def test_registered_redirect_uri_with_query_component(self):
provider2 = Provider("FOOP", {}, {}, None, None, None, None, "")
rr = RegistrationRequest(
operation="register",
redirect_uris=["http://example.org/cb?foo=bar"],
response_types=["code"])
registration_req = rr.to_json()
resp = provider2.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
print regresp.to_dict()
faulty = [
"http://example.org/cb", "http://example.org/cb/foo",
"http://example.org/cb?got=you", "http://example.org/cb?foo=you"
"http://example.org/cb?foo=bar&got=you",
"http://example.org/cb?foo=you&foo=bar"
]
correct = [
"http://example.org/cb?foo=bar",
]
cid = regresp["client_id"]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
scope="openid",
response_type="code")
print areq
try:
provider2._verify_redirect_uri(areq)
except RedirectURIError:
pass
for ruri in correct:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
scope="openid",
response_type="code")
resp = provider2._verify_redirect_uri(areq)
print resp
assert resp is None
def test_registered_redirect_uri_with_query_component(self):
provider2 = Provider("FOOP", {}, {}, None, None, None, None, "")
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb?foo=bar"],
response_types=["code"])
registration_req = rr.to_json()
resp = provider2.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
print regresp.to_dict()
faulty = [
"http://example.org/cb",
"http://example.org/cb/foo",
"http://example.org/cb?got=you",
"http://example.org/cb?foo=you"
"http://example.org/cb?foo=bar&got=you",
"http://example.org/cb?foo=you&foo=bar"
]
correct = [
"http://example.org/cb?foo=bar",
]
cid = regresp["client_id"]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid,
scope="openid",
response_type="code")
print areq
try:
provider2._verify_redirect_uri(areq)
except RedirectURIError:
pass
for ruri in correct:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=cid, scope="openid",
response_type="code")
resp = provider2._verify_redirect_uri(areq)
print resp
assert resp is None
def test_registered_redirect_uri_with_query_component():
provider2 = Provider("FOOP", {}, {}, None, None)
environ = {}
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb?foo=bar"])
registration_req = rr.to_urlencoded()
resp = provider2.registration_endpoint(environ, start_response,
query=registration_req)
regresp = RegistrationResponse().from_json(resp[0])
print regresp.to_dict()
faulty = [
"http://example.org/cb",
"http://example.org/cb/foo",
"http://example.org/cb?got=you",
"http://example.org/cb?foo=you"
]
correct = [
"http://example.org/cb?foo=bar",
"http://example.org/cb?foo=bar&got=you",
"http://example.org/cb?foo=bar&foo=you"
]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=regresp["client_id"],
scope="openid",
response_type="code")
print areq
assert provider2._verify_redirect_uri(areq) != None
for ruri in correct:
areq = AuthorizationRequest(redirect_uri= ruri,
client_id=regresp["client_id"])
resp = provider2._verify_redirect_uri(areq)
print resp
assert resp == None
def create_client_from_secrets(self, name: str,
provider: config.ProviderConfig) -> None:
""" Try to create an openid connect client from the secrets that are
saved in the secrets file"""
client_secrets = self._secrets[name]
client = oic.oic.Client(client_authn_method=CLIENT_AUTHN_METHOD)
client.provider_config(provider.configuration_url)
client_reg = RegistrationResponse(**client_secrets)
client.store_registration_info(client_reg)
client.redirect_uris = client_secrets['redirect_uris']
self.__oidc_provider[name] = client
self._secrets[name] = client_reg.to_dict()
def test_read_registration(self):
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/new"],
response_types=["code"])
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
authn = ' '.join(['Bearer', regresp['registration_access_token']])
query = '='.join(['client_id', regresp['client_id']])
resp = self.provider.read_registration(authn, query)
assert json.loads(resp.message) == regresp.to_dict()
def test_read_registration(self):
rr = RegistrationRequest(
operation="register", redirect_uris=["http://example.org/new"], response_types=["code"]
)
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
authn = " ".join(["Bearer", regresp["registration_access_token"]])
query = "=".join(["client_id", regresp["client_id"]])
resp = self.provider.read_registration(authn, query)
assert json.loads(resp.message) == regresp.to_dict()
# Add the key to the keyjar
if client_secret:
_kc = KeyBundle([{"kty": "oct", "key": client_secret,
"use": "ver"},
{"kty": "oct", "key": client_secret,
"use": "sig"}])
try:
_keyjar[client_id].append(_kc)
except KeyError:
_keyjar[client_id] = [_kc]
self.cdb[client_id] = _cinfo
_log_info("Client info: %s" % _cinfo)
logger.debug("registration_response: %s" % response.to_dict())
return Response(response.to_json(), content="application/json",
headers=[("Cache-Control", "no-store")])
def registration_endpoint(self, request, authn=None, **kwargs):
return self.l_registration_endpoint(request, authn, **kwargs)
def read_registration(self, authn, request, **kwargs):
"""
Read all information this server has on a client.
Authorization is done by using the access token that was return as
part of the client registration result.
:param authn: The Authorization HTTP header
:param request: The query part of the URL
