def register(self, url, **kwargs):
"""
Register the client at an OP
:param url: The OPs registration endpoint
:param kwargs: parameters to the registration request
:return:
"""
req = RegistrationRequest()
for prop in req.parameters():
try:
req[prop] = kwargs[prop]
except KeyError:
try:
req[prop] = self.behaviour[prop]
except KeyError:
pass
if "redirect_uris" not in req:
try:
req["redirect_uris"] = self.redirect_uris
except AttributeError:
raise MissingRequiredAttribute("redirect_uris")
headers = {"content-type": "application/json"}
rsp = self.http_request(url, "POST", data=req.to_json(),
headers=headers)
return self.handle_registration_info(rsp)
def test_registration_request(self):
req = RegistrationRequest(
operation="register",
default_max_age=10,
require_auth_time=True,
default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {
"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web",
"default_acr": "foo",
"require_auth_time": True,
"operation": "register",
"default_max_age": 10,
"response_types": ["code"]
}
assert js_obj == expected_js_obj
flattened_list_dict = {
k: v[0] if isinstance(v, list) else v
for k, v in expected_js_obj.items()
}
assert query_string_compare(req.to_urlencoded(),
urlencode(flattened_list_dict))
def test_registration_endpoint(self):
req = RegistrationRequest()
req["application_type"] = "web"
req["client_name"] = "My super service"
req["redirect_uris"] = ["http://example.com/authz"]
req["contacts"] = ["*****@*****.**"]
req["response_types"] = ["code"]
resp = self.provider.registration_endpoint(request=req.to_json())
regresp = RegistrationResponse().deserialize(resp.message, "json")
assert _eq(
regresp.keys(),
[
"redirect_uris",
"contacts",
"application_type",
"client_name",
"registration_client_uri",
"client_secret_expires_at",
"registration_access_token",
"client_id",
"client_secret",
"client_id_issued_at",
"response_types",
],
)
def test_registration_endpoint_openid4us(self):
req = RegistrationRequest(
**{'token_endpoint_auth_method': u'client_secret_post',
'redirect_uris': [
u'https://connect.openid4.us:5443/phpRp/index.php/callback',
u'https://connect.openid4.us:5443/phpRp/authcheck.php/authcheckcb'],
'jwks_uri': u'https://connect.openid4.us:5443/phpRp/rp/rp.jwk',
'userinfo_encrypted_response_alg': u'RSA1_5',
'contacts': [u'*****@*****.**'],
'userinfo_encrypted_response_enc': u'A128CBC-HS256',
'application_type': u'web',
'client_name': u'ABRP-17',
'grant_types': [u'authorization_code', u'implicit'],
'post_logout_redirect_uris': [
u'https://connect.openid4.us:5443/phpRp/index.php/logoutcb'],
'subject_type': u'public',
'response_types': [u'code', u'token', u'id_token', u'code token',
u'code id_token', u'id_token token',
u'code id_token token'],
'policy_uri': u'https://connect.openid4.us:5443/phpRp/index.php/policy',
'logo_uri': u'https://connect.openid4.us:5443/phpRp/media/logo.png'})
resp = self.provider.registration_endpoint(request=req.to_json())
regresp = RegistrationResponse().deserialize(resp.message, "json")
assert _eq(regresp.keys(), list(req.keys()) +
['registration_client_uri',
'client_secret_expires_at',
'registration_access_token',
'client_id', 'client_secret',
'client_id_issued_at'])
def test_registration_request():
req = RegistrationRequest(type="client_associate", default_max_age=10,
require_auth_time=True, default_acr="foo")
js = req.to_json()
print js
assert js == '{"require_auth_time": true, "default_acr": "foo", "type": "client_associate", "default_max_age": 10}'
ue = req.to_urlencoded()
print ue
assert ue == 'default_acr=foo&type=client_associate&default_max_age=10&require_auth_time=True'
def test_verify_redirect_uri_correct_without_query(self, uri):
rr = RegistrationRequest(operation="register", redirect_uris=["http://example.org/cb"], response_types=["code"])
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
cid = regresp["client_id"]
areq = AuthorizationRequest(redirect_uri=uri, client_id=cid, response_type="code", scope="openid")
self.provider._verify_redirect_uri(areq)
def test_registration_request():
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
print js
assert js == '{"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": true, "operation": "register", "default_max_age": 10}'
ue = req.to_urlencoded()
print ue
assert ue == 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'
def test_registration_endpoint_with_non_https_redirect_uri_implicit_flow(
self):
params = {"application_type": "web",
"redirect_uris": ["http://example.com/authz"],
"response_types": ["id_token", "token"]}
req = RegistrationRequest(**params)
resp = self.provider.registration_endpoint(request=req.to_json())
assert resp.status == "400 Bad Request"
error = json.loads(resp.message)
assert error["error"] == "invalid_redirect_uri"
def test_read_registration(self):
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/new"],
response_types=["code"])
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
authn = ' '.join(['Bearer', regresp['registration_access_token']])
query = '='.join(['client_id', regresp['client_id']])
resp = self.provider.read_registration(authn, query)
assert json.loads(resp.message) == regresp.to_dict()
def test_registration_request():
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10}
assert js_obj == expected_js_obj
ue = req.to_urlencoded()
ue_splits = ue.split('&')
expected_ue_splits = 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'.split('&')
assert _eq(ue_splits, expected_ue_splits)
def test_registration_request():
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10}
assert js_obj == expected_js_obj
ue = req.to_urlencoded()
ue_splits = ue.split('&')
expected_ue_splits = 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'.split('&')
assert _eq(ue_splits, expected_ue_splits)
def test_read_registration(self):
rr = RegistrationRequest(
operation="register", redirect_uris=["http://example.org/new"], response_types=["code"]
)
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
authn = " ".join(["Bearer", regresp["registration_access_token"]])
query = "=".join(["client_id", regresp["client_id"]])
resp = self.provider.read_registration(authn, query)
assert json.loads(resp.message) == regresp.to_dict()
def test_registration_request():
req = RegistrationRequest(operation="register",
default_max_age=10,
require_auth_time=True,
default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
print js
assert js == '{"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": true, "operation": "register", "default_max_age": 10}'
ue = req.to_urlencoded()
print ue
assert ue == 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'
def test_registered_redirect_uri_faulty_with_query_component(self, uri):
rr = RegistrationRequest(
operation="register", redirect_uris=["http://example.org/cb?foo=bar"], response_types=["code"]
)
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
cid = regresp["client_id"]
areq = AuthorizationRequest(redirect_uri=uri, client_id=cid, scope="openid", response_type="code")
with pytest.raises(RedirectURIError):
self.provider._verify_redirect_uri(areq)
def test_registration_request(self):
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=[
"https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web", "default_acr": "foo",
"require_auth_time": True, "operation": "register",
"default_max_age": 10}
assert js_obj == expected_js_obj
assert query_string_compare(req.to_urlencoded(),
"redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10")
def test_verify_redirect_uri_correct_without_query(self, uri):
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb"],
response_types=["code"])
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
cid = regresp["client_id"]
areq = AuthorizationRequest(redirect_uri=uri,
client_id=cid,
response_type="code",
scope="openid")
self.provider._verify_redirect_uri(areq)
def test_registered_redirect_uri_with_query_component(self):
provider2 = Provider("FOOP", {}, {}, None, None, None, None, "")
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb?foo=bar"],
response_types=["code"])
registration_req = rr.to_json()
resp = provider2.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
print regresp.to_dict()
faulty = [
"http://example.org/cb",
"http://example.org/cb/foo",
"http://example.org/cb?got=you",
"http://example.org/cb?foo=you"
"http://example.org/cb?foo=bar&got=you",
"http://example.org/cb?foo=you&foo=bar"
]
correct = [
"http://example.org/cb?foo=bar",
]
cid = regresp["client_id"]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
scope="openid",
response_type="code")
print areq
try:
provider2._verify_redirect_uri(areq)
except RedirectURIError:
pass
for ruri in correct:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid, scope="openid",
response_type="code")
resp = provider2._verify_redirect_uri(areq)
print resp
assert resp is None
def test_registered_redirect_uri_with_query_component(self):
provider2 = Provider("FOOP", {}, {}, None, None, None, None, "")
rr = RegistrationRequest(
operation="register",
redirect_uris=["http://example.org/cb?foo=bar"],
response_types=["code"])
registration_req = rr.to_json()
resp = provider2.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
print regresp.to_dict()
faulty = [
"http://example.org/cb", "http://example.org/cb/foo",
"http://example.org/cb?got=you", "http://example.org/cb?foo=you"
"http://example.org/cb?foo=bar&got=you",
"http://example.org/cb?foo=you&foo=bar"
]
correct = [
"http://example.org/cb?foo=bar",
]
cid = regresp["client_id"]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
scope="openid",
response_type="code")
print areq
try:
provider2._verify_redirect_uri(areq)
except RedirectURIError:
pass
for ruri in correct:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
scope="openid",
response_type="code")
resp = provider2._verify_redirect_uri(areq)
print resp
assert resp is None
def test_registration_request(self):
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=[
"https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web", "default_acr": "foo",
"require_auth_time": True, "operation": "register",
"default_max_age": 10, "response_types": ["code"]}
assert js_obj == expected_js_obj
flattened_list_dict = {k: v[0] if isinstance(v, list) else v for k, v in expected_js_obj.items()}
assert query_string_compare(req.to_urlencoded(), urlencode(flattened_list_dict))
def test_registered_redirect_uri_without_query_component(self):
provider = Provider("FOO", {}, {}, None, None, None, None, "")
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb"],
response_types=["code"])
registration_req = rr.to_json()
provider.registration_endpoint(request=registration_req)
correct = [
"http://example.org/cb",
"http://example.org/cb/foo",
]
faulty = [
"http://example.org/foo",
"http://example.com/cb",
"http://example.org/cb?got=you",
"http://example.org/cb/foo?got=you"
]
cid = self._client_id(provider.cdb)
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
response_type="code",
scope="openid")
print areq
try:
provider._verify_redirect_uri(areq)
assert False
except RedirectURIError:
pass
for ruri in correct:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
response_type="code", scope="openid")
print areq
try:
provider._verify_redirect_uri(areq)
except RedirectURIError, err:
print err
assert False
def test_registered_redirect_uri_without_query_component(self):
provider = Provider("FOO", {}, {}, None, None, None, None, "")
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb"],
response_types=["code"])
registration_req = rr.to_json()
provider.registration_endpoint(request=registration_req)
correct = [
"http://example.org/cb",
"http://example.org/cb/foo",
]
faulty = [
"http://example.org/foo", "http://example.com/cb",
"http://example.org/cb?got=you",
"http://example.org/cb/foo?got=you"
]
cid = self._client_id(provider.cdb)
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
response_type="code",
scope="openid")
print areq
try:
provider._verify_redirect_uri(areq)
assert False
except RedirectURIError:
pass
for ruri in correct:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
response_type="code",
scope="openid")
print areq
try:
provider._verify_redirect_uri(areq)
except RedirectURIError, err:
print err
assert False
def test_registered_redirect_uri_faulty_with_query_component(self, uri):
rr = RegistrationRequest(operation="register",
redirect_uris=[
"http://example.org/cb?foo=bar"],
response_types=["code"])
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
cid = regresp["client_id"]
areq = AuthorizationRequest(redirect_uri=uri,
client_id=cid,
scope="openid",
response_type="code")
with pytest.raises(RedirectURIError):
self.provider._verify_redirect_uri(areq)
def test_registration_endpoint(self):
req = RegistrationRequest()
req["application_type"] = "web"
req["client_name"] = "My super service"
req["redirect_uris"] = ["http://example.com/authz"]
req["contacts"] = ["*****@*****.**"]
req["response_types"] = ["code"]
resp = self.provider.registration_endpoint(request=req.to_json())
regresp = RegistrationResponse().deserialize(resp.message, "json")
assert _eq(regresp.keys(), [
'redirect_uris', 'contacts', 'application_type', 'client_name',
'registration_client_uri', 'client_secret_expires_at',
'registration_access_token', 'client_id', 'client_secret',
'client_id_issued_at', 'response_types'
])
def test_registration_endpoint(self):
req = RegistrationRequest()
req["application_type"] = "web"
req["client_name"] = "My super service"
req["redirect_uris"] = ["http://example.com/authz"]
req["contacts"] = ["*****@*****.**"]
req["response_types"] = ["code"]
print req.to_dict()
resp = self.server.registration_endpoint(request=req.to_json())
print resp.message
regresp = RegistrationResponse().deserialize(resp.message, "json")
print regresp.keys()
assert _eq(regresp.keys(), ['redirect_uris', 'contacts', 'application_type',
'client_name', 'registration_client_uri',
'client_secret_expires_at',
'registration_access_token',
'client_id', 'client_secret',
'client_id_issued_at', 'response_types'])
def test_registration_request(self):
req = RegistrationRequest(
operation="register",
default_max_age=10,
require_auth_time=True,
default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {
"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web",
"default_acr": "foo",
"require_auth_time": True,
"operation": "register",
"default_max_age": 10
}
assert js_obj == expected_js_obj
assert query_string_compare(
req.to_urlencoded(),
"redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10"
)
