コード例 #1
0
ファイル: client.py プロジェクト: dv10den/pyuma 
 def create_authorization_data_request(self, userid, ticket):
     adr = AuthorizationDataRequest(
         ticket=ticket, rpt=self.token[userid]["RPT"])
     _aat = self.token[userid]["AAT"]["access_token"]
     kwargs = {"headers": {"Authorization": "Bearer %s" % _aat},
               "data": adr.to_json()}
     return kwargs
コード例 #2
0
ファイル: client.py プロジェクト: rohe/pyuma 
 def create_authorization_data_request(self, userid, ticket):
     adr = AuthorizationDataRequest(
         ticket=ticket, rpt=self.token[userid]["RPT"])
     _aat = self.token[userid]["AAT"]["access_token"]
     kwargs = {"headers": {"Authorization": "Bearer %s" % _aat},
               "data": adr.to_json()}
     return kwargs
コード例 #3
0
ファイル: test_20_as.py プロジェクト: rohe/pyuma 
    def test_rpt_endpoint(self):
        """
        A couple of things have to happen before any action can occur on
        the rpt endpoint.
        1. registration of Resource set
        2. Registration of a permission request
        3. Registration of an authorization
        """
        # (1) register resource set
        read_write = [SCOPES[s] for s in ['read', 'write']]
        rsd = ResourceSetDescription(name='foo', scopes=read_write)

        resp = self.uas.resource_set_registration_endpoint_(
            "alice", RSR_PATH, method="POST", body=rsd.to_json(),
            client_id="12345678")
        rsid = StatusResponse().from_json(resp.message)['_id']

        # (2) register a permission request
        read_write = [SCOPES[s] for s in ['read', 'write']]
        perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
                                                 scopes=read_write)

        resp = self.uas.permission_registration_endpoint_(
            owner="alice", request=perm_reg.to_json(), client_id="12345678")

        assert isinstance(resp, Created)
        ticket = json.loads(resp.message)['ticket']

        # (3) registration of authorization
        permission = {'resource_set_id': rsid, 'scopes': read_write,
                      'require': {'sub': 'roger'}}
        adb = self.uas.get_adb("12345678")
        adb.store_permission(permission, 'alice')

        # Get an RPT. This should work
        req = AuthorizationDataRequest(ticket=ticket)
        resp = self.uas.rpt_endpoint_('roger', '12345678',
                                      request=req.to_json())
        assert resp
コード例 #4
0
    def rpt_endpoint_(self, entity, client_id, **kwargs):
        """
        Registers an Authorization Description

        :param entity: Who's on the other side
        :param client_id: The UMA client
        :return: A Response instance
        """
        adb = self.get_adb(client_id)
        adr = AuthorizationDataRequest().from_json(kwargs["request"])
        rpt = adb.issue_rpt(adr['ticket'], {'sub': entity})
        rsp = AuthorizationDataResponse(rpt=rpt)
        return Response(rsp.to_json())
コード例 #5
0
ファイル: test_seq_1.py プロジェクト: rohe/pyuma 
# Fake authentication event
authn_event = AuthnEvent(REQUESTOR,
                         identity.get('salt', ''),
                         authn_info="UserPassword",
                         time_stamp=int(time.time()))

areq = AuthorizationRequest(**request_args)
sid = authzsrv.sdb.create_authz_session(authn_event, areq)
grant = authzsrv.sdb[sid]["code"]
_uma_client.token[REQUESTOR] = {"AAT": authzsrv.sdb.upgrade_to_token(grant)}

# Get a RPT from the AS using the AAT as authentication and the ticket
# received in (3).

authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"]
request = AuthorizationDataRequest(ticket=ticket)
resp = authzsrv.rpt_endpoint(authn, request=request.to_json())

rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]

# Introspection of the RPT

pat = ressrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)

request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method["bearer_header"](ressrv).construct(
    ir, request_args=request_args)
コード例 #6
0
ファイル: test_seq_rs.py プロジェクト: rohe/pyuma 
# Fake authentication event
authn_event = AuthnEvent(REQUESTOR, identity.get('salt', ''),
                         authn_info="UserPassword",
                         time_stamp=int(time.time()))

areq = AuthorizationRequest(**request_args)
sid = authzsrv.sdb.create_authz_session(authn_event, areq)
grant = authzsrv.sdb[sid]["code"]
_uma_client.token[REQUESTOR] = {"AAT": authzsrv.sdb.upgrade_to_token(grant)}

# >>> C->AS: UMA3.5.1 POST plain authz data request with
# permission ticket at RPT endpoint

authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"]
request = AuthorizationDataRequest(ticket=ticket)

# >>> AS->C: UMA3.5.3 Return success and RPT
resp = authzsrv.rpt_endpoint(authn, request=request.to_json())

rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]

# >>> C->RS: UMA3.1.2 Attempt resource access with RPT

# Introspection of the RPT
# >>> RS->AS: UMA3.4.2 POST to token introspection endpoint
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
コード例 #7
0
ファイル: authzsrv.py プロジェクト: simudream/pyuma 
    def rpt_endpoint_(self, entity, client_id, **kwargs):
        """
        Registers an Authorization Description

        :param entity: Who's on the other side
        :param client_id: The UMA client
        :return: A Response instance
        """

        adr = AuthorizationDataRequest().from_json(kwargs["request"])

        # Get request permission that the resource server has registered
        try:
            prr_list = self.permission_requests.get_request(adr["ticket"])
        except KeyError:
            errmsg = ErrorResponse(error="invalid_ticket")
            return BadRequest(errmsg.to_json(), content="application/json")

        self.permission_requests.del_request(adr["ticket"])
        try:
            _rpt = adr["rpt"]
        except KeyError:
            _rpt = rndstr(32)

        for prr in prr_list:
            _rsid = prr["resource_set_id"]

            # Verify that the scopes are defined for the resource set
            owner = self.resource_set.rsid2oid[_rsid]
            rsd = self.resource_set.read(owner, _rsid)
            for scope in prr["scopes"]:
                try:
                    assert scope in rsd["scopes"]
                except AssertionError:
                    errmsg = ErrorResponse(
                        error="not_authorized",
                        error_description="Undefined scopes")
                    return BadRequest(errmsg.to_json(),
                                      content="application/json")

            # Is there any permissions registered by the owner, if so verify
            # that it allows what is requested. Return what is allowed !

            try:
                allow_scopes, timestamp = self.permit.get_permit(
                    owner, entity, _rsid)
            except KeyError:  #
                errmsg = ErrorResponse(error="not_authorized",
                                       error_description="No permission given")
                return BadRequest(errmsg.to_json(), content="application/json")
            else:
                _scopes = []
                for scope in prr["scopes"]:
                    try:
                        assert scope in allow_scopes
                    except AssertionError:
                        pass
                    else:
                        _scopes.append(scope)

                # bind _requester to specific RPT for this user
                try:
                    self.eid2rpt[owner][entity] = _rpt
                except KeyError:
                    self.eid2rpt[owner] = {entity: _rpt}

                self.register_permission(owner, _rpt, _rsid, _scopes)

        rsp = AuthorizationDataResponse(rpt=_rpt)

        return Response(rsp.to_json())