def test_unpack_aggregated_response_missing_keys(self):
claims = {
"address": {
"street_address": "1234 Hollywood Blvd.",
"locality": "Los Angeles",
"region": "CA",
"postal_code": "90210",
"country": "US"
},
"phone_number": "+1 (555) 123-4567"
}
_keyjar = build_keyjar(KEYSPEC)
srv = JWT(_keyjar, iss=ISS, sign_alg='ES256')
_jwt = srv.pack(payload=claims)
resp = OpenIDSchema(sub='diana', given_name='Diana',
family_name='krall',
_claim_names={
'address': 'src1',
'phone_number': 'src1'
},
_claim_sources={'src1': {'JWT': _jwt}})
_resp = self.service.parse_response(resp.to_json(), state='abcde')
assert _resp
def test_finalize(self):
auth_query = self.rph.begin(issuer_id='github')
# The authorization query is sent and after successful authentication
client = self.rph.get_client_from_session_key(
state=auth_query['state'])
# register a response
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['authorization_endpoint'])
self.mock_op.register_get_response(p.path, 'Redirect', 302)
_ = client.http(auth_query['url'])
# the user is redirected back to the RP with a positive response
auth_response = AuthorizationResponse(code='access_code',
state=auth_query['state'])
# need session information and the client instance
_session = self.rph.get_session_information(auth_response['state'])
client = self.rph.get_client_from_session_key(
state=auth_response['state'])
# Faking
resp = construct_access_token_response(
_session['auth_request']['nonce'],
issuer=self.issuer,
client_id=CLIENT_CONFIG['github']['client_id'],
key_jar=GITHUB_KEY)
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['token_endpoint'])
self.mock_op.register_post_response(
p.path, resp.to_json(), 200, {'content-type': "application/json"})
_info = OpenIDSchema(sub='EndUserSubject',
given_name='Diana',
family_name='Krall',
occupation='Jazz pianist')
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint'])
self.mock_op.register_get_response(
p.path, _info.to_json(), 200, {'content-type': "application/json"})
_github_id = iss_id('github')
client.service_context.keyjar.import_jwks(
GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
# do the rest (= get access token and user info)
# assume code flow
resp = self.rph.finalize(_session['iss'], auth_response.to_dict())
assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'}
def __call__(self, url, method="GET", data=None, headers=None, **kwargs):
if method == 'GET':
p = urlparse(url)
if p.path.endswith('authorize'):
qp = parse_qs(p.query)
self.state = qp['state'][0]
self.nonce = qp['nonce'][0]
r = MockResponse(302, 'Redirect')
r.location = qp['redirect_uri'][0]
return r
elif p.path.endswith('user'):
qp = parse_qs(p.query)
if qp['access_token'][0] == 'accessTok':
# what else could it be?
_info = OpenIDSchema(sub='EndUserSubject',
given_name='Diana',
family_name='Krall',
occupation='Jazz pianist')
return MockResponse(
200,
_info.to_json(),
headers={'content-type': "application/json"})
else:
return MockResponse(400, 'Illegal request')
else:
r = MockResponse(200, 'Some text')
return r
elif method == 'POST':
p = urlparse(url)
if p.path.endswith('access_token'):
# Content type expected to be urlencoded
query = parse_qs(data)
resp = self.construct_access_token_response(
query['client_id'][0])
r = MockResponse(200,
resp.to_json(),
headers={'content-type': "application/json"})
return r
def test_unpack_simple_response(self):
resp = OpenIDSchema(sub='diana', given_name='Diana',
family_name='krall')
_resp = self.service.parse_response(resp.to_json(),
state='abcde')
assert _resp
