def process_request(self, request=None, **kwargs): """ :param request: :param kwargs: :return: Dictionary with response information """ if isinstance(request, self.error_cls): return request try: response_args = self._access_token(request, **kwargs) except JWEException as err: return self.error_cls(error="invalid_request", error_description="%s" % err) if isinstance(response_args, ResponseMessage): return response_args _access_token = response_args["access_token"] _cookie = new_cookie( self.endpoint_context, sub=self.endpoint_context.sdb[_access_token]["sub"]) _headers = [("Content-type", "application/json")] resp = {"response_args": response_args, "http_headers": _headers} if _cookie: resp["cookie"] = _cookie return resp
def _create_cookie(self, user, sid, state, client_id): ec = self.session_endpoint.endpoint_context return new_cookie( ec, sub=user, sid=sid, state=state, client_id=client_id, cookie_name=ec.cookie_name["session"], )
def test_authenticated_as_with_cookie(self): authn_item = self.endpoint_context.authn_broker.pick( INTERNETPROTOCOLPASSWORD) method = authn_item[0]["method"] cookie = new_cookie(self.endpoint_context, uid="diana") _info, _time_stamp = method.authenticated_as(cookie) _info = cookie_value(_info["uid"]) assert _info["uid"] == "diana"
def test_new_cookie(): kaka = new_cookie(endpoint_context, "foobar", client_id="client_id", sid="sessionID") assert isinstance(kaka, SimpleCookie) assert {"foobar"} == set(kaka.keys()) val = endpoint_context.cookie_dealer.get_cookie_value(kaka, "foobar") assert isinstance(val, tuple) b64val, ts, typ = val info = cookie_value(b64val) assert set(info.keys()) == {"client_id", "sid"}
def process_request(self, request=None, new_id=True, set_secret=True, **kwargs): try: reg_resp = self.client_registration_setup(request, new_id, set_secret) except Exception as err: return ResponseMessage( error="invalid_configuration_request", error_description="%s" % err ) if "error" in reg_resp: return reg_resp else: _cookie = new_cookie( self.endpoint_context, cookie_name="oidc_op_rp", client_id=reg_resp["client_id"], ) return {"response_args": reg_resp, "cookie": _cookie}
def process_request(self, request=None, **kwargs): """ :param request: :param kwargs: :return: Dictionary with response information """ response_args = self._refresh_access_token(request, **kwargs) if isinstance(response_args, ResponseMessage): return response_args _token = request["refresh_token"].replace(" ", "+") _cookie = new_cookie(self.endpoint_context, sub=self.endpoint_context.sdb[_token]["sub"]) _headers = [("Content-type", "application/json")] resp = {"response_args": response_args, "http_headers": _headers} if _cookie: resp["cookie"] = _cookie return resp
def process_request(self, request=None, **kwargs): """ :param request: :param kwargs: :return: Dictionary with response information """ if isinstance(request, self.error_cls): return request try: if request["grant_type"] == "authorization_code": logger.debug("Access Token Request") response_args = self._access_token(request, **kwargs) elif request["grant_type"] == "refresh_token": logger.debug("Refresh Access Token Request") response_args = self._refresh_access_token(request, **kwargs) else: return self.error_cls(error="invalid_request", error_description="Wrong grant_type") except JWEException as err: return self.error_cls(error="invalid_request", error_description="%s" % err) if isinstance(response_args, ResponseMessage): return response_args if request["grant_type"] == "authorization_code": _token = request["code"].replace(" ", "+") else: _token = request["refresh_token"].replace(" ", "+") _access_token = response_args["access_token"] _cookie = new_cookie( self.endpoint_context, sub=self.endpoint_context.sdb[_access_token]["sub"]) _headers = [("Content-type", "application/json")] resp = {"response_args": response_args, "http_headers": _headers} if _cookie: resp["cookie"] = _cookie return resp
def post_authentication(self, user, request, sid, **kwargs): """ Things that are done after a successful authentication. :param user: :param request: :param sid: :param kwargs: :return: A dictionary with 'response_args' """ response_info = {} # Do the authorization try: permission = self.endpoint_context.authz( user, client_id=request["client_id"]) except ToOld as err: return self.error_response( response_info, "access_denied", "Authentication to old {}".format(err.args), ) except Exception as err: return self.error_response(response_info, "access_denied", "{}".format(err.args)) else: try: self.endpoint_context.sdb.update(sid, permission=permission) except Exception as err: return self.error_response(response_info, "server_error", "{}".format(err.args)) logger.debug("response type: %s" % request["response_type"]) if self.endpoint_context.sdb.is_session_revoked(sid): return self.error_response(response_info, "access_denied", "Session is revoked") response_info = create_authn_response(self, request, sid) logger.debug("Known clients: {}".format( list(self.endpoint_context.cdb.keys()))) try: redirect_uri = get_uri(self.endpoint_context, request, "redirect_uri") except (RedirectURIError, ParameterError) as err: return self.error_response(response_info, "invalid_request", "{}".format(err.args)) else: response_info["return_uri"] = redirect_uri # Must not use HTTP unless implicit grant type and native application # info = self.aresp_check(response_info['response_args'], request) # if isinstance(info, ResponseMessage): # return info _cookie = new_cookie( self.endpoint_context, sub=user, sid=sid, state=request["state"], client_id=request["client_id"], cookie_name=self.endpoint_context.cookie_name["session"], ) # Now about the response_mode. Should not be set if it's obvious # from the response_type. Knows about 'query', 'fragment' and # 'form_post'. if "response_mode" in request: try: response_info = self.response_mode(request, **response_info) except InvalidRequest as err: return self.error_response(response_info, "invalid_request", "{}".format(err.args)) response_info["cookie"] = [_cookie] return response_info