def test_invalid_authorized_response(views_fixture): """Test login.""" app = views_fixture oauth = app.extensions['oauthlib.client'] with app.test_client() as client: # Fake an authorized request # Ensure remote apps have been loaded (due to before first # request) client.get(url_for("invenio_oauthclient.login", remote_app='test')) oauth.remote_apps['test'].handle_oauth2_response = MagicMock( side_effect=JSONDecodeError('Expecting value', '', 0)) state = serializer.dumps({ 'app': 'test', 'sid': _create_identifier(), 'next': None, }) with pytest.raises(JSONDecodeError): client.get( url_for("invenio_oauthclient.authorized", remote_app='test', code='test', state=state))
def test_invalid_authorized_response(): """Test login.""" app = setup_app() oauth = app.extensions['oauthlib.client'] with app.test_client() as client: # Fake an authorized request # Ensure remote apps have been loaded (due to before first # request) client.get(url_for("invenio_oauthclient.login", remote_app='test')) oauth.remote_apps['test'].handle_oauth2_response = MagicMock( side_effect=JSONDecodeError('Expecting value', '', 0) ) state = serializer.dumps({ 'app': 'test', 'sid': _create_identifier(), 'next': None, }) with pytest.raises(JSONDecodeError): client.get(url_for( "invenio_oauthclient.authorized", remote_app='test', code='test', state=state ))
def reset_id(session): """ Resets the _uid in cases that the session becomes invalid Args: session: the Session object """ session["_uid"] = "{}|{}".format(_create_identifier(), uuid4())
def authorized(remote_app=None): """Authorized handler callback.""" if remote_app not in current_oauthclient.handlers: return abort(404) state_token = request.args.get('state') # Verify state parameter try: assert state_token # Checks authenticity and integrity of state and decodes the value. state = serializer.loads(state_token) # Verify that state is for this session, app and that next parameter # have not been modified. assert state['sid'] == _create_identifier() assert state['app'] == remote_app # Store next URL set_session_next_url(remote_app, state['next']) except (AssertionError, BadData): if current_app.config.get( 'OAUTHCLIENT_STATE_ENABLED', True) or (not (current_app.debug or current_app.testing)): abort(403) return current_oauthclient.handlers[remote_app]()
def login(remote_app): """Send user to remote application for authentication.""" oauth = current_app.extensions['oauthlib.client'] if remote_app not in oauth.remote_apps: return abort(404) # Get redirect target in safe manner. next_param = get_safe_redirect_target(arg='next') # Redirect URI - must be registered in the remote service. callback_url = url_for( '.authorized', remote_app=remote_app, _external=True, ) # Create a JSON Web Token that expires after OAUTHCLIENT_STATE_EXPIRES # seconds. state_token = serializer.dumps({ 'app': remote_app, 'next': next_param, 'sid': _create_identifier(), }) return oauth.remote_apps[remote_app].authorize( callback=callback_url, state=state_token, )
def resetID(session): """ arguments: session -- (Session) the session object resets the _uid in cases that the session becomes invalid """ session["_uid"] = "{}|{}".format(_create_identifier(), uuid4())
def isSessionSecure(session): """ arguments: session -- (Session) the session object checks if the user is the one who created the session. """ if( "_uid" in session): if not _create_identifier() in session["_uid"]: return False return True else : return False
def authorized(remote_app=None): """Authorized handler callback.""" if remote_app not in current_oauthclient.handlers: return abort(404) state_token = request.args.get('state') # Verify state parameter try: assert state_token # Checks authenticity and integrity of state and decodes the value. state = serializer.loads(state_token) # Verify that state is for this session, app and that next parameter # have not been modified. assert state['sid'] == _create_identifier() assert state['app'] == remote_app # Store next URL set_session_next_url(remote_app, state['next']) except (AssertionError, BadData): if current_app.config.get('OAUTHCLIENT_STATE_ENABLED', True) or ( not(current_app.debug or current_app.testing)): abort(403) return current_oauthclient.handlers[remote_app]()
def get_state(app='test'): return serializer.dumps({'app': app, 'sid': _create_identifier(), 'next': None, })
def test_authorized(): """Test login.""" handled = {} def test_authorized_handler(resp, remote, *args, **kwargs): """Save configuration.""" handled['resp'] = resp handled['remote'] = remote handled['args'] = args handled['kwargs'] = kwargs return "TEST" def test_invalid_authorized_handler(resp, remote, *args, **kwargs): """Set wrong configuration.""" handled['resp'] = 1 handled['remote'] = 1 handled['args'] = 1 handled['kwargs'] = 1 app = setup_app(test_authorized_handler, test_invalid_authorized_handler) with app.test_client() as client: # Ensure remote apps have been loaded (due to before first # request) client.get(url_for("invenio_oauthclient.login", remote_app='test')) mock_response(app.extensions['oauthlib.client'], 'test') mock_response(app.extensions['oauthlib.client'], 'test_invalid') from invenio_oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'test', 'sid': _create_identifier(), 'next': None, }) resp = client.get( url_for( "invenio_oauthclient.authorized", remote_app='test', code='test', state=state ) ) assert resp.data == b"TEST" assert handled['remote'].name == 'test' assert not handled['args'] assert not handled['kwargs'] assert handled['resp']['access_token'] == 'test_access_token' state = serializer.dumps({ 'app': 'test_invalid', 'sid': _create_identifier(), 'next': None, }) # handler should be return something with pytest.raises(ValueError): client.get(url_for( "invenio_oauthclient.authorized", remote_app='test_invalid', code='test', state=state, ))
def test_authorized(base_app, params): """Test login.""" app = base_app handled = {} def test_authorized_handler(resp, remote, *args, **kwargs): """Save configuration.""" handled['resp'] = resp handled['remote'] = remote handled['args'] = args handled['kwargs'] = kwargs return "TEST" def test_invalid_authorized_handler(resp, remote, *args, **kwargs): """Set wrong configuration.""" handled['resp'] = 1 handled['remote'] = 1 handled['args'] = 1 handled['kwargs'] = 1 base_app.config['OAUTHCLIENT_REMOTE_APPS'].update( dict( test=dict( authorized_handler=test_authorized_handler, params=params('testid'), title='MyLinkedTestAccount', ), test_invalid=dict( authorized_handler=test_invalid_authorized_handler, params=params('test_invalidid'), title='Test Invalid', ), full=dict( params=params("fullid"), title='Full', ), )) FlaskOAuth(app) InvenioOAuthClient(app) base_app.register_blueprint(blueprint_client) base_app.register_blueprint(blueprint_settings) with app.test_client() as client: # Ensure remote apps have been loaded (due to before first # request) client.get(url_for("invenio_oauthclient.login", remote_app='test')) mock_response(app.extensions['oauthlib.client'], 'test') mock_response(app.extensions['oauthlib.client'], 'test_invalid') from invenio_oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'test', 'sid': _create_identifier(), 'next': None, }) resp = client.get( url_for("invenio_oauthclient.authorized", remote_app='test', code='test', state=state)) assert resp.data == b"TEST" assert handled['remote'].name == 'test' assert not handled['args'] assert not handled['kwargs'] assert handled['resp']['access_token'] == 'test_access_token' state = serializer.dumps({ 'app': 'test_invalid', 'sid': _create_identifier(), 'next': None, }) # handler should be return something with pytest.raises(ValueError): client.get( url_for( "invenio_oauthclient.authorized", remote_app='test_invalid', code='test', state=state, ))
def test_authorized(base_app, params): """Test login.""" app = base_app handled = {} def test_authorized_handler(resp, remote, *args, **kwargs): """Save configuration.""" handled['resp'] = resp handled['remote'] = remote handled['args'] = args handled['kwargs'] = kwargs return "TEST" def test_invalid_authorized_handler(resp, remote, *args, **kwargs): """Set wrong configuration.""" handled['resp'] = 1 handled['remote'] = 1 handled['args'] = 1 handled['kwargs'] = 1 base_app.config['OAUTHCLIENT_REMOTE_APPS'].update( dict( test=dict( authorized_handler=test_authorized_handler, params=params('testid'), title='MyLinkedTestAccount', ), test_invalid=dict( authorized_handler=test_invalid_authorized_handler, params=params('test_invalidid'), title='Test Invalid', ), full=dict( params=params("fullid"), title='Full', ), ) ) FlaskOAuth(app) InvenioOAuthClient(app) base_app.register_blueprint(blueprint_client) base_app.register_blueprint(blueprint_settings) with app.test_client() as client: # Ensure remote apps have been loaded (due to before first # request) client.get(url_for("invenio_oauthclient.login", remote_app='test')) mock_response(app.extensions['oauthlib.client'], 'test') mock_response(app.extensions['oauthlib.client'], 'test_invalid') from invenio_oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'test', 'sid': _create_identifier(), 'next': None, }) resp = client.get( url_for( "invenio_oauthclient.authorized", remote_app='test', code='test', state=state ) ) assert resp.data == b"TEST" assert handled['remote'].name == 'test' assert not handled['args'] assert not handled['kwargs'] assert handled['resp']['access_token'] == 'test_access_token' state = serializer.dumps({ 'app': 'test_invalid', 'sid': _create_identifier(), 'next': None, }) # handler should be return something with pytest.raises(ValueError): client.get(url_for( "invenio_oauthclient.authorized", remote_app='test_invalid', code='test', state=state, ))
def _get_state(): return serializer.dumps({'app': 'orcid', 'sid': _create_identifier(), 'next': None, })