def process_request(self, request=None, **kwargs):
"""
:param request:
:param kwargs:
:return: Dictionary with response information
"""
if isinstance(request, self.error_cls):
return request
try:
response_args = self._access_token(request, **kwargs)
except JWEException as err:
return self.error_cls(error="invalid_request",
error_description="%s" % err)
if isinstance(response_args, ResponseMessage):
return response_args
_access_token = response_args["access_token"]
_cookie = new_cookie(
self.endpoint_context,
sub=self.endpoint_context.sdb[_access_token]["sub"])
_headers = [("Content-type", "application/json")]
resp = {"response_args": response_args, "http_headers": _headers}
if _cookie:
resp["cookie"] = _cookie
return resp
def _create_cookie(self, user, sid, state, client_id):
ec = self.session_endpoint.endpoint_context
return new_cookie(
ec,
sub=user,
sid=sid,
state=state,
client_id=client_id,
cookie_name=ec.cookie_name["session"],
)
def test_authenticated_as_with_cookie(self):
authn_item = self.endpoint_context.authn_broker.pick(
INTERNETPROTOCOLPASSWORD)
method = authn_item[0]["method"]
cookie = new_cookie(self.endpoint_context, uid="diana")
_info, _time_stamp = method.authenticated_as(cookie)
_info = cookie_value(_info["uid"])
assert _info["uid"] == "diana"
def test_new_cookie():
kaka = new_cookie(endpoint_context,
"foobar",
client_id="client_id",
sid="sessionID")
assert isinstance(kaka, SimpleCookie)
assert {"foobar"} == set(kaka.keys())
val = endpoint_context.cookie_dealer.get_cookie_value(kaka, "foobar")
assert isinstance(val, tuple)
b64val, ts, typ = val
info = cookie_value(b64val)
assert set(info.keys()) == {"client_id", "sid"}
def process_request(self, request=None, new_id=True, set_secret=True, **kwargs):
try:
reg_resp = self.client_registration_setup(request, new_id, set_secret)
except Exception as err:
return ResponseMessage(
error="invalid_configuration_request", error_description="%s" % err
)
if "error" in reg_resp:
return reg_resp
else:
_cookie = new_cookie(
self.endpoint_context,
cookie_name="oidc_op_rp",
client_id=reg_resp["client_id"],
)
return {"response_args": reg_resp, "cookie": _cookie}
def process_request(self, request=None, **kwargs):
"""
:param request:
:param kwargs:
:return: Dictionary with response information
"""
response_args = self._refresh_access_token(request, **kwargs)
if isinstance(response_args, ResponseMessage):
return response_args
_token = request["refresh_token"].replace(" ", "+")
_cookie = new_cookie(self.endpoint_context,
sub=self.endpoint_context.sdb[_token]["sub"])
_headers = [("Content-type", "application/json")]
resp = {"response_args": response_args, "http_headers": _headers}
if _cookie:
resp["cookie"] = _cookie
return resp
def process_request(self, request=None, **kwargs):
"""
:param request:
:param kwargs:
:return: Dictionary with response information
"""
if isinstance(request, self.error_cls):
return request
try:
if request["grant_type"] == "authorization_code":
logger.debug("Access Token Request")
response_args = self._access_token(request, **kwargs)
elif request["grant_type"] == "refresh_token":
logger.debug("Refresh Access Token Request")
response_args = self._refresh_access_token(request, **kwargs)
else:
return self.error_cls(error="invalid_request",
error_description="Wrong grant_type")
except JWEException as err:
return self.error_cls(error="invalid_request",
error_description="%s" % err)
if isinstance(response_args, ResponseMessage):
return response_args
if request["grant_type"] == "authorization_code":
_token = request["code"].replace(" ", "+")
else:
_token = request["refresh_token"].replace(" ", "+")
_access_token = response_args["access_token"]
_cookie = new_cookie(
self.endpoint_context,
sub=self.endpoint_context.sdb[_access_token]["sub"])
_headers = [("Content-type", "application/json")]
resp = {"response_args": response_args, "http_headers": _headers}
if _cookie:
resp["cookie"] = _cookie
return resp
def post_authentication(self, user, request, sid, **kwargs):
"""
Things that are done after a successful authentication.
:param user:
:param request:
:param sid:
:param kwargs:
:return: A dictionary with 'response_args'
"""
response_info = {}
# Do the authorization
try:
permission = self.endpoint_context.authz(
user, client_id=request["client_id"])
except ToOld as err:
return self.error_response(
response_info,
"access_denied",
"Authentication to old {}".format(err.args),
)
except Exception as err:
return self.error_response(response_info, "access_denied",
"{}".format(err.args))
else:
try:
self.endpoint_context.sdb.update(sid, permission=permission)
except Exception as err:
return self.error_response(response_info, "server_error",
"{}".format(err.args))
logger.debug("response type: %s" % request["response_type"])
if self.endpoint_context.sdb.is_session_revoked(sid):
return self.error_response(response_info, "access_denied",
"Session is revoked")
response_info = create_authn_response(self, request, sid)
logger.debug("Known clients: {}".format(
list(self.endpoint_context.cdb.keys())))
try:
redirect_uri = get_uri(self.endpoint_context, request,
"redirect_uri")
except (RedirectURIError, ParameterError) as err:
return self.error_response(response_info, "invalid_request",
"{}".format(err.args))
else:
response_info["return_uri"] = redirect_uri
# Must not use HTTP unless implicit grant type and native application
# info = self.aresp_check(response_info['response_args'], request)
# if isinstance(info, ResponseMessage):
# return info
_cookie = new_cookie(
self.endpoint_context,
sub=user,
sid=sid,
state=request["state"],
client_id=request["client_id"],
cookie_name=self.endpoint_context.cookie_name["session"],
)
# Now about the response_mode. Should not be set if it's obvious
# from the response_type. Knows about 'query', 'fragment' and
# 'form_post'.
if "response_mode" in request:
try:
response_info = self.response_mode(request, **response_info)
except InvalidRequest as err:
return self.error_response(response_info, "invalid_request",
"{}".format(err.args))
response_info["cookie"] = [_cookie]
return response_info
