def test_scope_who_am_i(provider):
registration_params = {
"application_type": "web",
"response_types": ["code", "token"],
"redirect_uris": "http://example.org"
}
reg_req = RegistrationRequest(**registration_params)
resp = provider.registration_endpoint(reg_req.to_urlencoded())
reg_resp = RegistrationResponse().from_json(resp.message)
auth_req = AuthorizationRequest(
**{
"client_id": reg_resp["client_id"],
"scope": "openid who_am_i",
"response_type": "code token",
"redirect_uri": "http://example.org",
"state": "state0",
"nonce": "nonce0"
})
resp = provider.authorization_endpoint(auth_req.to_urlencoded())
auth_resp = AuthorizationResponse().from_urlencoded(resp.message)
userinfo_req = UserInfoRequest(
**{"access_token": auth_resp["access_token"]})
resp = provider.userinfo_endpoint(userinfo_req.to_urlencoded())
userinfo_resp = AuthorizationResponse().from_json(resp.message)
assert userinfo_resp["given_name"] == "Bruce"
assert userinfo_resp["family_name"] == "Lee"
def test_userinfo_endpoint():
server = provider_init
_session_db = {}
cons = Consumer(_session_db,
CONSUMER_CONFIG,
CLIENT_CONFIG,
server_info=SERVER_INFO)
cons.debug = True
cons.client_secret = "drickyoughurt"
cons.config["response_type"] = ["token"]
cons.config["request_method"] = "parameter"
cons.keyjar[""] = KC_RSA
state, location = cons.begin("openid",
"token",
path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
line = resp.message
path, query = line.split("#")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp3 = server.userinfo_endpoint(request=uir.to_urlencoded())
ident = OpenIDSchema().deserialize(resp3.message, "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
def test_userinfo_endpoint():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO)
cons.debug = True
cons.client_secret = "drickyoughurt"
cons.config["response_type"] = ["token"]
cons.config["request_method"] = "parameter"
cons.keyjar[""] = KC_RSA
location = cons.begin("openid", "token", path="http://localhost:8087")
resp = server.authorization_endpoint(request=location.split("?")[1])
line = resp.message
path, query = line.split("?")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp3 = server.userinfo_endpoint(request=uir.to_urlencoded())
ident = OpenIDSchema().deserialize(resp3.message, "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
assert ident["sub"] == USERDB["username"]["sub"]
def setup_userinfo_endpoint(self):
cons = Consumer(
{},
CONSUMER_CONFIG,
{"client_id": CLIENT_ID},
server_info=SERVER_INFO,
)
cons.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
cons.keyjar[""] = KC_RSA
cons.client_secret = "drickyoughurt"
state, location = cons.begin(
"openid", "token", path=TestConfiguration.get_instance().rp_base)
resp = self.provider.authorization_endpoint(
request=urlparse(location).query)
# redirect
atr = AuthorizationResponse().deserialize(
urlparse(resp.message).fragment, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"],
schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
responses.add(responses.POST,
self.op_base + "userinfo",
body=resp.message,
status=200,
content_type='application/json')
def test_userinfo_endpoint(self):
self.cons.client_secret = "drickyoughurt"
self.cons.config["response_type"] = ["token"]
self.cons.config["request_method"] = "parameter"
state, location = self.cons.begin("openid",
"token",
path="http://localhost:8087")
resp = self.server.authorization_endpoint(
request=location.split("?")[1])
line = resp.message
path, query = line.split("#")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"],
schema="openid")
resp3 = self.server.userinfo_endpoint(request=uir.to_urlencoded())
ident = OpenIDSchema().deserialize(resp3.message, "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
def setup_userinfo_endpoint(self):
cons = Consumer({}, CONSUMER_CONFIG, {"client_id": CLIENT_ID},
server_info=SERVER_INFO, )
cons.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
cons.keyjar[""] = KC_RSA
cons.client_secret = "drickyoughurt"
state, location = cons.begin("openid", "token",
path=TestConfiguration.get_instance().rp_base)
resp = self.provider.authorization_endpoint(
request=urlparse(location).query)
# redirect
atr = AuthorizationResponse().deserialize(
urlparse(resp.message).fragment, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
responses.add(
responses.POST,
self.op_base + "userinfo",
body=resp.message,
status=200,
content_type='application/json')
def test_userinfo_endpoint_malformed(self):
uir = UserInfoRequest(schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded(),
authn='Not a token')
assert json.loads(resp.message) == {'error_description': 'Token is malformed',
'error': 'invalid_request'}
def test_userinfo_endpoint_malformed(self):
uir = UserInfoRequest(schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded(),
authn='Not a token')
assert json.loads(resp.message) == {
'error_description': 'Token is malformed',
'error': 'invalid_request'}
def test_parse_userinfo_requesr(self):
uireq = UserInfoRequest(access_token="access_token")
uencq = uireq.to_urlencoded()
qdict = self.srv.parse_user_info_request(data=uencq)
assert _eq(qdict.keys(), ['access_token'])
assert qdict["access_token"] == "access_token"
url = "https://example.org/userinfo?{}".format(uencq)
qdict = self.srv.parse_user_info_request(data=url)
assert _eq(qdict.keys(), ['access_token'])
assert qdict["access_token"] == "access_token"
def test_parse_userinfo_requesr(self):
uireq = UserInfoRequest(access_token="access_token")
uencq = uireq.to_urlencoded()
qdict = self.srv.parse_user_info_request(data=uencq)
assert _eq(qdict.keys(), ["access_token"])
assert qdict["access_token"] == "access_token"
url = "https://example.org/userinfo?{}".format(uencq)
qdict = self.srv.parse_user_info_request(data=url)
assert _eq(qdict.keys(), ["access_token"])
assert qdict["access_token"] == "access_token"
def test_userinfo_endpoint_authn(self):
self.cons.client_secret = "drickyoughurt"
self.cons.config["response_type"] = ["token"]
self.cons.config["request_method"] = "parameter"
state, location = self.cons.begin("openid", "token", path="http://localhost:8087")
resp = self.provider.authorization_endpoint(request=urlparse(location).query)
# redirect
atr = AuthorizationResponse().deserialize(urlparse(resp.message).fragment, "urlencoded")
uir = UserInfoRequest(schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded(), authn="Bearer " + atr["access_token"])
ident = OpenIDSchema().deserialize(resp.message, "json")
assert _eq(ident.keys(), ["nickname", "sub", "name", "email"])
def test_userinfo_endpoint():
server = provider_init
_session_db = {}
cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
server_info=SERVER_INFO)
cons.debug = True
cons.client_secret = "drickyoughurt"
cons.config["response_type"] = ["token"]
cons.config["request_method"] = "parameter"
cons.keyjar[""] = KC_RSA
environ = BASE_ENVIRON
location = cons.begin(environ, start_response)
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = location.split("?")[1]
resp = server.authorization_endpoint(environ, start_response)
sid = resp[0][len("<form>"):-len("</form>")]
environ2 = create_return_form_env("user", "password", sid)
resp2 = server.authenticated(environ2, start_response)
line = resp2[0]
start = line.index("<title>")
start += len("<title>Redirecting to ")
stop = line.index("</title>")
path, query = line[start:stop].split("?")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = uir.to_urlencoded()
resp3 = server.userinfo_endpoint(environ, start_response)
ident = OpenIDSchema().deserialize(resp3[0], "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
assert ident["sub"] == USERDB["user"]["sub"]
def test_userinfo_endpoint_authn(self):
self.cons.client_secret = "drickyoughurt"
self.cons.config["response_type"] = ["token"]
self.cons.config["request_method"] = "parameter"
state, location = self.cons.begin("openid", "token",
path="http://localhost:8087")
resp = self.provider.authorization_endpoint(
request=urlparse(location).query)
# redirect
atr = AuthorizationResponse().deserialize(
urlparse(resp.message).fragment, "urlencoded")
uir = UserInfoRequest(schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded(),
authn='Bearer ' + atr[
'access_token'])
ident = OpenIDSchema().deserialize(resp.message, "json")
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
def test_userinfo_endpoint(self):
self.cons.client_secret = "drickyoughurt"
self.cons.config["response_type"] = ["token"]
self.cons.config["request_method"] = "parameter"
state, location = self.cons.begin("openid", "token",
path="http://localhost:8087")
resp = self.server.authorization_endpoint(request=location.split("?")[1])
line = resp.message
path, query = line.split("#")
# redirect
atr = AuthorizationResponse().deserialize(query, "urlencoded")
uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
resp3 = self.server.userinfo_endpoint(request=uir.to_urlencoded())
ident = OpenIDSchema().deserialize(resp3.message, "json")
print ident.keys()
assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
def test_scope_who_am_i(provider):
registration_params = {
"application_type": "web",
"response_types": ["code", "token"],
"redirect_uris": "http://example.org"}
reg_req = RegistrationRequest(**registration_params)
resp = provider.registration_endpoint(reg_req.to_urlencoded())
reg_resp = RegistrationResponse().from_json(resp.message)
auth_req = AuthorizationRequest(
**{"client_id": reg_resp["client_id"], "scope": "openid who_am_i",
"response_type": "code token",
"redirect_uri": "http://example.org", "state": "state0", "nonce": "nonce0"})
resp = provider.authorization_endpoint(auth_req.to_urlencoded())
auth_resp = AuthorizationResponse().from_urlencoded(resp.message)
userinfo_req = UserInfoRequest(**{"access_token": auth_resp["access_token"]})
resp = provider.userinfo_endpoint(userinfo_req.to_urlencoded())
userinfo_resp = AuthorizationResponse().from_json(resp.message)
assert userinfo_resp["given_name"] == "Bruce"
assert userinfo_resp["family_name"] == "Lee"
def test_userinfo_endpoint_malformed(self):
uir = UserInfoRequest(schema="openid")
resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded(), authn="Not a token")
assert json.loads(resp.message) == {"error_description": "Token is malformed", "error": "invalid_request"}
