Esempio n. 1
0
    def test_get_login(self):
        with oidc_settings.override(DEFAULT_PROVIDER={}):
            response = self.client.get('/oidc/login/')

        tools.assert_equal(response.status_code, 200)
        tools.assert_true(
            any(t.name == 'oidc/login.html' for t in response.templates))
Esempio n. 2
0
    def test_get_default_provider__no_updates(self, ProviderMock):
        provider = self.create_bogus_object(self.configs)
        ProviderMock.objects.get_or_create.return_value = (provider, False)

        with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
            got_provider = get_default_provider()

        self.assertIs(provider, got_provider)
        assert not ProviderMock.save.called, 'Save should not have been called!'
Esempio n. 3
0
    def test_get_default_provider__no_updates(self, ProviderMock):
        provider = self.create_bogus_object(self.configs)
        ProviderMock.objects.get_or_create.return_value = (provider, False)

        with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
            got_provider = get_default_provider()

        self.assertIs(provider, got_provider)
        assert not ProviderMock.save.called, 'Save should not have been called!'
Esempio n. 4
0
    def test_login_default_provider(self, get_mock):
        configs = dict(self.configs,
                authorization_endpoint='http://default.example.it/authorize')
        get_mock.return_value.status_code = 200
        get_mock.return_value.json.return_value = configs

        with oidc_settings.override(DEFAULT_PROVIDER=configs):
            response = self.client.get('/oidc/login/')

        tools.assert_equal(response.status_code, 302)
        redirect_url = urlparse(response['Location'])
        tools.assert_equal('default.example.it', redirect_url.hostname)
    def test_post_token_endpoint_with_invalid_ssl(self, post_mock):
        with oidc_settings.override(VERIFY_SSL=False):
            response = mock.MagicMock()
            response.status_code = 200
            response.json.return_value = {
                'access_token': '12345',
                'refresh_token': '12345',
                'expires_in': 3600,
                'token_type': 'Bearer',
                'id_token': (
                    'eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc'
                    'yI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5'
                    'NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZ'
                    'fV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5Nz'
                    'AKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6q'
                    'Jp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJ'
                    'NqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7Tpd'
                    'QyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoS'
                    'K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4'
                    'XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg'),
            }
            post_mock.return_value = response

            state = 'abcde'
            Nonce.objects.create(issuer_url='http://example.it', state=state, redirect_url='http://back.to.me')
            provider = OpenIDProvider.objects.create(issuer='http://example.it',
                    client_id='12345',
                    client_secret='abcde',
                    token_endpoint='http://example.it/token',
                    authorization_endpoint='http://a.b/',
                    userinfo_endpoint='http://a.b/',
                    jwks_uri='http://a.b/')

            session = self.client.session
            session['oidc_state'] = state
            session.save()

            user = UserModel.objects.create(username='******')
            OpenIDUser.objects.create(sub='foobar', issuer=provider, user=user)

            with mock.patch.object(OpenIDProvider, 'verify_id_token') as mock_verify_id_token:
                mock_verify_id_token.return_value = {'sub': 'foobar'}

                self.client.get('/oidc/complete/', data={
                    'state': state,
                    'code': '12345'
                })

            post_mock.assert_called_with(provider.token_endpoint, params={
                'grant_type': 'authorization_code',
                'code': '12345',
                'redirect_uri': 'http://testserver/oidc/complete/'
            }, auth=provider.client_credentials, verify=False)
Esempio n. 6
0
    def test_login_default_provider(self, get_mock):
        configs = dict(
            self.configs,
            authorization_endpoint='http://default.example.it/authorize')
        get_mock.return_value.status_code = 200
        get_mock.return_value.json.return_value = configs

        with oidc_settings.override(DEFAULT_PROVIDER=configs):
            response = self.client.get('/oidc/login/')

        tools.assert_equal(response.status_code, 302)
        redirect_url = urlparse(response['Location'])
        tools.assert_equal('default.example.it', redirect_url.hostname)
Esempio n. 7
0
    def test_get_default_provider__with_updates(self, ProviderMock):
        new_url = 'https://another-url.bogus'
        new_configs = dict(self.configs, authorization_endpoint=new_url)

        old_provider = self.create_bogus_object(self.configs)
        old_provider.save = mock.Mock()

        ProviderMock.objects.get_or_create.return_value = (old_provider, False)

        with oidc_settings.override(DEFAULT_PROVIDER=new_configs):
            got_provider = get_default_provider()

        old_provider.save.assert_called_with()
        self.assertEqual(old_provider.authorization_endpoint, new_url)
Esempio n. 8
0
    def test_get_default_provider__with_updates(self, ProviderMock):
        new_url = 'https://another-url.bogus'
        new_configs = dict(self.configs, authorization_endpoint=new_url)

        old_provider = self.create_bogus_object(self.configs)
        old_provider.save = mock.Mock()

        ProviderMock.objects.get_or_create.return_value = (old_provider, False)

        with oidc_settings.override(DEFAULT_PROVIDER=new_configs):
            got_provider = get_default_provider()

        old_provider.save.assert_called_with()
        self.assertEqual(old_provider.authorization_endpoint, new_url)
Esempio n. 9
0
    def test_post_login(self, get_mock):
        get_mock.return_value = self.response_mock

        with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
            response = self.client.post('/oidc/login/', data={
                'issuer': 'http://example.it'
            })

        tools.assert_equal(response.status_code, 302)

        redirect_url = urlparse(response['Location'])
        tools.assert_equal('http://example.it', '%s://%s' % (redirect_url.scheme, redirect_url.hostname))

        params = parse_qs(redirect_url.query)
        tools.assert_equal(set(params.keys()),
            {'response_type', 'scope', 'client_id', 'state'})
Esempio n. 10
0
    def test_post_login(self, get_mock):
        get_mock.return_value = self.response_mock

        with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
            response = self.client.post('/oidc/login/',
                                        data={'issuer': 'http://example.it'})

        tools.assert_equal(response.status_code, 302)

        redirect_url = urlparse(response['Location'])
        tools.assert_equal(
            'http://example.it',
            '%s://%s' % (redirect_url.scheme, redirect_url.hostname))

        params = parse_qs(redirect_url.query)
        tools.assert_equal(set(params.keys()),
                           {'response_type', 'scope', 'client_id', 'state'})
Esempio n. 11
0
    def test_post_token_endpoint_with_invalid_ssl(self, post_mock):
        with oidc_settings.override(VERIFY_SSL=False):
            response = mock.MagicMock()
            response.status_code = 200
            response.json.return_value = {
                'access_token':
                '12345',
                'refresh_token':
                '12345',
                'expires_in':
                3600,
                'token_type':
                'Bearer',
                'id_token':
                ('eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc'
                 'yI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5'
                 'NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZ'
                 'fV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5Nz'
                 'AKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6q'
                 'Jp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJ'
                 'NqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7Tpd'
                 'QyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoS'
                 'K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4'
                 'XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg'),
            }
            post_mock.return_value = response

            state = 'abcde'
            Nonce.objects.create(issuer_url='http://example.it',
                                 state=state,
                                 redirect_url='http://back.to.me')
            provider = OpenIDProvider.objects.create(
                issuer='http://example.it',
                client_id='12345',
                client_secret='abcde',
                token_endpoint='http://example.it/token',
                authorization_endpoint='http://a.b/',
                userinfo_endpoint='http://a.b/',
                jwks_uri='http://a.b/')

            session = self.client.session
            session['oidc_state'] = state
            session.save()

            user = UserModel.objects.create(username='******')
            OpenIDUser.objects.create(sub='foobar', issuer=provider, user=user)

            with mock.patch.object(OpenIDProvider,
                                   'verify_id_token') as mock_verify_id_token:
                mock_verify_id_token.return_value = {'sub': 'foobar'}

                self.client.get('/oidc/complete/',
                                data={
                                    'state': state,
                                    'code': '12345'
                                })

            post_mock.assert_called_with(provider.token_endpoint,
                                         params={
                                             'grant_type':
                                             'authorization_code',
                                             'code':
                                             '12345',
                                             'redirect_uri':
                                             'http://testserver/oidc/complete/'
                                         },
                                         auth=provider.client_credentials,
                                         verify=False)
Esempio n. 12
0
    def test_get_login(self):
        with oidc_settings.override(DEFAULT_PROVIDER={}):
            response = self.client.get('/oidc/login/')

        tools.assert_equal(response.status_code, 200)
        tools.assert_true(any(t.name == 'oidc/login.html' for t in response.templates))