def test_registered_redirect_uri_with_query_component(self): provider2 = Provider("FOOP", {}, {}, None, None, None, None, "") rr = RegistrationRequest( operation="register", redirect_uris=["http://example.org/cb?foo=bar"], response_types=["code"]) registration_req = rr.to_json() resp = provider2.registration_endpoint(request=registration_req) regresp = RegistrationResponse().from_json(resp.message) print regresp.to_dict() faulty = [ "http://example.org/cb", "http://example.org/cb/foo", "http://example.org/cb?got=you", "http://example.org/cb?foo=you" "http://example.org/cb?foo=bar&got=you", "http://example.org/cb?foo=you&foo=bar" ] correct = [ "http://example.org/cb?foo=bar", ] cid = regresp["client_id"] for ruri in faulty: areq = AuthorizationRequest(redirect_uri=ruri, client_id=cid, scope="openid", response_type="code") print areq try: provider2._verify_redirect_uri(areq) except RedirectURIError: pass for ruri in correct: areq = AuthorizationRequest(redirect_uri=ruri, client_id=cid, scope="openid", response_type="code") resp = provider2._verify_redirect_uri(areq) print resp assert resp is None
def test_registered_redirect_uri_with_query_component(self): provider2 = Provider("FOOP", {}, {}, None, None, None, None, "") rr = RegistrationRequest(operation="register", redirect_uris=["http://example.org/cb?foo=bar"], response_types=["code"]) registration_req = rr.to_json() resp = provider2.registration_endpoint(request=registration_req) regresp = RegistrationResponse().from_json(resp.message) print regresp.to_dict() faulty = [ "http://example.org/cb", "http://example.org/cb/foo", "http://example.org/cb?got=you", "http://example.org/cb?foo=you" "http://example.org/cb?foo=bar&got=you", "http://example.org/cb?foo=you&foo=bar" ] correct = [ "http://example.org/cb?foo=bar", ] cid = regresp["client_id"] for ruri in faulty: areq = AuthorizationRequest(redirect_uri=ruri, client_id=cid, scope="openid", response_type="code") print areq try: provider2._verify_redirect_uri(areq) except RedirectURIError: pass for ruri in correct: areq = AuthorizationRequest(redirect_uri=ruri, client_id=cid, scope="openid", response_type="code") resp = provider2._verify_redirect_uri(areq) print resp assert resp is None
def test_registered_redirect_uri_with_query_component(): provider2 = Provider("FOOP", {}, {}, None, None) environ = {} rr = RegistrationRequest(operation="register", redirect_uris=["http://example.org/cb?foo=bar"]) registration_req = rr.to_urlencoded() resp = provider2.registration_endpoint(environ, start_response, query=registration_req) regresp = RegistrationResponse().from_json(resp[0]) print regresp.to_dict() faulty = [ "http://example.org/cb", "http://example.org/cb/foo", "http://example.org/cb?got=you", "http://example.org/cb?foo=you" ] correct = [ "http://example.org/cb?foo=bar", "http://example.org/cb?foo=bar&got=you", "http://example.org/cb?foo=bar&foo=you" ] for ruri in faulty: areq = AuthorizationRequest(redirect_uri=ruri, client_id=regresp["client_id"], scope="openid", response_type="code") print areq assert provider2._verify_redirect_uri(areq) != None for ruri in correct: areq = AuthorizationRequest(redirect_uri= ruri, client_id=regresp["client_id"]) resp = provider2._verify_redirect_uri(areq) print resp assert resp == None
def create_client_from_secrets(self, name: str, provider: config.ProviderConfig) -> None: """ Try to create an openid connect client from the secrets that are saved in the secrets file""" client_secrets = self._secrets[name] client = oic.oic.Client(client_authn_method=CLIENT_AUTHN_METHOD) client.provider_config(provider.configuration_url) client_reg = RegistrationResponse(**client_secrets) client.store_registration_info(client_reg) client.redirect_uris = client_secrets['redirect_uris'] self.__oidc_provider[name] = client self._secrets[name] = client_reg.to_dict()
def test_read_registration(self): rr = RegistrationRequest(operation="register", redirect_uris=["http://example.org/new"], response_types=["code"]) registration_req = rr.to_json() resp = self.provider.registration_endpoint(request=registration_req) regresp = RegistrationResponse().from_json(resp.message) authn = ' '.join(['Bearer', regresp['registration_access_token']]) query = '='.join(['client_id', regresp['client_id']]) resp = self.provider.read_registration(authn, query) assert json.loads(resp.message) == regresp.to_dict()
def test_read_registration(self): rr = RegistrationRequest( operation="register", redirect_uris=["http://example.org/new"], response_types=["code"] ) registration_req = rr.to_json() resp = self.provider.registration_endpoint(request=registration_req) regresp = RegistrationResponse().from_json(resp.message) authn = " ".join(["Bearer", regresp["registration_access_token"]]) query = "=".join(["client_id", regresp["client_id"]]) resp = self.provider.read_registration(authn, query) assert json.loads(resp.message) == regresp.to_dict()
# Add the key to the keyjar if client_secret: _kc = KeyBundle([{"kty": "oct", "key": client_secret, "use": "ver"}, {"kty": "oct", "key": client_secret, "use": "sig"}]) try: _keyjar[client_id].append(_kc) except KeyError: _keyjar[client_id] = [_kc] self.cdb[client_id] = _cinfo _log_info("Client info: %s" % _cinfo) logger.debug("registration_response: %s" % response.to_dict()) return Response(response.to_json(), content="application/json", headers=[("Cache-Control", "no-store")]) def registration_endpoint(self, request, authn=None, **kwargs): return self.l_registration_endpoint(request, authn, **kwargs) def read_registration(self, authn, request, **kwargs): """ Read all information this server has on a client. Authorization is done by using the access token that was return as part of the client registration result. :param authn: The Authorization HTTP header :param request: The query part of the URL