def step_impl(context):
assert context.vendor_config['auth']['strategy'] != 'none', \
ERROR_OAUTH_DISABLED
if context.conformance is None:
assert False, ERROR_BAD_CONFORMANCE
fhir.get_oauth_uris(context.conformance)
def step_impl(context):
assert context.vendor_config['auth']['strategy'] != 'none', \
ERROR_OAUTH_DISABLED
if context.conformance is None:
assert False, ERROR_BAD_CONFORMANCE
fhir.get_oauth_uris(context.conformance)
def token_request(post_data, auth_config, conformance):
""" Make a token request.
Should be modeled after `testsuite.oauth.authorization_code._token_request`.
Args:
post_data (dict): The parameters to send.
auth_config (dict): The vendor auth config.
conformance (dict): The server's conformance statement so that URIs can be determined.
Returns:
A requests Response object.
"""
auth = None
if auth_config.get('confidential_client'):
auth = requests.auth.HTTPBasicAuth(auth_config['client_id'],
auth_config['client_secret'])
uris = fhir.get_oauth_uris(conformance)
response = requests.post(uris['token'],
data=post_data,
allow_redirects=False,
auth=auth,
timeout=5)
return response
def test_get_oauth_uris():
base_url = 'http://example.com/fhir/'
conformance = fhir.get_conformance_statement(base_url)
uris = fhir.get_oauth_uris(conformance)
assert uris['token'] is not None
assert uris['authorize'] is not None
def step_impl(context, field_name):
""" TODO: reduce duplication.
"""
fields = {
'grant_type': 'refresh_token',
'refresh_token': context.oauth.refresh_token,
'scope': context.vendor_config['auth']['scope'],
}
auth = requests.auth.HTTPBasicAuth(context.vendor_config['auth']['client_id'],
context.vendor_config['auth']['client_secret'])
if field_name == 'client_id':
auth = None
else:
del fields[field_name]
uris = fhir.get_oauth_uris(context.conformance)
response = requests.post(uris['token'],
data=fields,
allow_redirects=False,
auth=auth,
timeout=5)
context.response = response
def step_impl(context, action, resource_type):
assert action in AUTHORIZATION_ACTIONS
assert resource_type in s4s.MU_CCDS_MAPPINGS
# Filter the steps to only what is required for this authorization
condition = '{0}.{1}'.format(action, resource_type)
steps = context.vendor_config['versioned_auth'].get('steps', [])
steps = [step for step in steps
if 'when' not in step or step['when'] == condition]
context.vendor_config['versioned_auth']['steps'] = steps
# Construct a modified authorizer
urls = fhir.get_oauth_uris(context.conformance)
authorizer = authorize.Authorizer(config=context.vendor_config['versioned_auth'],
authorize_url=urls['authorize'])
context.oauth.authorizer = authorizer
# Authorize the app as usual
try:
context.code = context.oauth.request_authorization()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
err.args[2],
context.vendor_config['host'],
)
assert False, error
def step_impl(context):
config = context.vendor_config['auth']
if 'cancel_steps' not in config:
context.scenario.skip(reason=ERROR_NO_CANCEL)
return
config['authorize_steps'] = config['cancel_steps']
urls = fhir.get_oauth_uris(context.conformance)
authorizer = authorize.Authorizer(config=context.vendor_config['auth'],
authorize_url=urls['authorize'])
with authorizer:
parameters = authorizer.launch_params
try:
authorizer.ask_for_authorization(parameters)
response = authorizer.provide_user_input()
except authorize.ReturnedErrorException as err:
# This is actually what we want to happen
response = authorizer.runner.get_query()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
err.args[2],
context.vendor_config['host'],
)
assert False, error
context.authorizer = authorizer
context.authorization_sent = parameters
context.authorization_received = response
def step_impl(context, action, resource_type):
assert action in AUTHORIZATION_ACTIONS
assert resource_type in s4s.MU_CCDS_MAPPINGS
# Filter the steps to only what is required for this authorization
condition = '{0}.{1}'.format(action, resource_type)
steps = context.vendor_config['auth'].get('steps', [])
steps = [
step for step in steps
if 'when' not in step or step['when'] == condition
]
context.vendor_config['auth']['steps'] = steps
# Construct a modified authorizer
urls = fhir.get_oauth_uris(context.conformance)
authorizer = authorize.Authorizer(config=context.vendor_config['auth'],
authorize_url=urls['authorize'])
context.oauth.authorizer = authorizer
# Authorize the app as usual
try:
context.code = context.oauth.request_authorization()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
err.args[2],
context.vendor_config['host'],
)
assert False, error
def step_impl(context, field_name):
""" TODO: reduce duplication.
"""
fields = {
'grant_type': 'refresh_token',
'refresh_token': context.oauth.refresh_token,
'scope': context.vendor_config['auth']['scope'],
}
auth = requests.auth.HTTPBasicAuth(
context.vendor_config['auth']['client_id'],
context.vendor_config['auth']['client_secret'])
if field_name == 'client_id':
auth = None
else:
del fields[field_name]
uris = fhir.get_oauth_uris(context.conformance)
response = requests.post(uris['token'],
data=fields,
allow_redirects=False,
auth=auth,
timeout=5)
context.response = response
def token_request(post_data, auth_config, conformance):
""" Make a token request.
Should be modeled after `testsuite.oauth.authorization_code._token_request`.
Args:
post_data (dict): The parameters to send.
auth_config (dict): The vendor auth config.
conformance (dict): The server's conformance statement so that URIs can be determined.
Returns:
A requests Response object.
"""
auth = None
if auth_config.get('confidential_client'):
auth = requests.auth.HTTPBasicAuth(auth_config['client_id'],
auth_config['client_secret'])
uris = fhir.get_oauth_uris(conformance)
response = requests.post(uris['token'],
data=post_data,
allow_redirects=False,
auth=auth,
timeout=5)
return response
def step_impl(context):
config = context.vendor_config['versioned_auth']
if 'cancel_steps' not in config:
context.scenario.skip(reason=ERROR_NO_CANCEL)
return
config['authorize_steps'] = config['cancel_steps']
urls = fhir.get_oauth_uris(context.conformance)
authorizer = authorize.Authorizer(config=context.vendor_config['versioned_auth'],
authorize_url=urls['authorize'])
with authorizer:
parameters = authorizer.launch_params
try:
authorizer.ask_for_authorization(parameters)
response = authorizer.provide_user_input()
except authorize.ReturnedErrorException as err:
# This is actually what we want to happen
response = authorizer.runner.get_query()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
err.args[2],
context.vendor_config['host'],
)
assert False, error
context.authorizer = authorizer
context.authorization_sent = parameters
context.authorization_received = response
def step_impl(context):
urls = fhir.get_oauth_uris(context.conformance)
for endpoint_type, endpoint_url in urls.items():
try:
parsed_url = urlparse(endpoint_url)
if not parsed_url.scheme:
raise ValueError
except ValueError:
assert False, ERROR_CONFORMANCE_MALFORMED_ENDPOINT.format(
endpoint_type,
endpoint_url
)
def authorization_code_factory(config):
""" Build a AuthorizationCodeStrategy.
Returns:
authorization_code.AuthorizationCodeStrategy
"""
auth_config = config['auth']
conformance = fhir.get_conformance_statement(config['api']['url'])
urls = fhir.get_oauth_uris(conformance)
authorizer = authorize.Authorizer(config=auth_config,
authorize_url=urls['authorize'])
return authorization_code.AuthorizationCodeStrategy(
auth_config, urls, authorizer)
def get_authorize_uri(context):
uris = fhir.get_oauth_uris(context.conformance)
authorize_uri = uris['authorize']
# in some cases, we might need to rewrite the authorize URL that comes
# from the conformance statement, such as when all the components are
# interacting through the docker network
authorize_url_rewrite = context.vendor_config['versioned_auth'].get('authorize_url_rewrite')
if authorize_url_rewrite:
authorize_uri = authorize_uri.replace(
authorize_url_rewrite['from_host'],
authorize_url_rewrite['to_host']
)
return authorize_uri
def authorization_code_factory(config):
""" Build a AuthorizationCodeStrategy.
Returns:
authorization_code.AuthorizationCodeStrategy
"""
auth_config = config['versioned_auth']
conformance = fhir.get_conformance_statement(config['versioned_api']['url'])
urls = fhir.get_oauth_uris(conformance)
authorizer = authorize.Authorizer(config=auth_config,
authorize_url=urls['authorize'])
return authorization_code.AuthorizationCodeStrategy(
auth_config,
urls,
authorizer
)
def step_impl(context):
uris = fhir.get_oauth_uris(context.conformance)
revoke_url = uris.get('manage',
context.vendor_config['versioned_auth'].get('revoke_url'))
revoker = authorize.AuthorizationRevoker(context.vendor_config['versioned_auth'],
revoke_url)
try:
with revoker:
revoker.revoke_authorization()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
err.args[2],
context.vendor_config['host'],
)
assert False, error
context.cache.clear()
def step_impl(context):
uris = fhir.get_oauth_uris(context.conformance)
revoke_url = uris.get(
'manage', context.vendor_config['versioned_auth'].get('revoke_url'))
revoker = authorize.AuthorizationRevoker(
context.vendor_config['versioned_auth'], revoke_url)
try:
with revoker:
revoker.revoke_authorization()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
err.args[2],
context.vendor_config['host'],
)
assert False, error
context.cache.clear()
def step_impl(context, field_name):
""" A step 1 implementation with a named field missing.
"""
fields = {
'response_type': 'code',
'client_id': context.vendor_config['auth']['client_id'],
'redirect_uri': context.vendor_config['auth']['redirect_uri'],
'scope': context.vendor_config['auth']['scope'],
'state': uuid.uuid4(),
}
del fields[field_name]
uris = fhir.get_oauth_uris(context.conformance)
response = requests.get(uris['authorize'],
params=fields,
allow_redirects=False,
timeout=5)
context.response = response
def step_impl(context, field_name):
""" A step 1 implementation with a named field missing.
"""
fields = {
'response_type': 'code',
'client_id': context.vendor_config['auth']['client_id'],
'redirect_uri': context.vendor_config['auth']['redirect_uri'],
'scope': context.vendor_config['auth']['scope'],
'state': uuid.uuid4(),
}
del fields[field_name]
uris = fhir.get_oauth_uris(context.conformance)
response = requests.get(uris['authorize'],
params=fields,
allow_redirects=False,
timeout=5)
context.response = response
def step_impl(context):
urls = fhir.get_oauth_uris(context.conformance)
authorizer = authorize.Authorizer(config=context.vendor_config['auth'],
authorize_url=urls['authorize'])
with authorizer:
parameters = authorizer.launch_params
parameters.update(dict(context.table))
try:
authorizer.ask_for_authorization(parameters)
response = authorizer.provide_user_input()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
context.vendor_config['host'],
)
assert False, error
context.authorizer = authorizer
context.authorization_sent = parameters
context.authorization_received = response
def step_impl(context):
urls = fhir.get_oauth_uris(context.conformance)
authorizer = authorize.Authorizer(config=context.vendor_config['auth'],
authorize_url=urls['authorize'])
with authorizer:
parameters = authorizer.launch_params
parameters.update(dict(context.table))
try:
authorizer.ask_for_authorization(parameters)
response = authorizer.provide_user_input()
except authorize.AuthorizationException as err:
error = ERROR_SELENIUM_SCREENSHOT.format(
err.args[0],
err.args[1],
context.vendor_config['host'],
)
assert False, error
context.authorizer = authorizer
context.authorization_sent = parameters
context.authorization_received = response
def token_request(post_data, auth_config, conformance, request_method='POST'):
""" Make a token request.
Should be modeled after `testsuite.oauth.authorization_code._token_request`.
Args:
post_data (dict): The parameters to send.
auth_config (dict): The vendor auth config.
conformance (dict): The server's conformance statement so that URIs can be determined.
request_method (string): GET or POST, determines the request type used to obtain our token.
Returns:
A requests Response object.
"""
auth = None
allow_redirects = False
timeout = 5
if auth_config.get('confidential_client'):
auth = requests.auth.HTTPBasicAuth(auth_config['client_id'],
auth_config['client_secret'])
uris = fhir.get_oauth_uris(conformance)
if request_method == "GET":
response = requests.get(uris['token'],
data=post_data,
allow_redirects=allow_redirects,
auth=auth,
timeout=timeout)
else:
response = requests.post(uris['token'],
data=post_data,
allow_redirects=allow_redirects,
auth=auth,
timeout=timeout)
return response
def token_request(post_data, auth_config, conformance, request_method='POST'):
""" Make a token request.
Should be modeled after `testsuite.oauth.authorization_code._token_request`.
Args:
post_data (dict): The parameters to send.
auth_config (dict): The vendor auth config.
conformance (dict): The server's conformance statement so that URIs can be determined.
request_method (string): GET or POST, determines the request type used to obtain our token.
Returns:
A requests Response object.
"""
auth = None
allow_redirects = False
timeout = 5
if auth_config.get('confidential_client'):
auth = requests.auth.HTTPBasicAuth(auth_config['client_id'],
auth_config['client_secret'])
uris = fhir.get_oauth_uris(conformance)
if request_method == "GET":
response = requests.get(uris['token'],
data=post_data,
allow_redirects=allow_redirects,
auth=auth,
timeout=timeout)
else:
response = requests.post(uris['token'],
data=post_data,
allow_redirects=allow_redirects,
auth=auth,
timeout=timeout)
return response
def step_impl(context, endpoint_type):
urls = fhir.get_oauth_uris(context.conformance)
endpoint_url = urls.get(endpoint_type)
assert endpoint_url is not None, \
ERROR_CONFORMANCE_MISSING_ENDPOINT.format(endpoint_type)
