def test_federated_happy_path_and_correlation_id(self): correlationId = '12300002-0000-0000-c000-000000000000' util.set_correlation_id(correlationId) util.setup_expected_user_realm_response_common(True) util.setup_expected_mex_wstrust_request_common() response = util.create_response() assertion = self.setup_expected_oauth_assertion_request(response) logFunctionCalled = False def testCorrelationIdLog(level, message): logFunctionCalled = True self.assertIsNotNone(message) logOptions = { 'level' : 3, 'log' : testCorrelationIdLog } oldOptions = log.get_logging_options() log.set_logging_options(logOptions) authorityUrl = response['authority'] + '/' + cp['tenant'] token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource']) self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'Response did not match expected: ' + JSON.stringify(token_response)) log.set_logging_options(oldOptions) util.set_correlation_id() self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'The response did not match what was expected') self.assertTrue(logFunctionCalled, 'Logging was turned on but no messages were recieved.')
def test_federated_happy_path_and_correlation_id(self): util.setup_expected_user_realm_response_common(True) util.setup_expected_mex_wstrust_request_common() response = util.create_response() assertion = self.setup_expected_oauth_assertion_request(response) buffer = StringIO() handler = logging.StreamHandler(buffer) util.turn_on_logging(level='DEBUG', handler=handler) authorityUrl = response['authority'] context = adal.AuthenticationContext(authorityUrl) correlation_id = '12300002-0000-0000-c000-000000000000' context.correlation_id = correlation_id #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response)) #assert log_content = buffer.getvalue() self.assertTrue(correlation_id in log_content, 'Logging was turned on but no messages were recieved.') self.assertNotIn(cp['clientId'], log_content, "Should not log ClientID") self.assertNotIn( cp['username'].split('@')[0], log_content, "Should not contain PII")
def test_federated_happy_path_and_correlation_id(self): util.setup_expected_user_realm_response_common(True) util.setup_expected_mex_wstrust_request_common() response = util.create_response() assertion = self.setup_expected_oauth_assertion_request(response) buffer = StringIO() handler = logging.StreamHandler(buffer) util.turn_on_logging(level='DEBUG', handler=handler) authorityUrl = response['authority'] context = adal.AuthenticationContext(authorityUrl) correlation_id = '12300002-0000-0000-c000-000000000000' context.correlation_id = correlation_id #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response)) #assert log_content = buffer.getvalue() self.assertTrue(correlation_id in log_content, 'Logging was turned on but no messages were recieved.')
def test_invalid_id_token(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() wireResponse = response['wireResponse'] response_options = {'noIdToken': True} response = util.create_response(response_options) # break the id token idToken = wireResponse['id_token'] idToken = idToken.replace('.', ' ') wireResponse['id_token'] = idToken authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response( 200, wireResponse, authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password( response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue( util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_managed_happy_path(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() authorityUrl = response['authority'] + '/' + cp['tenant'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl) token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource']) self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'Response did not match expected: ' + JSON.stringify(token_response))
def test_no_access_token(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() del response['wireResponse']['access_token'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority']) authorityUrl = response['authority'] + '/' + cp['tenant'] # Did not receive expected error about missing token_type with self.assertRaises(Exception): token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
def test_bad_int_in_response(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() response['wireResponse']['expires_in'] = 'foo' upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority']) authorityUrl = response['authority'] + '/' + cp['tenant'] # Did not receive expected error about bad int parameter with self.assertRaises(Exception): token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
def test_no_access_token(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() del response['wireResponse']['access_token'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority']) authorityUrl = response['authority'] context = adal.AuthenticationContext(authorityUrl) #action try: token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) self.fail('Did not receive expected error about missing token_type') except Exception as exp: #assert self.assertEqual('wire_response is missing access_token', exp.args[0])
def test_managed_happy_path(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
def test_bad_int_in_response(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() response['wireResponse']['expires_in'] = 'foo' upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority']) authorityUrl = response['authority'] context = adal.AuthenticationContext(authorityUrl) #action try: token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) self.fail('Did not see expected warning message about bad expires_in field') except Exception as exp: #assert self.assertEqual("invalid literal for int() with base 10: 'foo'", exp.args[0])
def test_bad_id_token_base64_in_response(self): foundWarning = False util.setup_expected_user_realm_response_common(False) response = util.create_response() def findIdTokenWarning(level, message): if 'decoded' in message: foundWarning = True util.turn_on_logging() #, findIdTokenWarning) #util.turnOnLogging(None, findIdTokenWarning) response['wireResponse']['id_token'] = 'aaaaaaa./+===.aaaaaa' authorityUrl = response['authority'] + '/' + cp['tenant'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl) token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource']) self.assertTrue(foundWarning, 'Did not see expected warning message about bad id_token base64.')
def test_invalid_id_token(self): ''' TODO: Test Failing as of 2015/06/03 and needs to be completed. ''' util.setup_expected_user_realm_response_common(False) response = util.create_response() wireResponse = response['wireResponse'] response_options = { 'noIdToken' : True } #response = util.create_response(response_options) # break the id token #idToken = wireResponse['id_token'] #idToken = idToken.replace('.', ' ') #wireResponse['id_token'] = idToken authorityUrl = response['authority'] + '/' + cp['tenant'] upRequest = self.setup_expected_username_password_request_response(200, wireResponse, authorityUrl) token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource']) self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'Response did not match expected: ' + JSON.stringify(token_response))
def test_bad_id_token_base64_in_response(self): foundWarning = False util.setup_expected_user_realm_response_common(False) response = util.create_response() log_content = StringIO() handler = logging.StreamHandler(log_content) util.turn_on_logging(level='WARNING', handler=handler) response['wireResponse']['id_token'] = 'aaaaaaa./+===.aaaaaa' expected_warn = 'The returned id_token could not be decoded: aaaaaaa./+===.aaaaaa' authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action and verify self.assertRaises(UnicodeDecodeError, context.acquire_token_with_username_password, response['resource'], cp['username'], cp['password'], cp['clientId'])
def test_invalid_id_token(self): util.setup_expected_user_realm_response_common(False) response = util.create_response() wireResponse = response['wireResponse'] response_options = { 'noIdToken' : True } response = util.create_response(response_options) # break the id token idToken = wireResponse['id_token'] idToken = idToken.replace('.', ' ') wireResponse['id_token'] = idToken authorityUrl = response['authority'] upRequest = self.setup_expected_username_password_request_response(200, wireResponse, authorityUrl) context = adal.AuthenticationContext(authorityUrl) #action token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId']) #assert self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))