def test_consent_not_given(self, internal_response, internal_request, consent_verify_endpoint_regex, consent_registration_endpoint_regex): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, identity_callback) expected_ticket = "my_ticket" responses.add(responses.GET, consent_verify_endpoint_regex, status=401) responses.add(responses.GET, consent_registration_endpoint_regex, status=200, body=expected_ticket) context = Context() state = State() context.state = state consent_module.save_state(internal_request, state) resp = consent_module.manage_consent(context, internal_response) self.assert_redirect(resp, expected_ticket) self.assert_registstration_req(responses.calls[1].request, consent_config.CONSENT["sign_key"]) context = Context() context.state = state # Verify endpoint of consent service still gives 401 (no consent given) context, internal_response = consent_module._handle_consent_response( context) assert not internal_response.get_attributes()
def test_consent_registration(self): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, lambda: None) jws = "A_JWS" responses.add(responses.GET, "{}/creq/{}".format(consent_config.CONSENT["rest_uri"], jws), status=200, body="ticket") assert consent_module._consent_registration(jws) == "ticket"
def test_verify_consent(self): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, lambda: None) consent_id = "1234" responses.add(responses.GET, "{}/verify/{}".format(consent_config.CONSENT["rest_uri"], consent_id), status=200, body=json.dumps(FILTER)) assert consent_module._verify_consent(consent_id) == FILTER
def test_verify_consent_false_on_http_400(self): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, lambda: None) consent_id = "1234" responses.add(responses.GET, "{}/verify/{}".format(consent_config.CONSENT["rest_uri"], consent_id), status=400) assert not consent_module._verify_consent(consent_id)
def test_consent_registration_raises_on_http401(self): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, lambda: None) jws = "A_JWS" responses.add(responses.GET, "{}/creq/{}".format(consent_config.CONSENT["rest_uri"], jws), status=401) with pytest.raises(AssertionError): consent_module._consent_registration(jws)
def test_consent_prev_given(self, internal_response, internal_request, consent_verify_endpoint_regex): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, identity_callback) responses.add(responses.GET, consent_verify_endpoint_regex, status=200, body=json.dumps(FILTER)) context = Context() state = State() context.state = state consent_module.save_state(internal_request, state) context, internal_response = consent_module.manage_consent( context, internal_response) assert context assert "displayName" in internal_response.get_attributes()
def test_consent_handles_connection_error(self, internal_response, internal_request, consent_verify_endpoint_regex): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, identity_callback) state = State() context = Context() context.state = state consent_module.save_state(internal_request, state) with responses.RequestsMock( assert_all_requests_are_fired=True) as rsps: rsps.add(responses.GET, consent_verify_endpoint_regex, body=requests.ConnectionError("No connection")) context, internal_response = consent_module.manage_consent( context, internal_response) assert context assert not internal_response.get_attributes()
def test_consent_full_flow(self, internal_response, internal_request, consent_verify_endpoint_regex, consent_registration_endpoint_regex): consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, identity_callback) expected_ticket = "my_ticket" context = Context() state = State() context.state = state consent_module.save_state(internal_request, state) with responses.RequestsMock() as rsps: rsps.add(responses.GET, consent_verify_endpoint_regex, status=401) rsps.add(responses.GET, consent_registration_endpoint_regex, status=200, body=expected_ticket) resp = consent_module.manage_consent(context, internal_response) self.assert_redirect(resp, expected_ticket) self.assert_registstration_req(rsps.calls[1].request, consent_config.CONSENT["sign_key"]) with responses.RequestsMock() as rsps: # Now consent has been given, consent service returns 200 OK rsps.add(responses.GET, consent_verify_endpoint_regex, status=200, body=json.dumps(FILTER)) context = Context() context.state = state context, internal_response = consent_module._handle_consent_response( context) assert internal_response.get_attributes()["displayName"] == ["Test"] assert internal_response.get_attributes()["co"] == ["example"] assert "sn" not in internal_response.get_attributes( ) # 'sn' should be filtered
def __init__(self, config): """ Creates a satosa proxy base :type config: satosa.satosa_config.SATOSAConfig :param config: satosa proxy config """ if config is None: raise ValueError("Missing configuration") self.config = config LOGGER.info("Loading backend modules...") backends = load_backends(self.config, self._auth_resp_callback_func, self.config.INTERNAL_ATTRIBUTES) LOGGER.info("Loading frontend modules...") frontends = load_frontends(self.config, self._auth_req_callback_func, self.config.INTERNAL_ATTRIBUTES) self.consent_module = ConsentModule(config, self._consent_resp_callback_func) self.account_linking_module = AccountLinkingModule( config, self._account_linking_callback_func) # TODO register consent_module endpoints to module_router. Just add to backend list? if self.consent_module.enabled: backends["consent"] = self.consent_module if self.account_linking_module.enabled: backends["account_linking"] = self.account_linking_module LOGGER.info("Loading micro services...") self.request_micro_services = None self.response_micro_services = None if "MICRO_SERVICES" in self.config: self.request_micro_services, self.response_micro_services = load_micro_services( self.config.PLUGIN_PATH, self.config.MICRO_SERVICES, self.config.INTERNAL_ATTRIBUTES) self.module_router = ModuleRouter(frontends, backends)
def test_disabled_consent(self, internal_response): self.consent_config["enable"] = False consent_config = SATOSAConfig(self.satosa_config) consent_module = ConsentModule(consent_config, identity_callback) assert not consent_module.enabled