예제 #1
0
 def handle_response(self, context):
     auth_info = AuthenticationInformation("test", str(datetime.now()),
                                           "test_issuer")
     internal_resp = InternalResponse(auth_info=auth_info)
     internal_resp.attributes = context.request
     internal_resp.user_id = "test_user"
     return self.auth_callback_func(context, internal_resp)
예제 #2
0
    def test_handle_authn_response_returns_id_token_for_verified_affiliation(
            self, signing_key_path, context, scope_value, affiliation):
        authn_req = AuthorizationRequest(
            scope='openid ' + scope_value,
            client_id='client1',
            redirect_uri='https://client.example.com',
            response_type='id_token')
        context.state[self.frontend.name] = {
            'oidc_request': authn_req.to_urlencoded()
        }
        internal_response = InternalResponse(
            AuthenticationInformation(None, str(datetime.now()),
                                      'https://idp.example.com'))
        internal_response.attributes['affiliation'] = [affiliation]
        internal_response.user_id = 'user1'

        resp = self.frontend.handle_authn_response(context, internal_response)
        auth_resp = AuthorizationResponse().from_urlencoded(
            urlparse(resp.message).fragment)

        id_token = IdToken().from_jwt(
            auth_resp['id_token'],
            key=[RSAKey(key=rsa_load(signing_key_path))])
        assert id_token['iss'] == self.frontend.base_url
        assert id_token['aud'] == ['client1']
        assert id_token['auth_time'] == internal_response.auth_info.timestamp
예제 #3
0
def internal_response():
    auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer")
    internal_response = InternalResponse(auth_info=auth_info)
    internal_response.set_user_id_hash_type(UserIdHashType.persistent)
    internal_response.add_attributes(
            {"displayName": "Test", "co": "example", "sn": "removed_by_filter"})
    internal_response.user_id = "usrID"
    return internal_response
예제 #4
0
    def setup_for_authn_response(self, context, frontend, auth_req):
        context.state[frontend.name] = {"oidc_request": auth_req.to_urlencoded()}

        auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", "unittest_idp.xml")
        internal_response = InternalResponse(auth_info=auth_info)
        internal_response.attributes = AttributeMapper(INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
        internal_response.user_id = USERS["testuser1"]["eduPersonTargetedID"][0]

        return internal_response
예제 #5
0
    def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_config):
        satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id"
        base = SATOSABase(satosa_config)

        internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
        internal_resp.user_id = "user1234"
        context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
        context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
        UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state)

        base._auth_resp_callback_func(context, internal_resp)
        assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
예제 #6
0
def internal_response():
    auth_info = AuthenticationInformation("auth_class_ref", "timestamp",
                                          "issuer")
    internal_response = InternalResponse(auth_info=auth_info)
    internal_response.set_user_id_hash_type(UserIdHashType.persistent)
    internal_response.add_attributes({
        "displayName": "Test",
        "co": "example",
        "sn": "removed_by_filter"
    })
    internal_response.user_id = "usrID"
    return internal_response
예제 #7
0
    def test_handle_authn_response_returns_error_access_denied_for_wrong_affiliation(self, context, scope_value,
                                                                                     affiliation):
        authn_req = AuthorizationRequest(scope='openid ' + scope_value, client_id='client1',
                                         redirect_uri='https://client.example.com',
                                         response_type='id_token')
        context.state[self.frontend.name] = {'oidc_request': authn_req.to_urlencoded()}
        internal_response = InternalResponse()
        internal_response.attributes['affiliation'] = [affiliation]
        internal_response.user_id = 'user1'

        resp = self.frontend.handle_authn_response(context, internal_response)
        auth_resp = AuthorizationErrorResponse().from_urlencoded(urlparse(resp.message).fragment)
        assert auth_resp['error'] == 'access_denied'
예제 #8
0
    def setup_for_authn_response(self, context, frontend, auth_req):
        context.state[frontend.name] = {
            "oidc_request": auth_req.to_urlencoded()
        }

        auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z",
                                              "unittest_idp.xml")
        internal_response = InternalResponse(auth_info=auth_info)
        internal_response.attributes = AttributeMapper(
            INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
        internal_response.user_id = USERS["testuser1"]["eduPersonTargetedID"][
            0]

        return internal_response
예제 #9
0
    def test_auth_resp_callback_func_respects_user_id_to_attr(
            self, context, satosa_config):
        satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id"
        base = SATOSABase(satosa_config)

        internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
        internal_resp.user_id = "user1234"
        context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
        context.state[satosa.routing.
                      STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
        UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""),
                                context.state)

        base._auth_resp_callback_func(context, internal_resp)
        assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
예제 #10
0
    def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config):
        satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
        base = SATOSABase(satosa_config)

        attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]}
        internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
        internal_resp.attributes = copy.copy(attributes)
        internal_resp.user_id = "test_user"
        UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state)
        context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
        context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]

        base._auth_resp_callback_func(context, internal_resp)
        for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
            assert internal_resp.attributes[attr] == [UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v)
                                                      for v in attributes[attr]]
예제 #11
0
    def test_handle_authn_response_returns_error_access_denied_for_wrong_affiliation(
            self, context, scope_value, affiliation):
        authn_req = AuthorizationRequest(
            scope='openid ' + scope_value,
            client_id='client1',
            redirect_uri='https://client.example.com',
            response_type='id_token')
        context.state[self.frontend.name] = {
            'oidc_request': authn_req.to_urlencoded()
        }
        internal_response = InternalResponse()
        internal_response.attributes['affiliation'] = [affiliation]
        internal_response.user_id = 'user1'

        resp = self.frontend.handle_authn_response(context, internal_response)
        auth_resp = AuthorizationErrorResponse().from_urlencoded(
            urlparse(resp.message).fragment)
        assert auth_resp['error'] == 'access_denied'
예제 #12
0
    def test_handle_authn_response_returns_id_token_for_verified_affiliation(
            self, signing_key_path, context, scope_value, affiliation):
        authn_req = AuthorizationRequest(scope='openid ' + scope_value, client_id='client1',
                                         redirect_uri='https://client.example.com',
                                         response_type='id_token')
        context.state[self.frontend.name] = {'oidc_request': authn_req.to_urlencoded()}
        internal_response = InternalResponse(AuthenticationInformation(None, str(datetime.now()),
                                                                       'https://idp.example.com'))
        internal_response.attributes['affiliation'] = [affiliation]
        internal_response.user_id = 'user1'

        resp = self.frontend.handle_authn_response(context, internal_response)
        auth_resp = AuthorizationResponse().from_urlencoded(urlparse(resp.message).fragment)

        id_token = IdToken().from_jwt(auth_resp['id_token'], key=[RSAKey(key=rsa_load(signing_key_path))])
        assert id_token['iss'] == self.frontend.base_url
        assert id_token['aud'] == ['client1']
        assert id_token['auth_time'] == internal_response.auth_info.timestamp
예제 #13
0
    def test_auth_resp_callback_func_hashes_all_specified_attributes(
            self, context, satosa_config):
        satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
        base = SATOSABase(satosa_config)

        attributes = {
            "user_id": ["user"],
            "mail": ["*****@*****.**", "*****@*****.**"]
        }
        internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
        internal_resp.attributes = copy.copy(attributes)
        internal_resp.user_id = "test_user"
        UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""),
                                context.state)
        context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
        context.state[satosa.routing.
                      STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]

        base._auth_resp_callback_func(context, internal_resp)
        for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
            assert internal_resp.attributes[attr] == [
                UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v)
                for v in attributes[attr]
            ]
 def internal_response(self):
     auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer")
     internal_response = InternalResponse(auth_info=auth_info)
     internal_response.user_id = "user1"
     return internal_response
예제 #15
0
파일: util.py 프로젝트: its-dirg/SATOSA
 def handle_response(self, context):
     auth_info = AuthenticationInformation("test", str(datetime.now()), "test_issuer")
     internal_resp = InternalResponse(auth_info=auth_info)
     internal_resp.attributes = context.request
     internal_resp.user_id = "test_user"
     return self.auth_callback_func(context, internal_resp)
예제 #16
0
 def internal_resp(self):
     resp = InternalResponse(AuthenticationInformation(None, str(datetime.now()), 'https://idp.example.com'))
     resp.requester = 'client1'
     resp.user_id = 'user1'
     resp.attributes['affiliation'] = ['student']
     return resp