def test_consent_not_given(self, internal_response, internal_request,
consent_verify_endpoint_regex,
consent_registration_endpoint_regex):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, identity_callback)
expected_ticket = "my_ticket"
responses.add(responses.GET, consent_verify_endpoint_regex, status=401)
responses.add(responses.GET,
consent_registration_endpoint_regex,
status=200,
body=expected_ticket)
context = Context()
state = State()
context.state = state
consent_module.save_state(internal_request, state)
resp = consent_module.manage_consent(context, internal_response)
self.assert_redirect(resp, expected_ticket)
self.assert_registstration_req(responses.calls[1].request,
consent_config.CONSENT["sign_key"])
context = Context()
context.state = state
# Verify endpoint of consent service still gives 401 (no consent given)
context, internal_response = consent_module._handle_consent_response(
context)
assert not internal_response.get_attributes()
def test_consent_registration(self):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, lambda: None)
jws = "A_JWS"
responses.add(responses.GET,
"{}/creq/{}".format(consent_config.CONSENT["rest_uri"],
jws),
status=200,
body="ticket")
assert consent_module._consent_registration(jws) == "ticket"
def test_verify_consent(self):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, lambda: None)
consent_id = "1234"
responses.add(responses.GET,
"{}/verify/{}".format(consent_config.CONSENT["rest_uri"],
consent_id),
status=200,
body=json.dumps(FILTER))
assert consent_module._verify_consent(consent_id) == FILTER
def test_verify_consent_false_on_http_400(self):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, lambda: None)
consent_id = "1234"
responses.add(responses.GET,
"{}/verify/{}".format(consent_config.CONSENT["rest_uri"],
consent_id),
status=400)
assert not consent_module._verify_consent(consent_id)
def test_consent_registration_raises_on_http401(self):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, lambda: None)
jws = "A_JWS"
responses.add(responses.GET,
"{}/creq/{}".format(consent_config.CONSENT["rest_uri"],
jws),
status=401)
with pytest.raises(AssertionError):
consent_module._consent_registration(jws)
def test_consent_prev_given(self, internal_response, internal_request,
consent_verify_endpoint_regex):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, identity_callback)
responses.add(responses.GET,
consent_verify_endpoint_regex,
status=200,
body=json.dumps(FILTER))
context = Context()
state = State()
context.state = state
consent_module.save_state(internal_request, state)
context, internal_response = consent_module.manage_consent(
context, internal_response)
assert context
assert "displayName" in internal_response.get_attributes()
def test_consent_handles_connection_error(self, internal_response,
internal_request,
consent_verify_endpoint_regex):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, identity_callback)
state = State()
context = Context()
context.state = state
consent_module.save_state(internal_request, state)
with responses.RequestsMock(
assert_all_requests_are_fired=True) as rsps:
rsps.add(responses.GET,
consent_verify_endpoint_regex,
body=requests.ConnectionError("No connection"))
context, internal_response = consent_module.manage_consent(
context, internal_response)
assert context
assert not internal_response.get_attributes()
def test_consent_full_flow(self, internal_response, internal_request,
consent_verify_endpoint_regex,
consent_registration_endpoint_regex):
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, identity_callback)
expected_ticket = "my_ticket"
context = Context()
state = State()
context.state = state
consent_module.save_state(internal_request, state)
with responses.RequestsMock() as rsps:
rsps.add(responses.GET, consent_verify_endpoint_regex, status=401)
rsps.add(responses.GET,
consent_registration_endpoint_regex,
status=200,
body=expected_ticket)
resp = consent_module.manage_consent(context, internal_response)
self.assert_redirect(resp, expected_ticket)
self.assert_registstration_req(rsps.calls[1].request,
consent_config.CONSENT["sign_key"])
with responses.RequestsMock() as rsps:
# Now consent has been given, consent service returns 200 OK
rsps.add(responses.GET,
consent_verify_endpoint_regex,
status=200,
body=json.dumps(FILTER))
context = Context()
context.state = state
context, internal_response = consent_module._handle_consent_response(
context)
assert internal_response.get_attributes()["displayName"] == ["Test"]
assert internal_response.get_attributes()["co"] == ["example"]
assert "sn" not in internal_response.get_attributes(
) # 'sn' should be filtered
def __init__(self, config):
"""
Creates a satosa proxy base
:type config: satosa.satosa_config.SATOSAConfig
:param config: satosa proxy config
"""
if config is None:
raise ValueError("Missing configuration")
self.config = config
LOGGER.info("Loading backend modules...")
backends = load_backends(self.config, self._auth_resp_callback_func,
self.config.INTERNAL_ATTRIBUTES)
LOGGER.info("Loading frontend modules...")
frontends = load_frontends(self.config, self._auth_req_callback_func,
self.config.INTERNAL_ATTRIBUTES)
self.consent_module = ConsentModule(config,
self._consent_resp_callback_func)
self.account_linking_module = AccountLinkingModule(
config, self._account_linking_callback_func)
# TODO register consent_module endpoints to module_router. Just add to backend list?
if self.consent_module.enabled:
backends["consent"] = self.consent_module
if self.account_linking_module.enabled:
backends["account_linking"] = self.account_linking_module
LOGGER.info("Loading micro services...")
self.request_micro_services = None
self.response_micro_services = None
if "MICRO_SERVICES" in self.config:
self.request_micro_services, self.response_micro_services = load_micro_services(
self.config.PLUGIN_PATH, self.config.MICRO_SERVICES,
self.config.INTERNAL_ATTRIBUTES)
self.module_router = ModuleRouter(frontends, backends)
def test_disabled_consent(self, internal_response):
self.consent_config["enable"] = False
consent_config = SATOSAConfig(self.satosa_config)
consent_module = ConsentModule(consent_config, identity_callback)
assert not consent_module.enabled
