def do_response(self, response_args=None, request=None, client_id="", **kwargs):
if "error" in kwargs and kwargs["error"]:
return Endpoint.do_response(self, response_args, request, **kwargs)
_context = self.endpoint_context
if not client_id:
raise MissingValue("client_id")
# Should I return a JSON or a JWT ?
_cinfo = _context.cdb[client_id]
# default is not to sign or encrypt
try:
sign_alg = _cinfo["userinfo_signed_response_alg"]
sign = True
except KeyError:
sign_alg = ""
sign = False
try:
enc_enc = _cinfo["userinfo_encrypted_response_enc"]
enc_alg = _cinfo["userinfo_encrypted_response_alg"]
encrypt = True
except KeyError:
encrypt = False
enc_alg = enc_enc = ""
if encrypt or sign:
_jwt = JWT(
self.endpoint_context.keyjar,
iss=self.endpoint_context.issuer,
sign=sign,
sign_alg=sign_alg,
encrypt=encrypt,
enc_enc=enc_enc,
enc_alg=enc_alg,
)
resp = _jwt.pack(response_args, recv=client_id)
content_type = "application/jwt"
else:
if isinstance(response_args, dict):
resp = json.dumps(response_args)
else:
resp = response_args.to_json()
content_type = "application/json"
http_headers = [("Content-type", content_type)]
http_headers.extend(OAUTH2_NOCACHE_HEADERS)
return {"response": resp, "http_headers": http_headers}
def do_response(self, response_args=None, request=None, **kwargs):
"""
Gather response information
:param response_args: Things that should be in the response
:param request: The original request
:param kwargs: Extra keyword arguments
:return: A dictionary with 2 keys 'response' and ' http_headers'
"""
if 'error' in kwargs and kwargs['error']:
return Endpoint.do_response(self, response_args, request, **kwargs)
http_headers = [('Content-type', URL_ENCODED)]
http_headers.extend(OAUTH2_NOCACHE_HEADERS)
return {'response': response_args, 'http_headers': http_headers}
def do_response(self, response_args=None, request=None, **kwargs):
if 'error' in kwargs and kwargs['error']:
return Endpoint.do_response(self, response_args, request, **kwargs)
_context = self.endpoint_context
# Should I return a JSON or a JWT ?
_cinfo = _context.cdb[kwargs['client_id']]
# default is not to sign or encrypt
try:
sign_alg = _cinfo['userinfo_signed_response_alg']
sign = True
except KeyError:
sign_alg = ''
sign = False
try:
enc_enc = _cinfo['userinfo_encrypted_response_enc']
enc_alg = _cinfo['userinfo_encrypted_response_alg']
encrypt = True
except KeyError:
encrypt = False
enc_alg = enc_enc = ''
if encrypt or sign:
_jwt = JWT(self.endpoint_context.keyjar,
iss=self.endpoint_context.issuer,
sign=sign, sign_alg=sign_alg, encrypt=encrypt,
enc_enc=enc_enc, enc_alg=enc_alg)
resp = _jwt.pack(response_args['response'],
recv=kwargs['client_id'])
content_type = 'application/jwt'
else:
if isinstance(response_args, dict):
resp = json.dumps(response_args)
else:
resp = response_args.to_json()
content_type = 'application/json'
http_headers = [('Content-type', content_type)]
http_headers.extend(OAUTH2_NOCACHE_HEADERS)
return {'response': resp, 'http_headers': http_headers}
def do_response(self, response_args=None, request=None, **kwargs):
if 'error' in kwargs:
return Endpoint.do_response(self, response_args, request, **kwargs)
_context = self.endpoint_context
# Should I return a JSON or a JWT ?
_cinfo = _context.cdb[kwargs['client_id']]
# default is not to sign or encrypt
sign_encrypt = {'sign': False, 'encrypt': False}
if "userinfo_signed_response_alg" in _cinfo:
sign_encrypt['sign'] = True
if "userinfo_encrypted_response_alg" in _cinfo:
sign_encrypt['encrypt'] = True
if sign_encrypt['sign'] or sign_encrypt['encrypt']:
try:
jwt_args = get_sign_and_encrypt_algorithms(
_context, _cinfo, 'userinfo', **sign_encrypt)
except UnknownAlgorithm as err:
raise OidcEndpointError('Configuration error: {}'.format(err))
_jwt = JWT(_context.keyjar, **jwt_args)
resp = _jwt.pack(payload=response_args)
content_type = 'application/jwt'
else:
if isinstance(response_args, dict):
resp = json.dumps(response_args)
else:
resp = response_args.to_json()
content_type = 'application/json'
http_headers = [('Content-type', content_type)]
http_headers.extend(OAUTH2_NOCACHE_HEADERS)
return {'response': resp, 'http_headers': http_headers}
def __init__(self, endpoint_context, **kwargs):
Endpoint.__init__(self, endpoint_context, **kwargs)
self.scope_to_claims = None
# Add the issuer ID as an allowed JWT target
self.allowed_targets.append("")
def __init__(self, endpoint_context, **kwargs):
Endpoint.__init__(self, endpoint_context, **kwargs)
self.post_parse_request.append(self._post_parse_request)
def __init__(self, endpoint_context, **kwargs):
Endpoint.__init__(self, endpoint_context, **kwargs)
# self.pre_construct.append(self._pre_construct)
self.post_parse_request.append(self._do_request_uri)
self.post_parse_request.append(self._post_parse_request)
self.allowed_request_algorithms = AllowedAlgorithms(ALG_PARAMS)
def __init__(self, endpoint_context, **kwargs):
_csi = kwargs.get('check_session_iframe')
if _csi and not _csi.startswith("http"):
kwargs['check_session_iframe'] = add_path(endpoint_context.issuer,
_csi)
Endpoint.__init__(self, endpoint_context, **kwargs)
def __init__(self, **kwargs):
Endpoint.__init__(self, **kwargs)
self.offset = kwargs.get("offset", 0)
class TestEndpoint(object):
@pytest.fixture(autouse=True)
def create_endpoint(self):
conf = {
"issuer": "https://example.com/",
"password": "******",
"token_expires_in": 600,
"grant_expires_in": 300,
"refresh_token_expires_in": 86400,
"verify_ssl": False,
"endpoint": {},
"jwks": {
"public_path": "jwks.json",
"key_defs": KEYDEFS,
"private_path": "own/jwks.json",
"uri_path": "static/jwks.json",
},
"authentication": {
"anon": {
"acr": INTERNETPROTOCOLPASSWORD,
"class": "oidcendpoint.user_authn.user.NoAuthn",
"kwargs": {
"user": "******"
},
}
},
"template_dir": "template",
}
self.endpoint_context = EndpointContext(conf)
self.endpoint = Endpoint(self.endpoint_context)
def test_parse_urlencoded(self):
self.endpoint.request_format = "urlencoded"
request = REQ.to_urlencoded()
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_url(self):
self.endpoint.request_format = "url"
request = "{}?{}".format(self.endpoint_context.issuer,
REQ.to_urlencoded())
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_json(self):
self.endpoint.request_format = "json"
request = REQ.to_json()
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_dict(self):
# Doesn't matter what request_format is defined
self.endpoint.request_format = "json"
request = REQ.to_dict()
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_jwt(self):
self.endpoint.request_format = "jwt"
kj = self.endpoint_context.keyjar
request = REQ.to_jwt(kj.get_signing_key("RSA"), "RS256")
req = self.endpoint.parse_request(request)
assert req == REQ
def test_construct(self):
msg = self.endpoint.construct(EXAMPLE_MSG, {})
assert set(msg.keys()) == set(EXAMPLE_MSG.keys())
def test_pre_construct(self):
self.endpoint.pre_construct.append(pre)
msg = self.endpoint.construct(EXAMPLE_MSG, {})
assert msg["name"] == "Doe, Jane"
def test_post_construct(self):
self.endpoint.post_construct.append(post)
msg = self.endpoint.construct(EXAMPLE_MSG, {})
assert "request" in msg
def test_do_response_body_json(self):
self.endpoint.response_placement = "body"
self.endpoint.response_format = "json"
msg = self.endpoint.do_response(EXAMPLE_MSG)
assert isinstance(msg, dict)
jmsg = json.loads(msg["response"])
assert set(jmsg.keys()) == set(EXAMPLE_MSG.keys())
def test_do_response_body_urlencoded(self):
self.endpoint.response_placement = "body"
self.endpoint.response_format = "urlencoded"
msg = self.endpoint.do_response(EXAMPLE_MSG)
assert isinstance(msg, dict)
umsg = Message().from_urlencoded(msg["response"])
assert set(umsg.keys()) == set(EXAMPLE_MSG.keys())
def test_do_response_url_query(self):
self.endpoint.response_placement = "url"
self.endpoint.response_format = "urlencoded"
msg = self.endpoint.do_response(EXAMPLE_MSG,
fragment_enc=False,
return_uri="https://example.org/cb")
assert isinstance(msg, dict)
parse_res = urlparse(msg["response"])
assert parse_res.scheme == "https"
assert parse_res.netloc == "example.org"
assert parse_res.path == "/cb"
umsg = Message().from_urlencoded(parse_res.query)
assert set(umsg.keys()) == set(EXAMPLE_MSG.keys())
def test_do_response_url_fragment(self):
self.endpoint.response_placement = "url"
self.endpoint.response_format = "urlencoded"
msg = self.endpoint.do_response(EXAMPLE_MSG,
fragment_enc=True,
return_uri="https://example.org/cb_i")
assert isinstance(msg, dict)
parse_res = urlparse(msg["response"])
assert parse_res.scheme == "https"
assert parse_res.netloc == "example.org"
assert parse_res.path == "/cb_i"
umsg = Message().from_urlencoded(parse_res.fragment)
assert set(umsg.keys()) == set(EXAMPLE_MSG.keys())
def test_endpoint_init():
endp = Endpoint(endpoint_context=None)
assert endp
def __init__(self, endpoint_context, **kwargs):
Endpoint.__init__(self, endpoint_context, **kwargs)
self.pre_construct.append(self.add_endpoints)
class TestEndpoint(object):
@pytest.fixture(autouse=True)
def create_endpoint(self):
conf = {
"issuer":
"https://example.com/",
"password":
"******",
"token_expires_in":
600,
"grant_expires_in":
300,
"refresh_token_expires_in":
86400,
"verify_ssl":
False,
"endpoint": {},
"authentication": [{
'acr': INTERNETPROTOCOLPASSWORD,
'name': 'NoAuthn',
'kwargs': {
'user': '******'
}
}],
'template_dir':
'template'
}
self.endpoint_context = EndpointContext(conf, keyjar=KEYJAR)
self.endpoint = Endpoint(self.endpoint_context)
def test_parse_urlencoded(self):
self.endpoint.request_format = 'urlencoded'
request = REQ.to_urlencoded()
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_url(self):
self.endpoint.request_format = 'url'
request = '{}?{}'.format(self.endpoint_context.issuer,
REQ.to_urlencoded())
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_json(self):
self.endpoint.request_format = 'json'
request = REQ.to_json()
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_dict(self):
# Doesn't matter what request_format is defined
self.endpoint.request_format = 'json'
request = REQ.to_dict()
req = self.endpoint.parse_request(request)
assert req == REQ
def test_parse_jwt(self):
self.endpoint.request_format = 'jwt'
request = REQ.to_jwt(KEYJAR.get_signing_key('RSA'), 'RS256')
req = self.endpoint.parse_request(request)
assert req == REQ
def test_construct(self):
msg = self.endpoint.construct(EXAMPLE_MSG, {})
assert set(msg.keys()) == set(EXAMPLE_MSG.keys())
def test_pre_construct(self):
self.endpoint.pre_construct.append(pre)
msg = self.endpoint.construct(EXAMPLE_MSG, {})
assert msg['name'] == 'Doe, Jane'
def test_post_construct(self):
self.endpoint.post_construct.append(post)
msg = self.endpoint.construct(EXAMPLE_MSG, {})
assert 'request' in msg
def test_do_response_body_json(self):
self.endpoint.response_placement = 'body'
self.endpoint.response_format = 'json'
msg = self.endpoint.do_response(EXAMPLE_MSG)
assert isinstance(msg, dict)
jmsg = json.loads(msg['response'])
assert set(jmsg.keys()) == set(EXAMPLE_MSG.keys())
def test_do_response_body_urlencoded(self):
self.endpoint.response_placement = 'body'
self.endpoint.response_format = 'urlencoded'
msg = self.endpoint.do_response(EXAMPLE_MSG)
assert isinstance(msg, dict)
umsg = Message().from_urlencoded(msg['response'])
assert set(umsg.keys()) == set(EXAMPLE_MSG.keys())
def test_do_response_url_query(self):
self.endpoint.response_placement = 'url'
self.endpoint.response_format = 'urlencoded'
msg = self.endpoint.do_response(EXAMPLE_MSG,
fragment_enc=False,
return_uri='https://example.org/cb')
assert isinstance(msg, dict)
parse_res = urlparse(msg['response'])
assert parse_res.scheme == 'https'
assert parse_res.netloc == 'example.org'
assert parse_res.path == '/cb'
umsg = Message().from_urlencoded(parse_res.query)
assert set(umsg.keys()) == set(EXAMPLE_MSG.keys())
def test_do_response_url_fragment(self):
self.endpoint.response_placement = 'url'
self.endpoint.response_format = 'urlencoded'
msg = self.endpoint.do_response(EXAMPLE_MSG,
fragment_enc=True,
return_uri='https://example.org/cb_i')
assert isinstance(msg, dict)
parse_res = urlparse(msg['response'])
assert parse_res.scheme == 'https'
assert parse_res.netloc == 'example.org'
assert parse_res.path == '/cb_i'
umsg = Message().from_urlencoded(parse_res.fragment)
assert set(umsg.keys()) == set(EXAMPLE_MSG.keys())
def __init__(self, endpoint_context, **kwargs):
Endpoint.__init__(self, endpoint_context, **kwargs)
_csi = self.kwargs.get('check_session_iframe')
if _csi:
self.kwargs.setdefault(add_path(endpoint_context.issuer, _csi))
def __init__(self, endpoint_context, **kwargs):
Endpoint.__init__(self, endpoint_context, **kwargs)
self.post_construct.append(self.create_entity_statement)
self.metadata_api = None
