def step_impl(context): assert context.vendor_config['auth']['strategy'] != 'none', \ ERROR_OAUTH_DISABLED if context.conformance is None: assert False, ERROR_BAD_CONFORMANCE fhir.get_oauth_uris(context.conformance)
def token_request(post_data, auth_config, conformance): """ Make a token request. Should be modeled after `testsuite.oauth.authorization_code._token_request`. Args: post_data (dict): The parameters to send. auth_config (dict): The vendor auth config. conformance (dict): The server's conformance statement so that URIs can be determined. Returns: A requests Response object. """ auth = None if auth_config.get('confidential_client'): auth = requests.auth.HTTPBasicAuth(auth_config['client_id'], auth_config['client_secret']) uris = fhir.get_oauth_uris(conformance) response = requests.post(uris['token'], data=post_data, allow_redirects=False, auth=auth, timeout=5) return response
def test_get_oauth_uris(): base_url = 'http://example.com/fhir/' conformance = fhir.get_conformance_statement(base_url) uris = fhir.get_oauth_uris(conformance) assert uris['token'] is not None assert uris['authorize'] is not None
def step_impl(context, field_name): """ TODO: reduce duplication. """ fields = { 'grant_type': 'refresh_token', 'refresh_token': context.oauth.refresh_token, 'scope': context.vendor_config['auth']['scope'], } auth = requests.auth.HTTPBasicAuth(context.vendor_config['auth']['client_id'], context.vendor_config['auth']['client_secret']) if field_name == 'client_id': auth = None else: del fields[field_name] uris = fhir.get_oauth_uris(context.conformance) response = requests.post(uris['token'], data=fields, allow_redirects=False, auth=auth, timeout=5) context.response = response
def step_impl(context, action, resource_type): assert action in AUTHORIZATION_ACTIONS assert resource_type in s4s.MU_CCDS_MAPPINGS # Filter the steps to only what is required for this authorization condition = '{0}.{1}'.format(action, resource_type) steps = context.vendor_config['versioned_auth'].get('steps', []) steps = [step for step in steps if 'when' not in step or step['when'] == condition] context.vendor_config['versioned_auth']['steps'] = steps # Construct a modified authorizer urls = fhir.get_oauth_uris(context.conformance) authorizer = authorize.Authorizer(config=context.vendor_config['versioned_auth'], authorize_url=urls['authorize']) context.oauth.authorizer = authorizer # Authorize the app as usual try: context.code = context.oauth.request_authorization() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], err.args[2], context.vendor_config['host'], ) assert False, error
def step_impl(context): config = context.vendor_config['auth'] if 'cancel_steps' not in config: context.scenario.skip(reason=ERROR_NO_CANCEL) return config['authorize_steps'] = config['cancel_steps'] urls = fhir.get_oauth_uris(context.conformance) authorizer = authorize.Authorizer(config=context.vendor_config['auth'], authorize_url=urls['authorize']) with authorizer: parameters = authorizer.launch_params try: authorizer.ask_for_authorization(parameters) response = authorizer.provide_user_input() except authorize.ReturnedErrorException as err: # This is actually what we want to happen response = authorizer.runner.get_query() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], err.args[2], context.vendor_config['host'], ) assert False, error context.authorizer = authorizer context.authorization_sent = parameters context.authorization_received = response
def step_impl(context, action, resource_type): assert action in AUTHORIZATION_ACTIONS assert resource_type in s4s.MU_CCDS_MAPPINGS # Filter the steps to only what is required for this authorization condition = '{0}.{1}'.format(action, resource_type) steps = context.vendor_config['auth'].get('steps', []) steps = [ step for step in steps if 'when' not in step or step['when'] == condition ] context.vendor_config['auth']['steps'] = steps # Construct a modified authorizer urls = fhir.get_oauth_uris(context.conformance) authorizer = authorize.Authorizer(config=context.vendor_config['auth'], authorize_url=urls['authorize']) context.oauth.authorizer = authorizer # Authorize the app as usual try: context.code = context.oauth.request_authorization() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], err.args[2], context.vendor_config['host'], ) assert False, error
def step_impl(context, field_name): """ TODO: reduce duplication. """ fields = { 'grant_type': 'refresh_token', 'refresh_token': context.oauth.refresh_token, 'scope': context.vendor_config['auth']['scope'], } auth = requests.auth.HTTPBasicAuth( context.vendor_config['auth']['client_id'], context.vendor_config['auth']['client_secret']) if field_name == 'client_id': auth = None else: del fields[field_name] uris = fhir.get_oauth_uris(context.conformance) response = requests.post(uris['token'], data=fields, allow_redirects=False, auth=auth, timeout=5) context.response = response
def step_impl(context): config = context.vendor_config['versioned_auth'] if 'cancel_steps' not in config: context.scenario.skip(reason=ERROR_NO_CANCEL) return config['authorize_steps'] = config['cancel_steps'] urls = fhir.get_oauth_uris(context.conformance) authorizer = authorize.Authorizer(config=context.vendor_config['versioned_auth'], authorize_url=urls['authorize']) with authorizer: parameters = authorizer.launch_params try: authorizer.ask_for_authorization(parameters) response = authorizer.provide_user_input() except authorize.ReturnedErrorException as err: # This is actually what we want to happen response = authorizer.runner.get_query() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], err.args[2], context.vendor_config['host'], ) assert False, error context.authorizer = authorizer context.authorization_sent = parameters context.authorization_received = response
def step_impl(context): urls = fhir.get_oauth_uris(context.conformance) for endpoint_type, endpoint_url in urls.items(): try: parsed_url = urlparse(endpoint_url) if not parsed_url.scheme: raise ValueError except ValueError: assert False, ERROR_CONFORMANCE_MALFORMED_ENDPOINT.format( endpoint_type, endpoint_url )
def authorization_code_factory(config): """ Build a AuthorizationCodeStrategy. Returns: authorization_code.AuthorizationCodeStrategy """ auth_config = config['auth'] conformance = fhir.get_conformance_statement(config['api']['url']) urls = fhir.get_oauth_uris(conformance) authorizer = authorize.Authorizer(config=auth_config, authorize_url=urls['authorize']) return authorization_code.AuthorizationCodeStrategy( auth_config, urls, authorizer)
def get_authorize_uri(context): uris = fhir.get_oauth_uris(context.conformance) authorize_uri = uris['authorize'] # in some cases, we might need to rewrite the authorize URL that comes # from the conformance statement, such as when all the components are # interacting through the docker network authorize_url_rewrite = context.vendor_config['versioned_auth'].get('authorize_url_rewrite') if authorize_url_rewrite: authorize_uri = authorize_uri.replace( authorize_url_rewrite['from_host'], authorize_url_rewrite['to_host'] ) return authorize_uri
def authorization_code_factory(config): """ Build a AuthorizationCodeStrategy. Returns: authorization_code.AuthorizationCodeStrategy """ auth_config = config['versioned_auth'] conformance = fhir.get_conformance_statement(config['versioned_api']['url']) urls = fhir.get_oauth_uris(conformance) authorizer = authorize.Authorizer(config=auth_config, authorize_url=urls['authorize']) return authorization_code.AuthorizationCodeStrategy( auth_config, urls, authorizer )
def step_impl(context): uris = fhir.get_oauth_uris(context.conformance) revoke_url = uris.get('manage', context.vendor_config['versioned_auth'].get('revoke_url')) revoker = authorize.AuthorizationRevoker(context.vendor_config['versioned_auth'], revoke_url) try: with revoker: revoker.revoke_authorization() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], err.args[2], context.vendor_config['host'], ) assert False, error context.cache.clear()
def step_impl(context): uris = fhir.get_oauth_uris(context.conformance) revoke_url = uris.get( 'manage', context.vendor_config['versioned_auth'].get('revoke_url')) revoker = authorize.AuthorizationRevoker( context.vendor_config['versioned_auth'], revoke_url) try: with revoker: revoker.revoke_authorization() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], err.args[2], context.vendor_config['host'], ) assert False, error context.cache.clear()
def step_impl(context, field_name): """ A step 1 implementation with a named field missing. """ fields = { 'response_type': 'code', 'client_id': context.vendor_config['auth']['client_id'], 'redirect_uri': context.vendor_config['auth']['redirect_uri'], 'scope': context.vendor_config['auth']['scope'], 'state': uuid.uuid4(), } del fields[field_name] uris = fhir.get_oauth_uris(context.conformance) response = requests.get(uris['authorize'], params=fields, allow_redirects=False, timeout=5) context.response = response
def step_impl(context): urls = fhir.get_oauth_uris(context.conformance) authorizer = authorize.Authorizer(config=context.vendor_config['auth'], authorize_url=urls['authorize']) with authorizer: parameters = authorizer.launch_params parameters.update(dict(context.table)) try: authorizer.ask_for_authorization(parameters) response = authorizer.provide_user_input() except authorize.AuthorizationException as err: error = ERROR_SELENIUM_SCREENSHOT.format( err.args[0], err.args[1], context.vendor_config['host'], ) assert False, error context.authorizer = authorizer context.authorization_sent = parameters context.authorization_received = response
def token_request(post_data, auth_config, conformance, request_method='POST'): """ Make a token request. Should be modeled after `testsuite.oauth.authorization_code._token_request`. Args: post_data (dict): The parameters to send. auth_config (dict): The vendor auth config. conformance (dict): The server's conformance statement so that URIs can be determined. request_method (string): GET or POST, determines the request type used to obtain our token. Returns: A requests Response object. """ auth = None allow_redirects = False timeout = 5 if auth_config.get('confidential_client'): auth = requests.auth.HTTPBasicAuth(auth_config['client_id'], auth_config['client_secret']) uris = fhir.get_oauth_uris(conformance) if request_method == "GET": response = requests.get(uris['token'], data=post_data, allow_redirects=allow_redirects, auth=auth, timeout=timeout) else: response = requests.post(uris['token'], data=post_data, allow_redirects=allow_redirects, auth=auth, timeout=timeout) return response
def step_impl(context, endpoint_type): urls = fhir.get_oauth_uris(context.conformance) endpoint_url = urls.get(endpoint_type) assert endpoint_url is not None, \ ERROR_CONFORMANCE_MISSING_ENDPOINT.format(endpoint_type)