예제 #1
0
    def create_sdb(self):
        kb = KeyBundle(JWKS["keys"])
        kj = KeyJar()
        kj.issuer_keys[""] = [kb]

        self.sdb = SessionDB(
            "https://example.com/",
            db=DictSessionBackend(),
            code_factory=DefaultToken("supersecret",
                                      "verybadpassword",
                                      typ="A",
                                      lifetime=600),
            token_factory=JWTToken(
                "T",
                keyjar=kj,
                lt_pattern={
                    "code": 3600,
                    "token": 900
                },
                iss="https://example.com/as",
                sign_alg="RS256",
            ),
            refresh_token_factory=JWTToken(
                "R",
                keyjar=kj,
                lt_pattern={"": 24 * 3600},
                iss="https://example.com/as",
                token_storage={},
            ),
        )
예제 #2
0
 def test_get_sids_from_uid_distributed(self):
     db = DictSessionBackend()
     sdb1 = create_session_db("https://example.com/1",
                              "secret",
                              "password",
                              db=db)
     sdb2 = create_session_db("https://example.com/2",
                              "secret",
                              "password",
                              db=db)
     ae = AuthnEvent("sub", "salt", time_stamp=time.time())
     sid1 = sdb1.create_authz_session(ae, AREQ)
     sdb1.do_sub(sid1, "salt")
     sid2 = sdb2.create_authz_session(ae, AREQ)
     sdb2.do_sub(sid2, "salt")
     sdb1sids = sdb1.get_sids_from_uid("sub")
     sdb2sids = sdb2.get_sids_from_uid("sub")
     assert sdb1sids == sdb2sids
예제 #3
0
    def setup_consumer(self, session_db_factory):
        client_id = "client_1"
        client_config = {
            "client_id": client_id,
            "client_authn_method": CLIENT_AUTHN_METHOD,
        }

        self.consumer = Consumer(DictSessionBackend(), CONFIG, client_config,
                                 SERVER_INFO)
        self.consumer.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
        }
        self.consumer.keyjar = CLIKEYS
        self.consumer.redirect_uris = ["https://example.com/cb"]
        self.consumer.authorization_endpoint = "https://example.com/authorization"
        self.consumer.token_endpoint = "https://example.com/token"
        self.consumer.userinfo_endpoint = "https://example.com/userinfo"  # type: ignore
        self.consumer.client_secret = "hemlig"
        self.consumer.secret_type = "basic"
예제 #4
0
    def create_provider(self, session_db_factory):
        self.provider = Provider(
            SERVER_INFO["issuer"],
            session_db_factory(SERVER_INFO["issuer"]),
            self.CDB,
            AUTHN_BROKER,
            USERINFO,
            AUTHZ,
            verify_client,
            SYMKEY,
            urlmap=URLMAP,
            keyjar=KEYJAR,
        )
        self.provider.baseurl = self.provider.name
        self.provider.logout_verify_url = "https://127.0.0.1/logout_verify.html"

        self.cons = Consumer(
            DictSessionBackend(),
            CONSUMER_CONFIG.copy(),
            CLIENT_CONFIG,
            server_info=SERVER_INFO,
        )
        self.cons.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
        }
        self.cons.keyjar[""] = KC_RSA
        self.cons.keyjar.import_jwks(self.provider.keyjar.export_jwks(),
                                     self.cons.issuer)

        self.cons2 = Consumer({},
                              CONSUMER_CONFIG.copy(),
                              CLIENT_CONFIG_2,
                              server_info=SERVER_INFO)
        self.cons2.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
        }
        self.cons2.keyjar[""] = KC_RSA
예제 #5
0
    def create_sdb(self):
        kb = KeyBundle(JWKS["keys"])
        kj = KeyJar()
        kj.issuer_keys[''] = [kb]

        self.sdb = SessionDB(
            "https://example.com/",
            db=DictSessionBackend(),
            code_factory=DefaultToken('supersecret',
                                      'verybadpassword',
                                      typ='A',
                                      lifetime=600),
            token_factory=JWTToken('T',
                                   keyjar=kj,
                                   lt_pattern={
                                       'code': 3600,
                                       'token': 900
                                   },
                                   iss='https://example.com/as',
                                   sign_alg='RS256'),
            refresh_token_factory=JWTToken('R',
                                           keyjar=kj,
                                           lt_pattern={'': 24 * 3600},
                                           iss='https://example.com/as'))
예제 #6
0
    def __init__(
        self,
        session_db,
        consumer_config,
        client_config=None,
        server_info=None,
        debug=False,
        client_prefs=None,
        sso_db=None,
    ):
        """
        Initialize a Consumer instance.

        :param session_db: Where info are kept about sessions
        :param config: Configuration of the consumer
        :param client_config: Client configuration
        :param server_info: Information about the server
        :param client_prefs: Run time preferences, which are chosen depends
        on what the server can do.
        """
        if client_config is None:
            client_config = {}

        Client.__init__(self, **client_config)

        self.consumer_config = consumer_config
        if consumer_config:
            try:
                self.debug = consumer_config["debug"]
            except KeyError:
                self.debug = 0

        if server_info:
            for endpoint in ENDPOINTS:
                try:
                    setattr(self, endpoint, server_info[endpoint])
                except KeyError:
                    setattr(self, endpoint, "")

        if not isinstance(session_db, SessionBackend):
            warnings.warn(
                "Please use `SessionBackend` to ensure proper API for the database.",
                DeprecationWarning,
            )
        self.sdb = session_db

        if sso_db is not None:
            if not isinstance(sso_db, SessionBackend):
                warnings.warn(
                    "Please use `SessionBackend` to ensure proper API for the database.",
                    DeprecationWarning,
                )
            self.sso_db: SessionBackend = sso_db
        else:
            self.sso_db = DictSessionBackend()

        self.debug = debug
        self.seed = ""
        self.nonce = ""
        self.request_filename = ""
        self.request_uri = ""
        self.user_info = None
        self.registration_expires_at = 0
        self.secret_type = "Bearer"
예제 #7
0
 def setUp(self):
     self.backend = DictSessionBackend()
예제 #8
0
class TestSessionBackend(TestCase):
    """Unittests for SessionBackend - using the DictSessionBackend."""
    def setUp(self):
        self.backend = DictSessionBackend()

    def test_setitem(self):
        self.backend["key"] = "value"
        self.assertEqual(self.backend.storage["key"], "value")
        self.backend["key"] = "new_value"
        self.assertEqual(self.backend.storage["key"], "new_value")

    def test_getitem(self):
        self.backend.storage = {"key": "value"}
        self.assertEqual(self.backend["key"], "value")
        with self.assertRaises(KeyError):
            self.backend["missing"]

    def test_delitem(self):
        self.backend.storage = {"key": "value"}
        del self.backend["key"]
        self.assertEqual(self.backend.storage, {})

    def test_contains(self):
        self.backend["key"] = "value"
        self.assertTrue("key" in self.backend)
        self.assertFalse("missing" in self.backend)

    def test_get_by_sub(self):
        self.backend.storage = {"session_id": {"sub": "my_sub"}}
        self.assertEqual(set(self.backend.get_by_sub("my_sub")),
                         {"session_id"})
        self.assertEqual(set(self.backend.get_by_sub("missing")), set())

    def test_get_by_sub_multiple(self):
        self.backend.storage = {
            "session_id1": {
                "sub": "my_sub"
            },
            "session_id2": {
                "sub": "my_sub"
            }
        }
        self.assertEqual(set(self.backend.get_by_sub("my_sub")),
                         {"session_id1", "session_id2"})

    def test_get_by_uid(self):
        aevent = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {"session_id": {"authn_event": aevent}}
        self.assertEqual(set(self.backend.get_by_uid("my_uid")),
                         {"session_id"})
        self.assertEqual(set(self.backend.get_by_uid("missing")), set())

    def test_get_by_uid_multiple(self):
        aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
        aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id1": {
                "authn_event": aevent1
            },
            "session_id2": {
                "authn_event": aevent2
            }
        }
        self.assertEqual(set(self.backend.get_by_uid("my_uid")),
                         {"session_id1", "session_id2"})

    def test_get_client_ids_for_uid(self):
        aevent = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id": {
                "authn_event": aevent,
                "client_id": "my_client"
            }
        }
        self.assertEqual(set(self.backend.get_client_ids_for_uid("my_uid")),
                         {"my_client"})
        self.assertEqual(set(self.backend.get_client_ids_for_uid("missing")),
                         set())

    def test_get_client_ids_for_uid_multiple(self):
        aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
        aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id1": {
                "authn_event": aevent1,
                "client_id": "my_client"
            },
            "session_id2": {
                "authn_event": aevent2,
                "client_id": "my_other"
            }
        }
        self.assertEqual(set(self.backend.get_client_ids_for_uid("my_uid")),
                         {"my_client", "my_other"})

    def test_get_verified_logout(self):
        aevent1 = AuthnEvent("my_uid1", "some_salt").to_json()
        aevent2 = AuthnEvent("my_uid2", "some_salt").to_json()
        self.backend.storage = {
            "session_id": {
                "authn_event": aevent1,
                "verified_logout": "verification key"
            },
            "session_id2": {
                "authn_event": aevent2
            }
        }
        self.assertEqual(self.backend.get_verified_logout("my_uid1"),
                         "verification key")
        self.assertIsNone(self.backend.get_verified_logout("my_uid2"))
        self.assertIsNone(self.backend.get_verified_logout("missing"))

    def test_get_verified_logout_multiple(self):
        aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
        aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id1": {
                "authn_event": aevent1,
                "verified_logout": "verification key"
            },
            "session_id2": {
                "authn_event": aevent2,
                "verified_logout": "verification key"
            }
        }
        self.assertEqual(self.backend.get_verified_logout("my_uid"),
                         "verification key")

    def test_get_token_ids(self):
        aevent = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id": {
                "authn_event": aevent,
                "id_token": "Id token"
            }
        }
        self.assertEqual(set(self.backend.get_token_ids("my_uid")),
                         {"Id token"})
        self.assertEqual(set(self.backend.get_token_ids("missing")), set())

    def test_get_token_ids_multiple(self):
        aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
        aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id1": {
                "authn_event": aevent1,
                "id_token": "Id token 1"
            },
            "session_id2": {
                "authn_event": aevent2,
                "id_token": "Id token 2"
            }
        }
        self.assertEqual(set(self.backend.get_token_ids("my_uid")),
                         {"Id token 1", "Id token 2"})

    def test_is_revoke_uid_false(self):
        aevent = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id": {
                "authn_event": aevent,
                "revoked": False
            }
        }
        self.assertFalse(self.backend.is_revoke_uid("my_uid"))

    def test_is_revoke_uid_true(self):
        aevent = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id": {
                "authn_event": aevent,
                "revoked": True
            }
        }
        self.assertTrue(self.backend.is_revoke_uid("my_uid"))

    def test_is_revoke_uid_multiple(self):
        aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
        aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
        self.backend.storage = {
            "session_id1": {
                "authn_event": aevent1,
                "revoked": True
            },
            "session_id2": {
                "authn_event": aevent2,
                "revoked": False
            }
        }
        self.assertTrue(self.backend.is_revoke_uid("my_uid"))