def handle_response(self, context): auth_info = AuthenticationInformation("test", str(datetime.now()), "test_issuer") internal_resp = InternalResponse(auth_info=auth_info) internal_resp.attributes = context.request internal_resp.user_id = "test_user" return self.auth_callback_func(context, internal_resp)
def test_handle_authn_response_returns_id_token_for_verified_affiliation( self, signing_key_path, context, scope_value, affiliation): authn_req = AuthorizationRequest( scope='openid ' + scope_value, client_id='client1', redirect_uri='https://client.example.com', response_type='id_token') context.state[self.frontend.name] = { 'oidc_request': authn_req.to_urlencoded() } internal_response = InternalResponse( AuthenticationInformation(None, str(datetime.now()), 'https://idp.example.com')) internal_response.attributes['affiliation'] = [affiliation] internal_response.user_id = 'user1' resp = self.frontend.handle_authn_response(context, internal_response) auth_resp = AuthorizationResponse().from_urlencoded( urlparse(resp.message).fragment) id_token = IdToken().from_jwt( auth_resp['id_token'], key=[RSAKey(key=rsa_load(signing_key_path))]) assert id_token['iss'] == self.frontend.base_url assert id_token['aud'] == ['client1'] assert id_token['auth_time'] == internal_response.auth_info.timestamp
def internal_response(): auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer") internal_response = InternalResponse(auth_info=auth_info) internal_response.set_user_id_hash_type(UserIdHashType.persistent) internal_response.add_attributes( {"displayName": "Test", "co": "example", "sn": "removed_by_filter"}) internal_response.user_id = "usrID" return internal_response
def setup_for_authn_response(self, context, frontend, auth_req): context.state[frontend.name] = {"oidc_request": auth_req.to_urlencoded()} auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", "unittest_idp.xml") internal_response = InternalResponse(auth_info=auth_info) internal_response.attributes = AttributeMapper(INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"]) internal_response.user_id = USERS["testuser1"]["eduPersonTargetedID"][0] return internal_response
def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id" base = SATOSABase(satosa_config) internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.user_id = "user1234" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) base._auth_resp_callback_func(context, internal_resp) assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
def internal_response(): auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer") internal_response = InternalResponse(auth_info=auth_info) internal_response.set_user_id_hash_type(UserIdHashType.persistent) internal_response.add_attributes({ "displayName": "Test", "co": "example", "sn": "removed_by_filter" }) internal_response.user_id = "usrID" return internal_response
def test_handle_authn_response_returns_error_access_denied_for_wrong_affiliation(self, context, scope_value, affiliation): authn_req = AuthorizationRequest(scope='openid ' + scope_value, client_id='client1', redirect_uri='https://client.example.com', response_type='id_token') context.state[self.frontend.name] = {'oidc_request': authn_req.to_urlencoded()} internal_response = InternalResponse() internal_response.attributes['affiliation'] = [affiliation] internal_response.user_id = 'user1' resp = self.frontend.handle_authn_response(context, internal_response) auth_resp = AuthorizationErrorResponse().from_urlencoded(urlparse(resp.message).fragment) assert auth_resp['error'] == 'access_denied'
def setup_for_authn_response(self, context, frontend, auth_req): context.state[frontend.name] = { "oidc_request": auth_req.to_urlencoded() } auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", "unittest_idp.xml") internal_response = InternalResponse(auth_info=auth_info) internal_response.attributes = AttributeMapper( INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"]) internal_response.user_id = USERS["testuser1"]["eduPersonTargetedID"][ 0] return internal_response
def test_auth_resp_callback_func_respects_user_id_to_attr( self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_to_attr"] = "user_id" base = SATOSABase(satosa_config) internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.user_id = "user1234" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing. STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) base._auth_resp_callback_func(context, internal_resp) assert internal_resp.attributes["user_id"] == [internal_resp.user_id]
def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"] base = SATOSABase(satosa_config) attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]} internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.attributes = copy.copy(attributes) internal_resp.user_id = "test_user" UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]: assert internal_resp.attributes[attr] == [UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v) for v in attributes[attr]]
def test_handle_authn_response_returns_error_access_denied_for_wrong_affiliation( self, context, scope_value, affiliation): authn_req = AuthorizationRequest( scope='openid ' + scope_value, client_id='client1', redirect_uri='https://client.example.com', response_type='id_token') context.state[self.frontend.name] = { 'oidc_request': authn_req.to_urlencoded() } internal_response = InternalResponse() internal_response.attributes['affiliation'] = [affiliation] internal_response.user_id = 'user1' resp = self.frontend.handle_authn_response(context, internal_response) auth_resp = AuthorizationErrorResponse().from_urlencoded( urlparse(resp.message).fragment) assert auth_resp['error'] == 'access_denied'
def test_handle_authn_response_returns_id_token_for_verified_affiliation( self, signing_key_path, context, scope_value, affiliation): authn_req = AuthorizationRequest(scope='openid ' + scope_value, client_id='client1', redirect_uri='https://client.example.com', response_type='id_token') context.state[self.frontend.name] = {'oidc_request': authn_req.to_urlencoded()} internal_response = InternalResponse(AuthenticationInformation(None, str(datetime.now()), 'https://idp.example.com')) internal_response.attributes['affiliation'] = [affiliation] internal_response.user_id = 'user1' resp = self.frontend.handle_authn_response(context, internal_response) auth_resp = AuthorizationResponse().from_urlencoded(urlparse(resp.message).fragment) id_token = IdToken().from_jwt(auth_resp['id_token'], key=[RSAKey(key=rsa_load(signing_key_path))]) assert id_token['iss'] == self.frontend.base_url assert id_token['aud'] == ['client1'] assert id_token['auth_time'] == internal_response.auth_info.timestamp
def test_auth_resp_callback_func_hashes_all_specified_attributes( self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"] base = SATOSABase(satosa_config) attributes = { "user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"] } internal_resp = InternalResponse(AuthenticationInformation("", "", "")) internal_resp.attributes = copy.copy(attributes) internal_resp.user_id = "test_user" UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state) context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing. STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]: assert internal_resp.attributes[attr] == [ UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v) for v in attributes[attr] ]
def internal_response(self): auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer") internal_response = InternalResponse(auth_info=auth_info) internal_response.user_id = "user1" return internal_response
def handle_response(self, context): auth_info = AuthenticationInformation("test", str(datetime.now()), "test_issuer") internal_resp = InternalResponse(auth_info=auth_info) internal_resp.attributes = context.request internal_resp.user_id = "test_user" return self.auth_callback_func(context, internal_resp)
def internal_resp(self): resp = InternalResponse(AuthenticationInformation(None, str(datetime.now()), 'https://idp.example.com')) resp.requester = 'client1' resp.user_id = 'user1' resp.attributes['affiliation'] = ['student'] return resp