def _authn_response(self, context): """ Handles the authentication response from the AS. :type context: satosa.context.Context :rtype: satosa.response.Response :param context: The context in SATOSA :return: A SATOSA response. This method is only responsible to call the callback function which generates the Response object. """ state_data = context.state[self.name] aresp = self.consumer.parse_response(AuthorizationResponse, info=json.dumps(context.request)) self._verify_state(aresp, state_data, context.state) rargs = { "code": aresp["code"], "redirect_uri": self.redirect_url, "state": state_data["state"] } atresp = self.consumer.do_access_token_request(request_args=rargs, state=aresp["state"]) if "verify_accesstoken_state" not in self.config or self.config[ "verify_accesstoken_state"]: self._verify_state(atresp, state_data, context.state) user_info = self.user_information(atresp["access_token"]) internal_response = InternalData( auth_info=self.auth_info(context.request)) internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] del context.state[self.name] return self.auth_callback_func(context, internal_response)
def _authn_response(self, context): state_data = context.state[self.name] aresp = self.consumer.parse_response( AuthorizationResponse, info=json.dumps(context.request)) self._verify_state(aresp, state_data, context.state) url = self.config['server_info']['token_endpoint'] data = dict( grant_type='authorization_code', code=aresp['code'], redirect_uri=self.redirect_url, client_id=self.config['client_config']['client_id'], client_secret=self.config['client_secret'], ) r = requests.post(url, data=data) response = r.json() if self.config.get('verify_accesstoken_state', True): self._verify_state(response, state_data, context.state) user_info = self.user_information(response["access_token"]) auth_info = self.auth_info(context.request) internal_response = InternalData(auth_info=auth_info) internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] del context.state[self.name] return self.auth_callback_func(context, internal_response)
def handle_response(self, context): auth_info = AuthenticationInformation("test", str(datetime.now()), "test_issuer") internal_resp = InternalData(auth_info=auth_info) internal_resp.attributes = context.request internal_resp.subject_id = "test_user" return self.auth_callback_func(context, internal_resp)
def _authn_response(self, context): state_data = context.state[self.name] aresp = self.consumer.parse_response(AuthorizationResponse, info=json.dumps(context.request)) self._verify_state(aresp, state_data, context.state) url = self.config['server_info']['token_endpoint'] data = dict( grant_type='authorization_code', code=aresp['code'], redirect_uri=self.redirect_url, client_id=self.config['client_config']['client_id'], client_secret=self.config['client_secret'], ) r = requests.post(url, data=data) response = r.json() if self.config.get('verify_accesstoken_state', True): self._verify_state(response, state_data, context.state) user_info = self.user_information(response["access_token"]) auth_info = self.auth_info(context.request) internal_response = InternalData(auth_info=auth_info) internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] del context.state[self.name] return self.auth_callback_func(context, internal_response)
def setup_for_authn_response(self, context, frontend, auth_req): context.state[frontend.name] = {"oidc_request": auth_req.to_urlencoded()} auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", "unittest_idp.xml") internal_response = InternalData(auth_info=auth_info) internal_response.attributes = AttributeMapper(INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"]) internal_response.subject_id = USERS["testuser1"]["eduPersonTargetedID"][0] return internal_response
def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id" base = SATOSABase(satosa_config) internal_resp = InternalData(auth_info=AuthenticationInformation("", "", "")) internal_resp.subject_id = "user1234" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) assert internal_resp.attributes["user_id"] == [internal_resp.subject_id]
def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"] base = SATOSABase(satosa_config) attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]} internal_resp = InternalData(auth_info=AuthenticationInformation("", "", "")) internal_resp.attributes = copy.copy(attributes) internal_resp.subject_id = "test_user" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]: assert internal_resp.attributes[attr] == [ util.hash_data(satosa_config.get("USER_ID_HASH_SALT", ""), v) for v in attributes[attr] ]
def _translate_response(self, response, issuer): """ Translates oidc response to SATOSA internal response. :type response: dict[str, str] :type issuer: str :type subject_type: str :rtype: InternalData :param response: Dictioary with attribute name as key. :param issuer: The oidc op that gave the repsonse. :param subject_type: public or pairwise according to oidc standard. :return: A SATOSA internal response. """ auth_info = AuthenticationInformation(UNSPECIFIED, str(datetime.now()), issuer) internal_resp = InternalData(auth_info=auth_info) internal_resp.attributes = self.converter.to_internal("openid", response) internal_resp.subject_id = response["sub"] return internal_resp
def _authn_response(self, context): aresp = self.consumer.parse_response( AuthorizationResponse, info=json.dumps(context.request)) url = self.config['server_info']['token_endpoint'] data = dict( grant_type='authorization_code', code=aresp['code'], redirect_uri=self.redirect_url, client_id=self.config['client_config']['client_id'], client_secret=self.config['client_secret'], ) headers = {'Accept': 'application/json'} r = requests.post(url, data=data, headers=headers) response = r.json() token = response['access_token'] orcid, name = response['orcid'], response['name'] user_info = self.user_information(token, orcid, name) auth_info = self.auth_info(context.request) internal_response = InternalData(auth_info=auth_info) internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = orcid return self.auth_callback_func(context, internal_response)
def _authn_response(self, context): state_data = context.state[self.name] aresp = self.consumer.parse_response(AuthorizationResponse, info=json.dumps(context.request)) self._verify_state(aresp, state_data, context.state) rargs = { "code": aresp["code"], "redirect_uri": self.redirect_url, "state": state_data["state"] } atresp = self.consumer.do_access_token_request(request_args=rargs, state=aresp['state']) user_info = self.user_information(atresp['access_token'], atresp['orcid'], atresp['name']) internal_response = InternalData( auth_info=self.auth_info(context.request)) internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] del context.state[self.name] return self.auth_callback_func(context, internal_response)
def _authn_response(self, context): aresp = self.consumer.parse_response(AuthorizationResponse, info=json.dumps(context.request)) url = self.config['server_info']['token_endpoint'] data = dict( grant_type='authorization_code', code=aresp['code'], redirect_uri=self.redirect_url, client_id=self.config['client_config']['client_id'], client_secret=self.config['client_secret'], ) headers = {'Accept': 'application/json'} r = requests.post(url, data=data, headers=headers) response = r.json() token = response['access_token'] orcid, name = response['orcid'], response['name'] user_info = self.user_information(token, orcid, name) auth_info = self.auth_info(context.request) internal_response = InternalData(auth_info=auth_info) internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = orcid return self.auth_callback_func(context, internal_response)
def internal_response(self): auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer") internal_response = InternalData(auth_info=auth_info) internal_response.subject_id = "user1" return internal_response
def internal_response(self): auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer") internal_response = InternalData(auth_info=auth_info) internal_response.subject_id = "user1" return internal_response