreq.keys()), [
'max_age', 'state', 'redirect_uri', 'response_type',
'client_id', 'scope', 'claims'
])
assert authreq["state"] == sid
assert authreq["scope"] == self.consumer.consumer_config["scope"]
assert authreq["client_id"] == self.consumer.client_id
assert authreq["redirect_uri"].startswith(
"http://localhost:8087/authz")
def test_parse_authorization_request():
srv = Server()
qdict = srv.parse_authorization_request(query=AREQ.to_urlencoded())
assert _eq(qdict.keys(), [
'nonce', 'state', 'redirect_uri', 'response_type', 'client_id', 'scope'
])
assert qdict["state"] == "state0"
def test_parse_urlencoded():
loc = "http://example.com/userinfo?access_token=access_token"
srv = Server()
qdict = srv._parse_urlencoded(loc)
assert _eq(qdict.keys(), ["access_token"])
# all values as lists
assert qdict["access_token"] == ["access_token"]
def test_parse_check_session_request():
srv = Server()
srv.keyjar = KEYJ
request = srv.parse_check_session_request(query=CSREQ.to_urlencoded())
assert request.type() == "IdToken"
assert _eq(request.keys(), ['nonce', 'sub', 'aud', 'iss', 'exp', 'iat'])
assert request["aud"] == ["client_1"]
def test_make_id_token():
srv = Server()
srv.keyjar = KEYJ
srv.keyjar["http://oic.example/rp"] = KC_RSA
session = {"sub": "user0", "client_id": "http://oic.example/rp"}
issuer = "http://oic.example/idp"
code = "abcdefghijklmnop"
_idt = srv.make_id_token(session,
loa="2",
issuer=issuer,
code=code,
access_token="access_token")
algo = "RS256"
ckey = srv.keyjar.get_signing_key(alg2keytype(algo), session["client_id"])
_signed_jwt = _idt.to_jwt(key=ckey, algorithm="RS256")
idt = IdToken().from_jwt(_signed_jwt, keyjar=srv.keyjar)
print idt
header = unpack(_signed_jwt)
lha = left_hash(code, func="HS" + header[0]["alg"][-3:])
assert lha == idt["c_hash"]
atr = AccessTokenResponse(id_token=_signed_jwt,
access_token="access_token",
token_type="Bearer")
atr["code"] = code
assert atr.verify(keyjar=srv.keyjar)
def test_server_parse_parse_authorization_request():
srv = Server()
srv.keyjar = KEYJ
ar = AuthorizationRequest(
response_type=["code"],
client_id="foobar",
redirect_uri="http://foobar.example.com/oaclient",
state="cold",
nonce="NONCE",
scope=["openid"])
uencq = ar.to_urlencoded()
areq = srv.parse_authorization_request(query=uencq)
assert areq.type() == "AuthorizationRequest"
assert areq["response_type"] == ["code"]
assert areq["client_id"] == "foobar"
assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
assert areq["state"] == "cold"
urluenc = "%s?%s" % ("https://example.com/authz", uencq)
areq = srv.parse_authorization_request(url=urluenc)
assert areq.type() == "AuthorizationRequest"
assert areq["response_type"] == ["code"]
assert areq["client_id"] == "foobar"
assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
assert areq["state"] == "cold"
def test_server_parse_token_request():
atr = AccessTokenRequest(grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
client_id=CLIENT_ID,
extra="foo")
uenc = atr.to_urlencoded()
srv = Server()
srv.keyjar = KEYJ
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(),
['code', 'redirect_uri', 'grant_type', 'client_id', 'extra'])
assert tr["grant_type"] == "authorization_code"
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(),
['code', 'grant_type', 'client_id', 'redirect_uri', 'extra'])
assert tr["extra"] == "foo"
def test_request_attr_mis_match():
redirect_uri = "http://example.com/redirect"
client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
client.redirect_uris = [redirect_uri]
client.authorization_endpoint = "http://example.com/authorization"
client.client_secret = "abcdefghijklmnop"
client.keyjar[""] = KC_RSA
client.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
srv = Server()
srv.keyjar = KEYJ
areq = client.construct_AuthorizationRequest(
request_args={
"scope": "openid",
"response_type": ["code"],
"max_age": 86400,
"state": "foobar",
},
request_param="request",
)
for attr in ["state", "max_age", "client_id"]:
del areq[attr]
areq.lax = True
req = srv.parse_authorization_request(query=areq.to_urlencoded())
assert req.verify()
def test_begin_file(self):
tempdir = tempfile.mkdtemp()
self.consumer.config["request_method"] = "file"
self.consumer.config["temp_dir"] = tempdir
self.consumer.config["temp_path"] = tempdir
self.consumer.config["authz_page"] = "/authz"
srv = Server()
srv.keyjar = SRVKEYS
sid, location = self.consumer.begin("openid",
"code",
path="http://localhost:8087")
print location
# vkeys = {".":srv.keyjar.get_verify_key()}
authreq = srv.parse_authorization_request(url=location)
print authreq.keys()
assert _eq(authreq.keys(), [
'max_age', 'state', 'redirect_uri', 'response_type', 'client_id',
'scope', 'claims', 'request_uri'
])
assert authreq["state"] == sid
assert authreq["scope"] == self.consumer.config["scope"]
assert authreq["client_id"] == self.consumer.client_id
assert authreq["redirect_uri"].startswith(
"http://localhost:8087/authz")
# Cleanup the file we have created
shutil.rmtree(tempdir)
def test_parse_token_request():
srv = Server()
qdict = srv.parse_token_request(body=TREQ.to_urlencoded())
assert qdict.type() == "AccessTokenRequest"
assert _eq(qdict.keys(),
['code', 'redirect_uri', 'client_id', 'grant_type'])
assert qdict["client_id"] == CLIENT_ID
assert qdict["code"] == "code"
def test_parse_registration_request():
srv = Server()
request = srv.parse_registration_request(data=REGREQ.to_urlencoded())
assert request.type() == "RegistrationRequest"
assert _eq(request.keys(), ['redirect_uris', 'contacts', 'client_id',
'application_name', 'operation',
'application_type'])
assert request["application_name"] == "pacubar"
assert request["operation"] == "register"
def test_parse_userinfo_request():
srv = Server()
qdict = srv.parse_user_info_request(data=UIREQ.to_urlencoded())
assert _eq(qdict.keys(), ['access_token'])
assert qdict["access_token"] == "access_token"
url = "https://example.org/userinfo?%s" % UIREQ.to_urlencoded()
qdict = srv.parse_user_info_request(data=url)
assert _eq(qdict.keys(), ['access_token'])
assert qdict["access_token"] == "access_token"
def test_parse_end_session_request():
srv = Server()
srv.keyjar = KEYJ
request = srv.parse_end_session_request(query=ESREQ.to_urlencoded())
assert request.type() == "EndSessionRequest"
assert _eq(request.keys(), ['id_token', 'redirect_url', 'state'])
assert request["state"] == "state0"
assert request["id_token"]["aud"] == ["client_1"]
def test_request_1():
srv = Server()
srv.keyjar = KEYJ
areq = 'redirect_uri=https%3A%2F%2Fnode-openid-client.dev%2Fcb&request' \
'=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0' \
'.eyJzdGF0ZSI6ImZvb2JhciIsImlzcyI6Inp2bWk4UGdJbURiOSIsImF1ZCI6Imh0dHBzOi8vcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbm9kZS1vcGVuaWQtY2xpZW50L3JwLXJlcXVlc3RfdXJpLXVuc2lnbmVkIiwiY2xpZW50X2lkIjoienZtaThQZ0ltRGI5In0.&client_id=zvmi8PgImDb9&scope=openid&response_type=code'
req = srv.parse_authorization_request(query=areq)
assert req
def test_parse_refresh_session_request():
srv = Server()
request = srv.parse_refresh_session_request(query=RSREQ.to_urlencoded())
assert request.type() == "RefreshSessionRequest"
assert _eq(request.keys(), ['id_token', 'state', 'redirect_url'])
assert request["id_token"] == "id_token"
url = "https://example.org/userinfo?%s" % RSREQ.to_urlencoded()
request = srv.parse_refresh_session_request(url=url)
assert request.type() == "RefreshSessionRequest"
assert _eq(request.keys(), ['id_token', 'state', 'redirect_url'])
assert request["id_token"] == "id_token"
def test_begin(self):
srv = Server()
srv.keyjar = SRVKEYS
sid, location = self.consumer.begin("openid", "code")
authreq = srv.parse_authorization_request(url=location)
assert _eq(list(authreq.keys()),
['state', 'max_age', 'claims', 'response_type', 'client_id',
'scope', 'redirect_uri'])
assert authreq["state"] == sid
assert authreq["scope"] == self.consumer.consumer_config["scope"]
assert authreq["client_id"] == self.consumer.client_id
def test_server_parse_refresh_token_request():
ratr = RefreshAccessTokenRequest(refresh_token="ababababab",
client_id="Client_id")
uenc = ratr.to_urlencoded()
srv = Server()
srv.keyjar = KEYJ
tr = srv.parse_refresh_token_request(body=uenc)
print tr.keys()
assert tr.type() == "RefreshAccessTokenRequest"
assert tr["refresh_token"] == "ababababab"
assert tr["client_id"] == "Client_id"
def test_begin_file(self, tmpdir):
path = tmpdir.strpath
external_path = "/exported"
self.consumer.consumer_config["request_method"] = "file"
self.consumer.consumer_config["temp_dir"] = path
self.consumer.consumer_config["temp_path"] = external_path
self.consumer.consumer_config["authz_page"] = "/authz"
srv = Server()
srv.keyjar = SRVKEYS
sid, location = self.consumer.begin("openid",
"code",
path="http://localhost:8087")
with responses.RequestsMock() as rsps:
p = urlparse(self.consumer.request_uri)
assert p.netloc == "localhost:8087"
# Map the URL path to the local path
relative_path = os.path.relpath(p.path, external_path)
file_path = os.path.join(path, relative_path)
with open(file_path) as f:
rsps.add(
rsps.GET,
self.consumer.request_uri,
body=f.read(),
status=200,
content_type="application/urlencoded",
)
authreq = srv.parse_authorization_request(url=location)
assert _eq(
list(authreq.keys()),
[
"max_age",
"state",
"redirect_uri",
"response_type",
"client_id",
"scope",
"claims",
],
)
assert authreq["state"] == sid
assert authreq["scope"] == self.consumer.consumer_config["scope"]
assert authreq["client_id"] == self.consumer.client_id
assert authreq["redirect_uri"].startswith(
"http://localhost:8087/authz")
def test_server_parse_jwt_request():
srv = Server()
srv.keyjar = KEYJ
ar = AuthorizationRequest(response_type=["code"], client_id=CLIENT_ID,
redirect_uri="http://foobar.example.com/oaclient",
state="cold", nonce="NONCE", scope=["openid"])
_keys = srv.keyjar.get_verify_key(owner=CLIENT_ID)
_jwt = ar.to_jwt(key=_keys, algorithm="HS256")
req = srv.parse_jwt_request(txt=_jwt)
assert req.type() == "AuthorizationRequest"
assert req["response_type"] == ["code"]
assert req["client_id"] == CLIENT_ID
assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
assert req["state"] == "cold"
def test_request_duplicate_state():
srv = Server()
srv.keyjar = KEYJ
areq = (
"redirect_uri=https%3A%2F%2Fnode-openid-client.dev%2Fcb&state=barf"
"&request"
"=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0"
".eyJzdGF0ZSI6ImZvb2JhciIsImlzcyI6Inp2bWk4UGdJbURiOSIsImF1ZCI6Imh0dHBzOi8v"
"cnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbm9kZS1vcGVuaWQtY2xpZW50L3JwL"
"XJlcXVlc3RfdXJpLXVuc2lnbmVkIiwiY2xpZW50X2lkIjoienZtaThQZ0ltRGI5In0.&"
"client_id=zvmi8PgImDb9&scope=openid&response_type=code")
req = srv.parse_authorization_request(query=areq)
assert req["state"] == "foobar"
assert req["redirect_uri"] == "https://node-openid-client.dev/cb"
def test_parse_open_id_request():
srv = Server()
srv.keyjar = KEYJ
request = srv.parse_open_id_request(data=OIDREQ.to_json(), sformat="json")
assert request.type() == "OpenIDRequest"
print request.keys()
assert _eq(request.keys(), ['nonce', 'claims', 'state', 'redirect_uri',
'response_type', 'client_id', 'scope',
'max_age'])
assert request["nonce"] == "af0ifjsldkj"
print request["claims"]
#assert request.userinfo.format == "signed"
print request["claims"]["userinfo"]
assert "email" in request["claims"]["userinfo"]
def test_begin(self):
self.consumer.authorization_endpoint = AUTHZ_URL
self.consumer.keyjar[""].append(KC_RSA)
#self.consumer.keyjar.set_sign_key(rsapub, "rsa")
#self.consumer.keyjar.set_verify_key(rsapub, "rsa")
srv = Server()
srv.keyjar = SRVKEYS
print "redirect_uris", self.consumer.redirect_uris
print "config", self.consumer.config
location = self.consumer.begin("openid", "code")
print location
authreq = srv.parse_authorization_request(url=location)
print authreq.keys()
assert _eq(authreq.keys(), ['request', 'state', 'max_age', 'claims',
'response_type', 'client_id', 'scope',
'redirect_uri'])
assert authreq["state"] == self.consumer.state
assert authreq["scope"] == self.consumer.config["scope"]
assert authreq["client_id"] == self.consumer.client_id
def test_begin_file(self, tmpdir):
path = tmpdir.strpath
self.consumer.consumer_config["request_method"] = "file"
self.consumer.consumer_config["temp_dir"] = path
self.consumer.consumer_config["temp_path"] = path
self.consumer.consumer_config["authz_page"] = "/authz"
srv = Server()
srv.keyjar = SRVKEYS
sid, location = self.consumer.begin("openid",
"code",
path="http://localhost:8087")
authreq = srv.parse_authorization_request(url=location)
assert _eq(authreq.keys(), [
'max_age', 'state', 'redirect_uri', 'response_type', 'client_id',
'scope', 'claims', 'request_uri'
])
assert authreq["state"] == sid
assert authreq["scope"] == self.consumer.consumer_config["scope"]
assert authreq["client_id"] == self.consumer.client_id
assert authreq["redirect_uri"].startswith(
"http://localhost:8087/authz")
def test_server_init():
srv = Server()
assert srv
srv = Server()
assert srv
def create_server(self):
self.srv = Server()
self.srv.keyjar = KEYJ