def test_unpack_aggregated_response_missing_keys(self): claims = { "address": { "street_address": "1234 Hollywood Blvd.", "locality": "Los Angeles", "region": "CA", "postal_code": "90210", "country": "US" }, "phone_number": "+1 (555) 123-4567" } _keyjar = build_keyjar(KEYSPEC) srv = JWT(_keyjar, iss=ISS, sign_alg='ES256') _jwt = srv.pack(payload=claims) resp = OpenIDSchema(sub='diana', given_name='Diana', family_name='krall', _claim_names={ 'address': 'src1', 'phone_number': 'src1' }, _claim_sources={'src1': {'JWT': _jwt}}) _resp = self.service.parse_response(resp.to_json(), state='abcde') assert _resp
def test_unpack_signed_response(self): resp = OpenIDSchema(sub='diana', given_name='Diana', family_name='krall', iss=ISS) sk = ISS_KEY.get_signing_key('rsa', owner=ISS) alg = self.service.service_context.get_sign_alg('userinfo') _resp = self.service.parse_response(resp.to_jwt(sk, algorithm=alg), state='abcde', sformat='jwt') assert _resp
def test_finalize(self): auth_query = self.rph.begin(issuer_id='github') # The authorization query is sent and after successful authentication client = self.rph.get_client_from_session_key( state=auth_query['state']) # register a response p = urlparse( CLIENT_CONFIG['github']['provider_info']['authorization_endpoint']) self.mock_op.register_get_response(p.path, 'Redirect', 302) _ = client.http(auth_query['url']) # the user is redirected back to the RP with a positive response auth_response = AuthorizationResponse(code='access_code', state=auth_query['state']) # need session information and the client instance _session = self.rph.get_session_information(auth_response['state']) client = self.rph.get_client_from_session_key( state=auth_response['state']) # Faking resp = construct_access_token_response( _session['auth_request']['nonce'], issuer=self.issuer, client_id=CLIENT_CONFIG['github']['client_id'], key_jar=GITHUB_KEY) p = urlparse( CLIENT_CONFIG['github']['provider_info']['token_endpoint']) self.mock_op.register_post_response( p.path, resp.to_json(), 200, {'content-type': "application/json"}) _info = OpenIDSchema(sub='EndUserSubject', given_name='Diana', family_name='Krall', occupation='Jazz pianist') p = urlparse( CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint']) self.mock_op.register_get_response( p.path, _info.to_json(), 200, {'content-type': "application/json"}) _github_id = iss_id('github') client.service_context.keyjar.import_jwks( GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id) # do the rest (= get access token and user info) # assume code flow resp = self.rph.finalize(_session['iss'], auth_response.to_dict()) assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'}
def test_fetch_distributed_claims_3(self, httpserver): _url = "https://example.com/claims.json" uinfo = OpenIDSchema( **{ "sub": 'jane_doe', "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "email": "*****@*****.**", "birthdate": "0000-03-22", "eye_color": "blue", "_claim_names": { "credit_score": "src2" }, "_claim_sources": { "src2": { "endpoint": _url, } } }) _claims = {"credit_score": 650} with responses.RequestsMock() as rsps: rsps.add("GET", _url, body=json.dumps(_claims), adding_headers={"Content-Type": "application/json"}, status=200) res = self.client.fetch_distributed_claims( uinfo, callback=access_token_callback) assert 'credit_score' in res
def test_fetch_distributed_claims_3(self, httpserver): _url = httpserver.url uinfo = OpenIDSchema( **{ "sub": 'jane_doe', "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "email": "*****@*****.**", "birthdate": "0000-03-22", "eye_color": "blue", "_claim_names": { "credit_score": "src2" }, "_claim_sources": { "src2": { "endpoint": _url, } } }) httpserver.serve_content(json.dumps({"credit_score": 650})) res = self.client.fetch_distributed_claims( uinfo, callback=access_token_callback) assert 'credit_score' in res
def test_unpack_encrypted_response(self): # Add encryption key _kj = build_keyjar([{"type": "RSA", "use": ["enc"]}], owner='') # Own key jar gets the private key self.service.service_context.keyjar.import_jwks( _kj.export_jwks(private=True), issuer='client_id') # opponent gets the public key ISS_KEY.import_jwks(_kj.export_jwks(), issuer='client_id') resp = OpenIDSchema(sub='diana', given_name='Diana', family_name='krall', iss=ISS, aud='client_id') enckey = ISS_KEY.get_encrypt_key('rsa', owner='client_id') algspec = self.service.service_context.get_enc_alg_enc( self.service.service_name) enc_resp = resp.to_jwe(enckey, **algspec) _resp = self.service.parse_response(enc_resp, state='abcde', sformat='jwt') assert _resp
def __call__(self, url, method="GET", data=None, headers=None, **kwargs): if method == 'GET': p = urlparse(url) if p.path.endswith('authorize'): qp = parse_qs(p.query) self.state = qp['state'][0] self.nonce = qp['nonce'][0] r = MockResponse(302, 'Redirect') r.location = qp['redirect_uri'][0] return r elif p.path.endswith('user'): qp = parse_qs(p.query) if qp['access_token'][0] == 'accessTok': # what else could it be? _info = OpenIDSchema(sub='EndUserSubject', given_name='Diana', family_name='Krall', occupation='Jazz pianist') return MockResponse( 200, _info.to_json(), headers={'content-type': "application/json"}) else: return MockResponse(400, 'Illegal request') else: r = MockResponse(200, 'Some text') return r elif method == 'POST': p = urlparse(url) if p.path.endswith('access_token'): # Content type expected to be urlencoded query = parse_qs(data) resp = self.construct_access_token_response( query['client_id'][0]) r = MockResponse(200, resp.to_json(), headers={'content-type': "application/json"}) return r
def test_fetch_distributed_claims_1(self): _url = "https://example.com/claims.json" # split the example in 5.6.2.2 into two uinfo = OpenIDSchema( **{ "sub": 'jane_doe', "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "email": "*****@*****.**", "birthdate": "0000-03-22", "eye_color": "blue", "_claim_names": { "payment_info": "src1", "shipping_address": "src1", }, "_claim_sources": { "src1": { "endpoint": _url } } }) # Wrong set of claims. Actually extra claim _info = { "shipping_address": { "street_address": "1234 Hollywood Blvd.", "locality": "Los Angeles", "region": "CA", "postal_code": "90210", "country": "US" }, "payment_info": "Some_Card 1234 5678 9012 3456", "phone_number": "+1 (310) 123-4567" } with responses.RequestsMock() as rsps: rsps.add("GET", _url, body=json.dumps(_info), adding_headers={"Content-Type": "application/json"}, status=200) res = self.client.fetch_distributed_claims(uinfo) assert 'payment_info' in res assert 'shipping_address' in res assert 'phone_number' not in res
def test_fetch_distributed_claims_1(self, httpserver): _url = httpserver.url # split the example in 5.6.2.2 into two uinfo = OpenIDSchema( **{ "sub": 'jane_doe', "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "email": "*****@*****.**", "birthdate": "0000-03-22", "eye_color": "blue", "_claim_names": { "payment_info": "src1", "shipping_address": "src1", }, "_claim_sources": { "src1": { "endpoint": _url } } }) # Wrong set of claims. Actually extra claim httpserver.serve_content( json.dumps({ "shipping_address": { "street_address": "1234 Hollywood Blvd.", "locality": "Los Angeles", "region": "CA", "postal_code": "90210", "country": "US" }, "payment_info": "Some_Card 1234 5678 9012 3456", "phone_number": "+1 (310) 123-4567" })) res = self.client.fetch_distributed_claims(uinfo) assert 'payment_info' in res assert 'shipping_address' in res assert 'phone_number' not in res
def test_unpack_simple_response(self): resp = OpenIDSchema(sub='diana', given_name='Diana', family_name='krall') _resp = self.service.parse_response(resp.to_json(), state='abcde') assert _resp