def test_register_site_command(): # preset register client command response c = Client(config_location) c.oxd_id = None assert_is_none(c.oxd_id) c.register_site() assert_is_not_none(c.oxd_id)
def oxd_login(): if current_user.is_authenticated: return redirect(url_for("index.home")) config = current_app.config["OXD_CLIENT_CONFIG_FILE"] if not os.path.exists(config): flash("Unable to locate oxd client config file.".format(config), "warning") return redirect(url_for("index.home")) oxc = Client(config) try: auth_url = oxc.get_authorization_url() except OxdServerError as exc: print exc # TODO: use logging flash("Failed to process the request due to error in OXD server.", "warning") except socket.error as exc: print exc # TODO: use logging flash("Unable to connect to OXD server.", "warning") else: return redirect(auth_url) return redirect(url_for("index.home"))
def test_get_tokens_raises_error_if_response_has_error(mock_send): c = Client(config_location) mock_send.return_value.status = "error" mock_send.return_value.data.error = "MockError" mock_send.return_value.data.error_description = "No Tokens in Mock" with assert_raises(RuntimeError): c.get_tokens_by_code("code", "state")
def test_get_user_info_raises_error_on_oxd_error(mock_send): c = Client(config_location) mock_send.return_value.status = "error" mock_send.return_value.data.error = "MockError" mock_send.return_value.data.error_description = "No Claims for mock" with assert_raises(RuntimeError): c.get_user_info("some_token")
def test_logout_raises_error_when_oxd_return_error(mock_send): c = Client(config_location) mock_send.return_value.status = "error" mock_send.return_value.data.error = "MockError" mock_send.return_value.data.error_description = "Logout Mock Error" with assert_raises(RuntimeError): c.get_logout_uri()
def test_uma_rp_get_gat(): c = Client(uma_config) scopes = [ "http://photoz.example.com/dev/actions/view", "http://photoz.example.com/dev/actions/add" ] gat = c.uma_rp_get_gat(scopes) assert_is_instance(gat, str)
def test_get_user_info(mock_send): c = Client(config_location) mock_send.return_value.status = "ok" mock_send.return_value.data.claims = {"name": "mocky"} token = "tokken" command = {"command": "get_user_info", "params": {"oxd_id": c.oxd_id, "access_token": token}} claims = c.get_user_info(token) mock_send.assert_called_with(command) assert_equal(claims, {"name": "mocky"})
def oxd_login_callback(): """Callback for OXD authorization_callback. """ config = current_app.config["OXD_CLIENT_CONFIG_FILE"] oxc = Client(config) code = request.args.get('code') state = request.args.get('state') try: # these following API calls may raise RuntimeError caused by internal # error in oxd server. tokens = oxc.get_tokens_by_code(code, state) resp = oxc.get_user_info(tokens["access_token"]) # ``user_name`` item is in ``user_name`` scope, hence # accessing this attribute may raise KeyError username = resp["user_name"][0] # ``role`` item is in ``permission`` scope, hence # accessing this attribute may raise KeyError role = '' if 'role' in resp: role = resp["role"][0].strip("[]") # disallow role other than ``cluster_manager`` if username == 'admin' or role == "cluster_manager": user = User(username, "") login_user(user) return redirect(url_for("index.home")) else: flash("Invalid user's role.", "warning") except KeyError as exc: print exc # TODO: use logging if exc.message == "user_name": msg = "user_name scope is not enabled in OIDC client" elif exc.message == "role": msg = "permission scope is not enabled in OIDC client " \ "or missing role attribute in user's info" flash(msg, "warning") except OxdServerError as exc: print exc # TODO: use logging flash("Failed to process the request due to error in OXD server.", "warning") except socket.error as exc: print exc # TODO: use logging flash("Unable to connect to OXD server.", "warning") logout_user() logout_resp = make_response(render_template("invalid_login.html")) logout_resp.set_cookie('sub', 'null', expires=0) logout_resp.set_cookie('JSESSIONID', 'null', expires=0) logout_resp.set_cookie('session_state', 'null', expires=0) logout_resp.set_cookie('session_id', 'null', expires=0) return logout() return render_template('invalid_login.html')
def test_get_tokens_by_code(mock_send): c = Client(config_location) mock_send.return_value.status = "ok" mock_send.return_value.data = "mock-token" code = "code" state = "state" command = {"command": "get_tokens_by_code", "params": {"oxd_id": c.oxd_id, "code": code, "state": state}} token = c.get_tokens_by_code(code, state) mock_send.assert_called_with(command) assert_equal(token, "mock-token")
def test_uma_rs_protect(): c = Client(uma_config) resources = [ { "path": "/photo", "conditions": [{"httpMethods": ["GET"], "scopes": ["http://photoz.example.com/dev/actions/view"]}], } ] assert_true(c.uma_rs_protect(resources))
def test_uma_rs_protect(): c = Client(uma_config) resources = [{ "path": "/photo", "conditions": [{ "httpMethods": ["GET"], "scopes": ["http://photoz.example.com/dev/actions/view"] }] }] assert_true(c.uma_rs_protect(resources))
def test_get_user_info(mock_send): c = Client(config_location) mock_send.return_value.status = "ok" mock_send.return_value.data.claims = {"name": "mocky"} token = "tokken" command = {"command": "get_user_info", "params": { "oxd_id": c.oxd_id, "access_token": token }} claims = c.get_user_info(token) mock_send.assert_called_with(command) assert_equal(claims, {"name": "mocky"})
def test_get_tokens_by_code_by_url(mock_send): c = Client(config_location) mock_send.return_value.status = "ok" mock_send.return_value.data.access_token = "mock-token" url = "https://client.example.com/callback#state=demo123&code=d1e2m3o4"\ "&scopes=openid%20profile" command = {"command": "get_tokens_by_code", "params": { "oxd_id": c.oxd_id, "url": url }} access_token = c.get_tokens_by_code_by_url(url) mock_send.assert_called_with(command) assert_equal(access_token, "mock-token")
def test_get_tokens_by_code(mock_send): c = Client(config_location) mock_send.return_value.status = "ok" mock_send.return_value.data = "mock-token" code = "code" state = "state" command = { "command": "get_tokens_by_code", "params": { "oxd_id": c.oxd_id, "code": code, "state": state } } token = c.get_tokens_by_code(code, state) mock_send.assert_called_with(command) assert_equal(token, "mock-token")
def test_initializes_with_config(): c = Client(config_location) assert_equal(c.config.get('oxd', 'port'), '8099') assert_is_instance(c.msgr, Messenger) assert_equal(c.application_type, "web") assert_equal(c.authorization_redirect_uri, "https://client.example.com/callback") assert_is_instance(c.oxd_id, str)
def test_logout(mock_send): c = Client(config_location) mock_send.return_value.status = "ok" mock_send.return_value.data.uri = "https://example.com/end_session" params = {"oxd_id": c.oxd_id} command = {"command": "get_logout_uri", "params": params} # called with no optional params uri = c.get_logout_uri() mock_send.assert_called_with(command) # called with OPTIONAL id_token_hint uri = c.get_logout_uri("some_id") command["params"]["id_token_hint"] = "some_id" mock_send.assert_called_with(command) assert_equal(uri, "https://example.com/end_session") # called wiht OPTIONAL id_token_hint + post_logout_redirect_uri uri = c.get_logout_uri("some_id", "https://some.site/logout") command["params"]["post_logout_redirect_uri"] = "https://some.site/logout" mock_send.assert_called_with(command) # called wiht OPTIONAL id_token_hint + post_logout_redirect_uri + state uri = c.get_logout_uri("some_id", "https://some.site/logout", "some-s") command["params"]["state"] = "some-s" mock_send.assert_called_with(command) # called wiht OPTIONAL id_token_hint + post_logout_redirect_uri uri = c.get_logout_uri("some_id", "https://some.site/logout", "some-s", "some-ss") command["params"]["session_state"] = "some-ss" mock_send.assert_called_with(command)
def teardown_package(): this_dir = os.path.dirname(os.path.realpath(__file__)) configs = [ os.path.join(this_dir, 'data', 'initial.cfg'), os.path.join(this_dir, 'data', 'umaclient.cfg') ] for config in configs: c = Client(config) c.config.set('oxd', 'id', '')
def test_get_auth_url_accepts_optional_params(): c = Client(config_location) # acr values auth_url = c.get_authorization_url(["basic", "gplus"]) assert_in('basic', auth_url) assert_in('gplus', auth_url) # prompt auth_url = c.get_authorization_url(["basic"], "login") assert_in('basic', auth_url) assert_in('prompt', auth_url) # scope auth_url = c.get_authorization_url(["basic"], None, ["openid", "profile", "email"]) assert_in('openid', auth_url) assert_in('profile', auth_url) assert_in('email', auth_url)
def test_openid_commands(config_file): """function that runs the commands in a interactive manner :param config_file: config file location """ c = Client(config_file) print "\n=> Registering client using register_site()" oxd_id = c.register_site() logging.info("Received: %s", oxd_id) print "\n=> Update site registration" updated = c.update_site() c.config.set("client", "scope", "openid,profile") logging.info("Received: %s", updated) print "\n=> Getting auth URL" auth_url = c.get_authorization_url() print "Visit this URL in your browser: ", auth_url logging.info("Received: %s", auth_url) print "\n=> Getting tokens by code" callback_url = raw_input("Enter redirected URL to parse tokens: ") parsed = urlparse.urlparse(callback_url) params = urlparse.parse_qs(parsed.query) tokens = c.get_tokens_by_code(params['code'][0], params['state'][0]) logging.info("Received: %s", tokens) print "\n=> Getting user info" claims = c.get_user_info(tokens['access_token']) logging.info("Received: %s", claims) print "\n=> Getting new access token using refresh token" new_token = c.get_access_token_by_refresh_token(tokens["refresh_token"]) logging.info("Received: %s", new_token) print "\n=> Getting Logout URI" logout_uri = c.get_logout_uri() logging.info("Received: %s", logout_uri) print "Visit this URL to logout: ", logout_uri print "\n=> Remove Site" oxd_id = c.remove_site() logging.info("Received: %s", oxd_id)
def test_get_tokens_raises_error_for_invalid_args(): c = Client(config_location) # Empty code should raise error with assert_raises(RuntimeError): c.get_tokens_by_code("", ["openid"], "state") # Empty list for scopes should raise error with assert_raises(RuntimeError): c.get_tokens_by_code("code", [], "state") # raise error when scopes is not a list with assert_raises(RuntimeError): c.get_tokens_by_code("code", "openid", "state")
def logout(): logout_user() if os.path.exists(current_app.config["OXD_CLIENT_CONFIG_FILE"]): config = current_app.config["OXD_CLIENT_CONFIG_FILE"] oxc = Client(config) # If site is not registered, first register it if not oxc.config.get('oxd', 'id'): oxc.register_site() logout_url = oxc.get_logout_uri() return redirect(logout_url) pw_file = os.path.join(current_app.config['DATA_DIR'], '.pw') if os.path.exists(pw_file): os.remove(pw_file) return redirect(url_for("auth.login"))
def test_get_auth_url_accepts_optional_params(): c = Client(config_location) # acr values auth_url = c.get_authorization_url(["basic", "gplus"]) assert_in("basic", auth_url) assert_in("gplus", auth_url) # prompt auth_url = c.get_authorization_url(["basic"], "login") assert_in("basic", auth_url) assert_in("prompt", auth_url) # scope auth_url = c.get_authorization_url(["basic"], None, ["openid", "profile", "email"]) assert_in("openid", auth_url) assert_in("profile", auth_url) assert_in("email", auth_url) # hd auth_url = c.get_authorization_url(None, None, None, "https://test.com") assert_in("https://test.com", auth_url) assert_in("hd", auth_url)
def test_setup_client(config_file): c = Client(config_file) print "\n=> Setup Client" response = c.setup_client() logging.info("Received: %s", response) print "\n=> Get Client Token" # Set auto_update to False to prevent launching of new thread. auto_update # is helpful for long running apps, but unnecessary for this test script token = c.get_client_token(auto_update=False) logging.info("Received: %s", token) print "\n=> Introspect Access Token" introspection = c.introspect_access_token(token['access_token']) logging.info("Received: %s", introspection) print "\n=> Remove Site" oxd_id = c.remove_site() logging.info("Received: %s", oxd_id)
def test_uma_rp_authorize_rpt_throws_errors(): c = Client(uma_config) rpt = 'invalid_rpt' ticket = 'invalid_ticket' response = c.uma_rp_authorize_rpt(rpt, ticket) assert_equal(response.status, 'error')
def test_uma_rp_authorize_rpt(): c = Client(uma_config) rpt = 'dummy_rpt' ticket = 'dummy_ticket' status = c.uma_rp_authorize_rpt(rpt, ticket) assert_true(status)
def test_get_authorization_url(): c = Client(config_location) auth_url = c.get_authorization_url() assert_in('callback', auth_url)
def test_update_site_registration(): c = Client(config_location) c.config.set("client", "post_logout_redirect_uri", "https://client.example.com/") status = c.update_site_registration() assert_true(status)
def test_uma_rp_get_gat(): c = Client(uma_config) scopes = ["http://photoz.example.com/dev/actions/view", "http://photoz.example.com/dev/actions/add"] gat = c.uma_rp_get_gat(scopes) assert_is_instance(gat, str)
def test_get_user_info_raises_erro_on_invalid_args(): c = Client(config_location) # Empty code should raise error with assert_raises(RuntimeError): c.get_user_info("")
def test_register_raises_runtime_error_for_oxd_error_response(): config = os.path.join(this_dir, "data", "no_oxdid.cfg") c = Client(config) with assert_raises(RuntimeError): c.register_site()
def test_get_auth_url_accepts_acrvalues_as_optional_params(): c = Client(config_location) auth_url = c.get_authorization_url(["basic", "gplus"]) assert_in('basic', auth_url) assert_in('gplus', auth_url)
def test_get_authorization_url(): c = Client(config_location) auth_url = c.get_authorization_url() assert_in("callback", auth_url)
def test_get_authorization_url_works_wihtout_explicit_site_registration(): c = Client(config_location) c.oxd_id = None # assume the client isn't registered auth_url = c.get_authorization_url() assert_in("callback", auth_url)
def test_uma_rp_get_rpt_force_new(): c = Client(uma_config) c.register_site() rpt2 = c.uma_rp_get_rpt(True) assert_is_instance(rpt2, str)
def test_uma_rp_get_rpt(): c = Client(uma_config) c.register_site() rpt = c.uma_rp_get_rpt() assert_is_instance(rpt, str)
def test_uma_rp_authorize_rpt_throws_errors(): c = Client(uma_config) rpt = "invalid_rpt" ticket = "invalid_ticket" response = c.uma_rp_authorize_rpt(rpt, ticket) assert_equal(response.status, "error")
def test_register_raises_runtime_error_for_oxd_error_response(): config = os.path.join(this_dir, 'data', 'no_oxdid.cfg') c = Client(config) with assert_raises(RuntimeError): c.register_site()
def test_uma_rp_authorize_rpt(): c = Client(uma_config) rpt = "dummy_rpt" ticket = "dummy_ticket" status = c.uma_rp_authorize_rpt(rpt, ticket) assert_true(status)
def test_get_authorization_url_works_wihtout_explicit_site_registration(): c = Client(config_location) c.oxd_id = None # assume the client isn't registered auth_url = c.get_authorization_url() assert_in('callback', auth_url)
def test_update_site_registration(): c = Client(config_location) c.config.set('client', 'post_logout_redirect_uri', 'https://client.example.com/') status = c.update_site_registration() assert_true(status)
def run_commands(config): """function that runs the commands for UMA RS app context :param config: config file location :return: None """ c = Client(config) print "\n=> Setup client" oxd_id = c.setup_client() logging.info("Received: %s", oxd_id) print "\n=> Get Client Token" tokens = c.get_client_token(auto_update=False) logging.info("Received: %s", tokens) print "\n=> Protecting Resource: " rset = ResourceSet() r = rset.add("/photoz") r.set_scope("GET", "https://photoz.example.com/uma/scope/view") print rset protected = c.uma_rs_protect(rset.dump()) logging.info("Received: %s", protected) print "\n=> Checking Access for URL /photoz, with method GET" access_status = c.uma_rs_check_access(rpt=None, path='/photoz', http_method='GET') print "\n=> Checking Access Response:", access_status logging.info('Received: %s', access_status) print "\n=> Get RPT (Need Info Error)" need_info = c.uma_rp_get_rpt(ticket=access_status['ticket']) logging.info('Received: %s', need_info) print "\n=> Get Claims Gathering Url" claims_url = c.uma_rp_get_claims_gathering_url( ticket=need_info['details']['ticket']) print "Visit this URL in your browser: ", claims_url logging.info('Received: %s', claims_url) print "\n=> Get RPT" callback_url = raw_input( "Enter redirected URL to parse ticket and state: ") parsed = urlparse.urlparse(callback_url) params = urlparse.parse_qs(parsed.query) rpt_resp = c.uma_rp_get_rpt(ticket=params['ticket'][0], state=params['state'][0]) logging.info("Received: %s", rpt_resp) print "\n=> Introspect RPT" introspection = c.introspect_rpt(rpt=rpt_resp['access_token']) logging.info('Received: %s', introspection) print "\n=> Checking Access for URL /photoz, with RPT and method GET" access = c.uma_rs_check_access(rpt=rpt_resp['access_token'], path='/photoz', http_method='GET') print "\n=> Checking Access Response:", access logging.info('Received: %s', access) print "\n=> Protecting Resource with Scope_expression" rset = ResourceSet() r = rset.add("/photo") scope_expr = { "rule": { "and": [{ "or": [{ "var": 0 }, { "var": 1 }] }, { "var": 2 }] }, "data": [ "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "http://photoz.example.com/dev/actions/internalClient" ] } r.set_expression("GET", scope_expr) print rset protected = c.uma_rs_protect(rset.dump()) logging.info("Received: %s", protected) print "\n=> Checking Access for URL /photo, with scope_expression" access_status = c.uma_rs_check_access(rpt=None, path='/photo', http_method='GET') print "\n=> Checking Access Response:", access_status logging.info('Received: %s', access_status)