def test_consumer_client_get_access_token_reques(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.client_secret = "secret0" _state = "state" cons.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state=_state) cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = cons.get_access_token_request(_state) assert url == "http://localhost:8088/token" print body assert body == ("code=auth_grant&client_secret=secret0&" "grant_type=authorization_code&client_id=number5&" "redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb") assert http_args == {'headers': { 'Content-type': 'application/x-www-form-urlencoded'}}
def test_consumer_client_get_access_token_reques(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.client_secret = "secret0" cons.state = "state" cons.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state="state") cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state="state") cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = cons.get_access_token_request() assert url == "http://localhost:8088/token" print body assert body == ("code=auth_grant&client_secret=secret0&" "grant_type=authorization_code&client_id=number5&" "redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb") assert http_args == { 'headers': { 'Content-type': 'application/x-www-form-urlencoded' } }
def test_consumer_client_get_access_token_reques(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.client_secret = "secret0" _state = "state" cons.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state=_state) cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = cons.get_access_token_request(_state) url_obj = URLObject.create(url) expected_url_obj = URLObject.create("http://localhost:8088/token") assert url_obj == expected_url_obj body_splits = body.split('&') expected_body_splits = "code=auth_grant&client_secret=secret0&" \ "grant_type=authorization_code&client_id=number5&" \ "redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb".split('&') assert set(body_splits) == set(expected_body_splits) assert http_args == { 'headers': { 'Content-type': 'application/x-www-form-urlencoded' } }
assert res.status == "302 Found" url = res.headers["location"] # Parse by the client environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = url _cli = Consumer(SESSION_DB, CLIENT_CONFIG, SERVER_INFO, **CONSUMER_CONFIG) aresp = _cli.handle_authorization_response(environ, start_response, DEVNULL()) print "ARESP: %s" % aresp assert isinstance(aresp, AuthorizationResponse) # Create the AccessTokenRequest url, body, http_args = _cli.get_access_token_request(environ, start_response, DEVNULL()) assert url == "http://localhost:8088/token" assert len(body) != 0 assert http_args == {"client_password": "******"} # complete with access token request app = TestApp(application) cres = app.post('/token', body, extra_environ={"oic.server":SERVER, "mako.lookup":LOOKUP, "REMOTE_USER":_cli.client_id}) print cres.status
class TestConsumer(object): @pytest.fixture(autouse=True) def create_consumer(self): self.consumer = Consumer({}, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) def test_init(self): cons = Consumer({}, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons._backup("123456") assert "123456" in cons.sdb cons = Consumer({}, client_config=CLIENT_CONFIG, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None cons = Consumer({}, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None def test_begin(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") # state is dynamic params = {"scope": "openid", "state": sid, "redirect_uri": "http://localhost:8087/authz", "response_type": "code", "client_id": "number5"} url = "http://localhost:8088/authorization?{}".format(urlencode(params)) assert url_compare(loc, url) def test_handle_authorization_response(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) res = self.consumer.handle_authorization_response( query=atr.to_urlencoded()) assert isinstance(res, AuthorizationResponse) assert self.consumer.grant[sid].code == "SplxlOBeZQQYbYS6WxSbIA" def test_parse_authz_without_code(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) adict = atr.to_dict() del adict["code"] with pytest.raises(MissingRequiredAttribute): self.consumer.handle_authorization_response(query=urlencode(adict)) def test_parse_authz_access_denied(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationErrorResponse(error="access_denied", state=sid) with pytest.raises(AuthzError): self.consumer.handle_authorization_response( query=atr.to_urlencoded()) def test_parse_access_token(self): # implicit flow test self.consumer.response_type = ["token"] sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=sid) res = self.consumer.handle_authorization_response( query=atr.to_urlencoded()) assert isinstance(res, AccessTokenResponse) grant = self.consumer.grant[sid] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA" def test_parse_authz_invalid_client(self): self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = TokenErrorResponse(error="invalid_client") with pytest.raises(AuthzError): self.consumer.handle_authorization_response( query=atr.to_urlencoded()) def test_consumer_client_auth_info(self): self.consumer.client_secret = "secret0" ra, ha, extra = self.consumer.client_auth_info() assert ra == {'client_secret': 'secret0', 'client_id': 'number5'} assert ha == {} assert extra == {'auth_method': 'bearer_body'} def test_client_get_access_token_request(self): self.consumer.client_secret = "secret0" _state = "state" self.consumer.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state=_state) self.consumer.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) self.consumer.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = self.consumer.get_access_token_request(_state) assert url_compare(url, "http://localhost:8088/token") expected_params = 'code=auth_grant&redirect_uri=https%3A%2F%2Fwww' \ '.example.com%2Foic%2Fcb&client_id=number5' \ '&client_secret=secret0&grant_type=authorization_code&state_hash=S6aXNcpTdl7WpwnttWxuoja3GTo7KaazkMNG8PQ0Dk4%3D' assert query_string_compare(body, expected_params) assert http_args == {'headers': { 'Content-Type': 'application/x-www-form-urlencoded'}}
class TestConsumer(object): @pytest.fixture(autouse=True) def create_consumer(self): self.consumer = Consumer( DictSessionBackend(), client_config=CLIENT_CONFIG, server_info=SERVER_INFO, settings=CLIENT_SETTINGS, **CONSUMER_CONFIG, ) def test_init(self): cons = Consumer( DictSessionBackend(), client_config=CLIENT_CONFIG, server_info=SERVER_INFO, settings=CLIENT_SETTINGS, **CONSUMER_CONFIG, ) cons._backup("123456") assert "123456" in cons.sdb cons = Consumer( DictSessionBackend(), client_config=CLIENT_CONFIG, settings=CLIENT_SETTINGS, **CONSUMER_CONFIG, ) assert cons.authorization_endpoint is None cons = Consumer(DictSessionBackend, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None def test_begin(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") # state is dynamic params = { "scope": "openid", "state": sid, "redirect_uri": "http://localhost:8087/authz", "response_type": "code", "client_id": "number5", } url = "http://localhost:8088/authorization?{}".format( urlencode(params)) assert url_compare(loc, url) def test_handle_authorization_response(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) res = self.consumer.handle_authorization_response( query=atr.to_urlencoded()) assert isinstance(res, AuthorizationResponse) assert self.consumer.grant[sid].code == "SplxlOBeZQQYbYS6WxSbIA" def test_parse_authz_without_code(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) adict = atr.to_dict() del adict["code"] with pytest.raises(MissingRequiredAttribute): self.consumer.handle_authorization_response(query=urlencode(adict)) def test_parse_authz_access_denied(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationErrorResponse(error="access_denied", state=sid) with pytest.raises(AuthzError): self.consumer.handle_authorization_response( query=atr.to_urlencoded()) def test_parse_access_token(self): # implicit flow test self.consumer.response_type = ["token"] sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AccessTokenResponse( access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=sid, ) res = self.consumer.handle_authorization_response( query=atr.to_urlencoded()) assert isinstance(res, AccessTokenResponse) grant = self.consumer.grant[sid] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA" def test_parse_authz_invalid_client(self): self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = TokenErrorResponse(error="invalid_client") with pytest.raises(AuthzError): self.consumer.handle_authorization_response( query=atr.to_urlencoded()) def test_consumer_client_auth_info(self): self.consumer.client_secret = "secret0" ra, ha, extra = self.consumer.client_auth_info() assert ra == {"client_secret": "secret0", "client_id": "number5"} assert ha == {} assert extra == {"auth_method": "bearer_body"} def test_provider_config(self): c = Consumer(None, None) response = ASConfigurationResponse( **{ "issuer": "https://example.com", "end_session_endpoint": "https://example.com/end_session", }) with responses.RequestsMock() as rsps: rsps.add( responses.GET, "https://example.com/.well-known/openid-configuration", json=response.to_dict(), ) info = c.provider_config("https://example.com") assert isinstance(info, ASConfigurationResponse) assert _eq(info.keys(), ["issuer", "version", "end_session_endpoint"]) assert info[ "end_session_endpoint"] == "https://example.com/end_session" def test_client_get_access_token_request(self): self.consumer.client_secret = "secret0" _state = "state" self.consumer.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state=_state) self.consumer.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) self.consumer.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = self.consumer.get_access_token_request(_state) assert url_compare(url, "http://localhost:8088/token") expected_params = ( "redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb&client_id=number5&state=state&" "code=auth_grant&grant_type=authorization_code&client_secret=secret0" ) assert query_string_compare(body, expected_params) assert http_args == { "headers": { "Content-Type": "application/x-www-form-urlencoded" } } def test_access_token_storage_with_custom_response_class(self): _state = "state" # AccessTokenResponse custom class class AccessTokenResponseWrapper(AccessTokenResponse): """Response wrapper to get "expires_in" in hours.""" c_param = AccessTokenResponse.c_param.copy() c_param.update({"expires_in_hours": SINGLE_OPTIONAL_INT}) def __init__(self, **kwargs): super(AccessTokenResponseWrapper, self).__init__(**kwargs) if "expires_in" in self and self["expires_in"]: self["expires_in_hours"] = self["expires_in"] // 3600 resp = AccessTokenResponseWrapper( access_token="2YotnFZFEjr1zCsiAB", token_type="Bearer", expires_in=3600, state=_state, ) self.consumer.parse_response(AccessTokenResponseWrapper, resp.to_urlencoded(), "urlencoded") grant = self.consumer.grant[_state] assert len(grant.tokens) == 1 assert grant.tokens[0].access_token == "2YotnFZFEjr1zCsiAB" assert grant.tokens[ 0].token_expiration_time > time_util.time_sans_frac() assert grant.tokens[0].expires_in_hours == 1 # type: ignore
class TestConsumer(object): @pytest.fixture(autouse=True) def create_consumer(self): self.consumer = Consumer({}, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) def test_init(self): cons = Consumer({}, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons._backup("123456") assert "123456" in cons.sdb cons = Consumer({}, client_config=CLIENT_CONFIG, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None cons = Consumer({}, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None def test_begin(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") # state is dynamic params = { "scope": "openid", "state": sid, "redirect_uri": "http://localhost:8087/authz", "response_type": "code", "client_id": "number5" } url = "http://localhost:8088/authorization?{}".format( urlencode(params)) assert url_compare(loc, url) def test_handle_authorization_response(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) res = self.consumer.handle_authorization_response( query=atr.to_urlencoded()) assert isinstance(res, AuthorizationResponse) assert self.consumer.grant[sid].code == "SplxlOBeZQQYbYS6WxSbIA" def test_parse_authz_without_code(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) adict = atr.to_dict() del adict["code"] with pytest.raises(MissingRequiredAttribute): self.consumer.handle_authorization_response(query=urlencode(adict)) def test_parse_authz_access_denied(self): sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationErrorResponse(error="access_denied", state=sid) with pytest.raises(AuthzError): self.consumer.handle_authorization_response( query=atr.to_urlencoded()) def test_parse_access_token(self): # implicit flow test self.consumer.response_type = ["token"] sid, loc = self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=sid) res = self.consumer.handle_authorization_response( query=atr.to_urlencoded()) assert isinstance(res, AccessTokenResponse) grant = self.consumer.grant[sid] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA" def test_parse_authz_invalid_client(self): self.consumer.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = TokenErrorResponse(error="invalid_client") with pytest.raises(AuthzError): self.consumer.handle_authorization_response( query=atr.to_urlencoded()) def test_consumer_client_auth_info(self): self.consumer.client_secret = "secret0" ra, ha, extra = self.consumer.client_auth_info() assert ra == {'client_secret': 'secret0', 'client_id': 'number5'} assert ha == {} assert extra == {'auth_method': 'bearer_body'} def test_client_get_access_token_request(self): self.consumer.client_secret = "secret0" _state = "state" self.consumer.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state=_state) self.consumer.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) self.consumer.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = self.consumer.get_access_token_request(_state) assert url_compare(url, "http://localhost:8088/token") expected_params = 'redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb&client_id=number5&state=state&' \ 'code=auth_grant&grant_type=authorization_code&client_secret=secret0' assert query_string_compare(body, expected_params) assert http_args == { 'headers': { 'Content-Type': 'application/x-www-form-urlencoded' } }