예제 #1
0
def test_stateID():
    seed = rndstr().encode("utf-8")
    sid0 = stateID("http://example.com/home", seed)
    sid1 = stateID("http://example.com/home", seed)
    assert sid0
    assert sid1
    assert sid0 != sid1
예제 #2
0
def test_stateID():
    seed = rndstr()
    sid0 = stateID("http://example.com/home", seed)
    sid1 = stateID("http://example.com/home", seed)
    assert sid0
    assert sid1
    assert sid0 != sid1
예제 #3
0
def test_factory():
    sdb = DictSessionBackend()
    consumer = Consumer(
        sdb,
        client_config=CLIENT_CONFIG,
        server_info=SERVER_INFO,
        settings=CLIENT_SETTINGS,
        **CONSUMER_CONFIG,
    )
    sid = stateID("https://example.org/", consumer.seed)
    _state = sid
    consumer._backup(sid)
    consumer.sdb["seed:%s" % consumer.seed] = sid

    kaka = make_cookie(CLIENT_CONFIG["client_id"],
                       _state,
                       consumer.seed,
                       expire=360,
                       path="/")

    _oac = factory(
        kaka[1],
        sdb,
        CLIENT_CONFIG["client_id"],
        client_config=CLIENT_CONFIG,
        server_info=SERVER_INFO,
        **CONSUMER_CONFIG,
    )

    assert _oac.client_id == consumer.client_id
    assert _oac.seed == consumer.seed
예제 #4
0
def test_factory():
    _session_db = {}
    cons = Consumer(_session_db,
                    client_config=CLIENT_CONFIG,
                    server_info=SERVER_INFO,
                    **CONSUMER_CONFIG)

    sid = stateID("https://example.org/", cons.seed)
    cons.state = sid
    cons._backup(sid)
    cons.sdb["seed:%s" % cons.seed] = sid

    kaka = make_cookie(CLIENT_CONFIG["client_id"],
                       cons.state,
                       cons.seed,
                       expire=360,
                       path="/")

    _oac = factory(kaka[1],
                   _session_db,
                   CLIENT_CONFIG["client_id"],
                   client_config=CLIENT_CONFIG,
                   server_info=SERVER_INFO,
                   **CONSUMER_CONFIG)

    assert _oac
    assert _oac.state == cons.state
    assert _oac.seed == cons.seed
예제 #5
0
def test_factory():
    sdb = {}
    consumer = Consumer(sdb, client_config=CLIENT_CONFIG,
                        server_info=SERVER_INFO, **CONSUMER_CONFIG)
    sid = stateID("https://example.org/", consumer.seed)
    _state = sid
    consumer._backup(sid)
    consumer.sdb["seed:%s" % consumer.seed] = sid

    kaka = make_cookie(CLIENT_CONFIG["client_id"], _state, consumer.seed,
                       expire=360, path="/")

    _oac = factory(kaka[1], sdb, CLIENT_CONFIG["client_id"],
                   client_config=CLIENT_CONFIG, server_info=SERVER_INFO,
                   **CONSUMER_CONFIG)

    assert _oac.client_id == consumer.client_id
    assert _oac.seed == consumer.seed
예제 #6
0
    def begin(self,
              scope="",
              response_type="",
              use_nonce=False,
              path="",
              **kwargs):
        """ Begin the OIDC flow

        :param scope: Defines which user info claims is wanted
        :param response_type: Controls the parameters returned in the
            response from the Authorization Endpoint
        :param use_nonce: If not implicit flow nonce is optional.
            This defines if it should be used anyway.
        :param path: The path part of the redirect URL
        :return: A 2-tuple, session identifier and URL to which the user
            should be redirected
        """
        _log_info = logger.info

        if self.debug:
            _log_info("- begin -")

        _page = self.consumer_config["authz_page"]
        if not path.endswith("/"):
            if _page.startswith("/"):
                self.redirect_uris = [path + _page]
            else:
                self.redirect_uris = ["%s/%s" % (path, _page)]
        else:
            if _page.startswith("/"):
                self.redirect_uris = [path + _page[1:]]
            else:
                self.redirect_uris = ["%s/%s" % (path, _page)]

        # Put myself in the dictionary of sessions, keyed on session-id
        if not self.seed:
            self.seed = rndstr()

        if not scope:
            scope = self.consumer_config["scope"]
        if not response_type:
            response_type = self.consumer_config["response_type"]

        sid = stateID(path, self.seed)
        self.grant[sid] = Grant(seed=self.seed)

        self._backup(sid)
        self.sdb["seed:%s" % self.seed] = sid

        args = {
            "client_id": self.client_id,
            "state": sid,
            "response_type": response_type,
            "scope": scope,
        }

        # nonce is REQUIRED in implicit flow,
        # OPTIONAL on code flow.
        if "token" in response_type or use_nonce:
            args["nonce"] = rndstr(12)
            self.state2nonce[sid] = args['nonce']

        if "max_age" in self.consumer_config:
            args["max_age"] = self.consumer_config["max_age"]

        _claims = None
        if "user_info" in self.consumer_config:
            _claims = ClaimsRequest(userinfo=Claims(
                **self.consumer_config["user_info"]))
        if "id_token" in self.consumer_config:
            if _claims:
                _claims["id_token"] = Claims(
                    **self.consumer_config["id_token"])
            else:
                _claims = ClaimsRequest(id_token=Claims(
                    **self.consumer_config["id_token"]))

        if _claims:
            args["claims"] = _claims

        if "request_method" in self.consumer_config:
            areq = self.construct_AuthorizationRequest(request_args=args,
                                                       extra_args=None,
                                                       request_param="request")

            if self.consumer_config["request_method"] == "file":
                id_request = areq["request"]
                del areq["request"]
                _filedir = self.consumer_config["temp_dir"]
                _webpath = self.consumer_config["temp_path"]
                _name = rndstr(10)
                filename = os.path.join(_filedir, _name)
                while os.path.exists(filename):
                    _name = rndstr(10)
                    filename = os.path.join(_filedir, _name)
                fid = open(filename, mode="w")
                fid.write(id_request)
                fid.close()
                _webname = "%s%s/%s" % (path, _webpath, _name)
                areq["request_uri"] = _webname
                self.request_uri = _webname
                self._backup(sid)
        else:
            if "userinfo_claims" in args:  # can only be carried in an IDRequest
                raise PyoidcError("Need a request method")

            areq = self.construct_AuthorizationRequest(AuthorizationRequest,
                                                       request_args=args)

        location = areq.request(self.authorization_endpoint)

        if self.debug:
            _log_info("Redirecting to: %s" % location)

        return sid, location
예제 #7
0
    def begin(self, scope="", response_type="", use_nonce=False, path="",
              **kwargs):
        """ Begin the OIDC flow

        :param scope: Defines which user info claims is wanted
        :param response_type: Controls the parameters returned in the
            response from the Authorization Endpoint
        :param use_nonce: If not implicit flow nonce is optional.
            This defines if it should be used anyway.
        :param path: The path part of the redirect URL
        :return: A 2-tuple, session identifier and URL to which the user
            should be redirected
        """
        _log_info = logger.info

        if self.debug:
            _log_info("- begin -")

        _page = self.consumer_config["authz_page"]
        if not path.endswith("/"):
            if _page.startswith("/"):
                self.redirect_uris = [path + _page]
            else:
                self.redirect_uris = ["%s/%s" % (path, _page)]
        else:
            if _page.startswith("/"):
                self.redirect_uris = [path + _page[1:]]
            else:
                self.redirect_uris = ["%s/%s" % (path, _page)]

        # Put myself in the dictionary of sessions, keyed on session-id
        if not self.seed:
            self.seed = rndstr()

        if not scope:
            scope = self.consumer_config["scope"]
        if not response_type:
            response_type = self.consumer_config["response_type"]

        sid = stateID(path, self.seed)
        self.grant[sid] = Grant(seed=self.seed)

        self._backup(sid)
        self.sdb["seed:%s" % self.seed] = sid

        args = {
            "client_id": self.client_id,
            "state": sid,
            "response_type": response_type,
            "scope": scope,
        }

        # nonce is REQUIRED in implicit flow,
        # OPTIONAL on code flow.
        if "token" in response_type or use_nonce:
            args["nonce"] = rndstr(12)
            self.state2nonce[sid] = args['nonce']

        if "max_age" in self.consumer_config:
            args["max_age"] = self.consumer_config["max_age"]

        _claims = None
        if "user_info" in self.consumer_config:
            _claims = ClaimsRequest(
                userinfo=Claims(**self.consumer_config["user_info"]))
        if "id_token" in self.consumer_config:
            if _claims:
                _claims["id_token"] = Claims(**self.consumer_config["id_token"])
            else:
                _claims = ClaimsRequest(
                    id_token=Claims(**self.consumer_config["id_token"]))

        if _claims:
            args["claims"] = _claims

        if "request_method" in self.consumer_config:
            areq = self.construct_AuthorizationRequest(
                request_args=args, extra_args=None,
                request_param="request")

            if self.consumer_config["request_method"] == "file":
                id_request = areq["request"]
                del areq["request"]
                _filedir = self.consumer_config["temp_dir"]
                _webpath = self.consumer_config["temp_path"]
                _name = rndstr(10)
                filename = os.path.join(_filedir, _name)
                while os.path.exists(filename):
                    _name = rndstr(10)
                    filename = os.path.join(_filedir, _name)
                fid = open(filename, mode="w")
                fid.write(id_request)
                fid.close()
                _webname = "%s%s/%s" % (path, _webpath, _name)
                areq["request_uri"] = _webname
                self.request_uri = _webname
                self._backup(sid)
        else:
            if "userinfo_claims" in args:  # can only be carried in an IDRequest
                raise PyoidcError("Need a request method")

            areq = self.construct_AuthorizationRequest(AuthorizationRequest,
                                                       request_args=args)

        location = areq.request(self.authorization_endpoint)

        if self.debug:
            _log_info("Redirecting to: %s" % location)

        return sid, location