def test_federated_saml2(self): context = self.create_authentication_context_stub( cp['authorityTenant']) mex = self.create_mex_stub(cp['adfsWsTrust']) userRealm = self.create_user_realm_stub('wstrust', 'federated', cp['adfsMex'], cp['adfsWsTrust']) wstrustRequest = self.create_wstrust_request_stub( None, 'urn:oasis:names:tc:SAML:2.0:assertion') response = util.create_response() oauthClient = self.create_oauth2_client_stub( cp['authority'], response['cachedResponse'], None) tokenRequest = TokenRequest(cp['callContext'], context, response['clientId'], response['resource']) self.stub_out_token_request_dependencies(tokenRequest, userRealm, mex, wstrustRequest, oauthClient) #action token_response = tokenRequest.get_token_with_username_password( cp['username'], cp['password']) #assert self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'The response did not match what was expected')
def test_federated_happy_path_and_correlation_id(self): util.setup_expected_user_realm_response_common(True) util.setup_expected_mex_wstrust_request_common() response = util.create_response() assertion = self.setup_expected_oauth_assertion_request(response) buffer = StringIO() handler = logging.StreamHandler(buffer) util.turn_on_logging(level='DEBUG', handler=handler) authorityUrl = response['authority'] context = adal.AuthenticationContext(authorityUrl) correlation_id = '12300002-0000-0000-c000-000000000000' context.correlation_id = correlation_id #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response)) #assert log_content = buffer.getvalue() self.assertTrue(correlation_id in log_content, 'Logging was turned on but no messages were recieved.')
def test_happy_path(self): response = util.create_response() self.setup_expected_auth_code_token_request_response( 200, response['wireResponse']) context = adal.AuthenticationContext(cp['authUrl']) # action token_response = context.acquire_token_with_authorization_code( self.authorization_code, self.redirect_uri, response['resource'], cp['clientId'], cp['clientSecret']) # assert # the caching layer adds a few extra fields, let us pop them out for easier verification for k in ['_clientId', '_authority', 'resource']: token_response.pop(k, None) self.assertTrue( util.is_match_token_response(response['decodedResponse'], token_response), 'The response did not match what was expected') # verify a request on the wire was made req = httpretty.last_request() util.match_standard_request_headers(req) # verify the same token entry was cached cached_items = list(context.cache.read_items()) self.assertTrue(len(cached_items) == 1) _, cached_entry = cached_items[0] self.assertEqual(cached_entry, token_response)
def test_federated_happy_path_and_correlation_id(self): util.setup_expected_user_realm_response_common(True) util.setup_expected_mex_wstrust_request_common() response = util.create_response() assertion = self.setup_expected_oauth_assertion_request(response) buffer = StringIO() handler = logging.StreamHandler(buffer) util.turn_on_logging(level='DEBUG', handler=handler) authorityUrl = response['authority'] context = adal.AuthenticationContext(authorityUrl) correlation_id = '12300002-0000-0000-c000-000000000000' context.correlation_id = correlation_id #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response)) #assert log_content = buffer.getvalue() self.assertTrue(correlation_id in log_content, 'Logging was turned on but no messages were recieved.') self.assertNotIn(cp['clientId'], log_content, "Should not log ClientID") self.assertNotIn( cp['username'].split('@')[0], log_content, "Should not contain PII")
def _callback(self, err, token_response): self.assertFalse(err, 'Unexpected Err:{}'.format(err)) self.assertTrue( util.is_match_token_response(self.response['decodedResponse'], token_response), 'The response did not match what was expected: ' + str(token_response))
def test_invalid_id_token(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() wireResponse = response['wireResponse'] response_options = {'noIdToken': True} response = util.create_response(response_options) # break the id token idToken = wireResponse['id_token'] idToken = idToken.replace('.', ' ') wireResponse['id_token'] = idToken authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response( 200, wireResponse, authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password( response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_happy_path(self): response = util.create_response() self.setup_expected_auth_code_token_request_response(200, response['wireResponse']) token_response = adal._acquire_token_with_authorization_code(cp['authUrl'], cp['clientId'], cp['clientSecret'], self.authorization_code, self.redirect_uri, response['resource']) self.assertTrue(util.is_match_token_response(response['decodedResponse'], token_response), 'The response did not match what was expected') req = httpretty.last_request() util.match_standard_request_headers(req)
def test_happy_path(self): response_options = {"noRefresh": True} response = util.create_response(response_options) token_request = util.setup_expected_client_cred_token_request_response(200, response["wireResponse"]) token_response = adal.acquire_token_with_client_credentials( cp["authUrl"], cp["clientId"], cp["clientSecret"], response["resource"] ) self.assertTrue( util.is_match_token_response(response["cachedResponse"], token_response), "The response does not match what was expected.: " + str(token_response), )
def test_happy_path(self): response_options = { 'noRefresh' : True, 'tokenEndpoint': True } response = util.create_response(response_options) token_request = util.setup_expected_client_cred_token_request_response(200, response['wireResponse']) context = adal.AuthenticationContext(cp['authUrl']) token_response = context.acquire_token_with_client_credentials( response['resource'], cp['clientId'], cp['clientSecret']) self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'The response does not match what was expected.: ' + str(token_response) )
def test_cert_happy_path(self): ''' TODO: Test Failing as of 2015/06/03 and needs to be completed. ''' self.fail("Not Yet Impelemented. Add Helper Functions and setup method") saveProto = updateSelfSignedJwtStubs() responseOptions = { noRefresh : true } response = util.create_response(responseOptions) tokenRequest = util.setupExpectedClientAssertionTokenRequestResponse(200, response.wireResponse, cp['authorityTenant']) context = adal.AuthenticationContext(cp['authorityTenant']) context.acquire_token_with_client_certificate(response.resource, cp['clientId'], cp['cert'], cp['certHash']) resetSelfSignedJwtStubs(saveProto) self.assertTrue(util.is_match_token_response(response.cachedResponse, token_response), 'The response did not match what was expected')
def test_happy_path_with_resource_client_secret(self): tokenRequest = util.setup_expected_refresh_token_request_response(200, self.wire_response, self.response['authority'], self.response['resource'], cp['clientSecret']) context = adal.AuthenticationContext(cp['authorityTenant']) def side_effect (tokenfunc): return self.response['decodedResponse'] context._acquire_token = mock.MagicMock(side_effect=side_effect) token_response = context.acquire_token_with_refresh_token(cp['refreshToken'], cp['clientId'], cp['clientSecret'], cp['resource']) self.assertTrue( util.is_match_token_response(self.response['decodedResponse'], token_response), 'The response did not match what was expected: ' + str(token_response) )
def test_happy_path_adfs_authority(self): adfsAuthority = 'https://contoso.com/adfs' responseOptions = { 'authority' : adfsAuthority, 'mrrt' : True } response = util.create_response(responseOptions) upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], adfsAuthority, True) context = adal.AuthenticationContext(adfsAuthority, False) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_happy_path(self): response_options = {'noRefresh': True, 'tokenEndpoint': True} response = util.create_response(response_options) token_request = util.setup_expected_client_cred_token_request_response( 200, response['wireResponse']) context = adal.AuthenticationContext(cp['authUrl']) token_response = context.acquire_token_with_client_credentials( response['resource'], cp['clientId'], cp['clientSecret']) self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'The response does not match what was expected.: ' + str(token_response))
def test_happy_path_adfs_authority(self): adfsAuthority = 'https://contoso.com/adfs' responseOptions = { 'authority' : adfsAuthority, 'mrrt' : True } response = util.create_response(responseOptions) upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], adfsAuthority, True) context = adal.AuthenticationContext(adfsAuthority, False) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_managed_happy_path(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_managed_happy_path(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_federated_saml2(self): context = self.create_authentication_context_stub(cp['authorityTenant']) mex = self.create_mex_stub(cp['adfsWsTrust']) userRealm = self.create_user_realm_stub('wstrust', 'federated', cp['adfsMex'], cp['adfsWsTrust']) wstrustRequest = self.create_wstrust_request_stub(None, 'urn:oasis:names:tc:SAML:2.0:assertion') response = util.create_response() oauthClient = self.create_oauth2_client_stub(cp['authority'], response['cachedResponse'], None) tokenRequest = TokenRequest(cp['callContext'], context, response['clientId'], response['resource']) self.stub_out_token_request_dependencies(tokenRequest, userRealm, mex, wstrustRequest, oauthClient) #action token_response = tokenRequest.get_token_with_username_password(cp['username'], cp['password']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'The response did not match what was expected')
def performStaticInstanceDiscovery(self, authorityHost, callback): hardCodedAuthority = 'https://' + authorityHost + '/' + cp['tenant'] responseOptions = { 'authority' : hardCodedAuthority } response = util.create_response(responseOptions) wireResponse = response['wireResponse'] tokenRequest = util.setup_expected_client_cred_token_request_response(200, wireResponse, hardCodedAuthority) token_response = adal.acquire_token_with_client_credentials( hardCodedAuthority, cp['clientId'], cp['clientSecret'], response['resource']) self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'The response does not match what was expected.: ' + str(token_response) )
def performStaticInstanceDiscovery(self, authorityHost): hardCodedAuthority = "https://" + authorityHost + "/" + cp["tenant"] responseOptions = {"authority": hardCodedAuthority} response = util.create_response(responseOptions) wireResponse = response["wireResponse"] tokenRequest = util.setup_expected_client_cred_token_request_response(200, wireResponse, hardCodedAuthority) context = adal.AuthenticationContext(hardCodedAuthority) token_response = context.acquire_token_with_client_credentials( response["resource"], cp["clientId"], cp["clientSecret"] ) self.assertTrue( util.is_match_token_response(response["cachedResponse"], token_response), "The response does not match what was expected.: " + str(token_response), )
def test_happy_path(self): response = util.create_response() self.setup_expected_auth_code_token_request_response( 200, response['wireResponse']) token_response = adal._acquire_token_with_authorization_code( cp['authUrl'], cp['clientId'], cp['clientSecret'], self.authorization_code, self.redirect_uri, response['resource']) self.assertTrue( util.is_match_token_response(response['decodedResponse'], token_response), 'The response did not match what was expected') req = httpretty.last_request() util.match_standard_request_headers(req)
def test_happy_path_with_resource_client_secret(self): tokenRequest = util.setup_expected_refresh_token_request_response( 200, self.wire_response, self.response['authority'], self.response['resource'], cp['clientSecret']) context = adal.AuthenticationContext(cp['authorityTenant']) def side_effect(tokenfunc): return self.response['decodedResponse'] context._acquire_token = mock.MagicMock(side_effect=side_effect) token_response = context.acquire_token_with_refresh_token( cp['refreshToken'], cp['clientId'], cp['clientSecret'], cp['resource']) self.assertTrue( util.is_match_token_response(self.response['decodedResponse'], token_response), 'The response did not match what was expected: ' + str(token_response))
def test_success_dynamic_instance_discovery(self): instanceDiscoveryRequest = util.setup_expected_instance_discovery_request( 200, cp['authorityHosts']['global'], {'tenant_discovery_endpoint' : 'http://foobar'}, self.nonHardCodedAuthorizeEndpoint ) responseOptions = { 'authority' : self.nonHardCodedAuthority} response = util.create_response(responseOptions) wireResponse = response['wireResponse'] util.setup_expected_client_cred_token_request_response(200, wireResponse, self.nonHardCodedAuthority) token_response = adal.acquire_token_with_client_credentials( self.nonHardCodedAuthority, cp['clientId'], cp['clientSecret'], response['resource']) self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'The response does not match what was expected.: ' + str(token_response) )
def test_cert_happy_path(self): ''' TODO: Test Failing as of 2015/06/03 and needs to be completed. ''' self.fail( "Not Yet Impelemented. Add Helper Functions and setup method") saveProto = updateSelfSignedJwtStubs() responseOptions = {noRefresh: true} response = util.create_response(responseOptions) tokenRequest = util.setupExpectedClientAssertionTokenRequestResponse( 200, response.wireResponse, cp['authorityTenant']) adal._acquire_token_with_client_certificate(cp['authorityTenant'], cp['clientId'], cp['cert'], cp['certHash'], response.resource) resetSelfSignedJwtStubs(saveProto) self.assertTrue( util.is_match_token_response(response.cachedResponse, token_response), 'The response did not match what was expected')
def test_invalid_id_token(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() wireResponse = response['wireResponse'] response_options = { 'noIdToken' : True } response = util.create_response(response_options) # break the id token idToken = wireResponse['id_token'] idToken = idToken.replace('.', ' ') wireResponse['id_token'] = idToken authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response(200, wireResponse, authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_success_dynamic_instance_discovery(self): instanceDiscoveryRequest = util.setup_expected_instance_discovery_request( 200, cp["authorityHosts"]["global"], {"tenant_discovery_endpoint": "http://foobar"}, self.nonHardCodedAuthorizeEndpoint, ) responseOptions = {"authority": self.nonHardCodedAuthority} response = util.create_response(responseOptions) wireResponse = response["wireResponse"] util.setup_expected_client_cred_token_request_response(200, wireResponse, self.nonHardCodedAuthority) context = adal.AuthenticationContext(self.nonHardCodedAuthority) token_response = context.acquire_token_with_client_credentials( response["resource"], cp["clientId"], cp["clientSecret"] ) self.assertTrue( util.is_match_token_response(response["cachedResponse"], token_response), "The response does not match what was expected.: " + str(token_response), )
def callback(err, token_response): if not err: self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'The response did not match what was expected')
def _callback(self, err, token_response): self.assertFalse(err, 'Unexpected Err:{}'.format(err)) self.assertTrue( util.is_match_token_response(self.response['decodedResponse'], token_response), 'The response did not match what was expected: ' + str(token_response) )