def test_http_error(self):
tokenRequest = util.setup_expected_client_cred_token_request_response(403)
with self.assertRaisesRegexp(Exception, "403"):
adal.acquire_token_with_client_credentials(
cp["authUrl"], cp["clientId"], cp["clientSecret"], cp["resource"]
)
def test_http_error(self):
tokenRequest = util.setup_expected_client_cred_token_request_response(
403)
with self.assertRaisesRegexp(Exception, '403'):
adal.acquire_token_with_client_credentials(cp['authUrl'],
cp['clientId'],
cp['clientSecret'],
cp['resource'])
def test_success_with_junk_return(self):
junkResponse = "This is not properly formated return value."
tokenRequest = util.setup_expected_client_cred_token_request_response(200, junkResponse)
with self.assertRaises(Exception):
adal.acquire_token_with_client_credentials(
cp["authUrl"], cp["clientId"], cp["clientSecret"], cp["resource"]
)
def test_error_with_junk_return(self):
junkResponse = 'This is not properly formated return value.'
tokenRequest = util.setup_expected_client_cred_token_request_response(
400, junkResponse)
with self.assertRaises(Exception):
adal.acquire_token_with_client_credentials(cp['authUrl'],
cp['clientId'],
cp['clientSecret'],
cp['resource'])
def test_oauth_error(self):
errorResponse = {
"error": "invalid_client",
"error_description": "This is a test error description",
"error_uri": "http://errordescription.com/invalid_client.html",
}
tokenRequest = util.setup_expected_client_cred_token_request_response(400, errorResponse)
with self.assertRaisesRegexp(Exception, "Get Token request returned http error: 400 and server response:"):
adal.acquire_token_with_client_credentials(
cp["authUrl"], cp["clientId"], cp["clientSecret"], cp["resource"]
)
def test_validation_error(self):
returnDoc = { 'error' : 'invalid_instance', 'error_description' : 'the instance was invalid' }
util.setup_expected_instance_discovery_request(400, cp['authorityHosts']['global'], returnDoc, self.nonHardCodedAuthorizeEndpoint)
with self.assertRaisesRegexp(Exception, 'instance was invalid'):
token_response = adal.acquire_token_with_client_credentials(
self.nonHardCodedAuthority, cp['clientId'], cp['clientSecret'], cp['resource'])
async def test_connection(request):
response = await request.read()
data = json.loads(response.decode())
connection_data = data["data"]
connection_id = data["id"]
tenant_id = connection_data["tenantId"]
client_id = connection_data["clientId"]
client_secret = connection_data["clientSecret"]
try:
logging.error("Getting token for tenant %s and client id %s..." % (tenant_id, client_id))
token_response = adal.acquire_token_with_client_credentials(
"https://login.microsoftonline.com/%s" % tenant_id,
client_id,
client_secret)
logging.info("Access token acquired")
response = await aiohttp.patch("%s/connections/%s" % (api, connection_id),
data={"verified": "true"})
except Exception as ex:
logging.error("Error getting token: %s" % ex)
response = await aiohttp.patch("%s/connections/%s" % (api, connection_id),
data={"verified": "false", "verificationError": ex})
return web.Response(body=b"{}")
def get_token_from_client_credentials(authority, client_id, secret):
import adal
token_response = adal.acquire_token_with_client_credentials(
authority,
client_id,
secret,
)
return token_response.get('accessToken')
def get_credentials_from_client_credentials(authority, client_id, secret):
import adal
token_response = adal.acquire_token_with_client_credentials(
authority,
client_id,
secret,
)
return token_response.get('accessToken')
def test_oauth_error(self):
errorResponse = {
'error': 'invalid_client',
'error_description': 'This is a test error description',
'error_uri': 'http://errordescription.com/invalid_client.html'
}
tokenRequest = util.setup_expected_client_cred_token_request_response(
400, errorResponse)
with self.assertRaisesRegexp(
Exception,
'Get Token request returned http error: 400 and server response:'
):
adal.acquire_token_with_client_credentials(cp['authUrl'],
cp['clientId'],
cp['clientSecret'],
cp['resource'])
def test_happy_path(self):
response_options = {"noRefresh": True}
response = util.create_response(response_options)
token_request = util.setup_expected_client_cred_token_request_response(200, response["wireResponse"])
token_response = adal.acquire_token_with_client_credentials(
cp["authUrl"], cp["clientId"], cp["clientSecret"], response["resource"]
)
self.assertTrue(
util.is_match_token_response(response["cachedResponse"], token_response),
"The response does not match what was expected.: " + str(token_response),
)
def GetAzureAccessHeaders():
authority = 'https://login.microsoftonline.com/' + os.environ['AZURE_TENANT_ID']
client_id = os.environ['AZURE_CLIENT_ID']
client_secret = os.environ['AZURE_APPKEY']
token_response = adal.acquire_token_with_client_credentials(
authority,
client_id,
client_secret
)
access_token = token_response.get('accessToken')
headers = {"Authorization": 'Bearer ' + access_token}
return headers
def test_happy_path(self):
response_options = {'noRefresh': True}
response = util.create_response(response_options)
token_request = util.setup_expected_client_cred_token_request_response(
200, response['wireResponse'])
token_response = adal.acquire_token_with_client_credentials(
cp['authUrl'], cp['clientId'], cp['clientSecret'],
response['resource'])
self.assertTrue(
util.is_match_token_response(response['cachedResponse'],
token_response),
'The response does not match what was expected.: ' +
str(token_response))
def performStaticInstanceDiscovery(self, authorityHost, callback):
hardCodedAuthority = 'https://' + authorityHost + '/' + cp['tenant']
responseOptions = {
'authority' : hardCodedAuthority
}
response = util.create_response(responseOptions)
wireResponse = response['wireResponse']
tokenRequest = util.setup_expected_client_cred_token_request_response(200, wireResponse, hardCodedAuthority)
token_response = adal.acquire_token_with_client_credentials(
hardCodedAuthority, cp['clientId'], cp['clientSecret'], response['resource'])
self.assertTrue(
util.is_match_token_response(response['cachedResponse'], token_response),
'The response does not match what was expected.: ' + str(token_response)
)
def get_data(self, external_id):
import httplib, urllib, base64, adal, os, json, pprint, time
LOG.debug('Invoke get_data')
url = self.baseUrlAuth + self.tenantId
azureResource = self.baseUrlGraph
LOG.debug('AuthUrl: ' + url)
try:
authresp = adal.acquire_token_with_client_credentials(url,self.clientId,self.clientKey,azureResource)
token=authresp.get('accessToken')
except Exception as e:
raise Exception("Can't fetch authentication token from: "+ url)
headers = {"Authorization": 'Bearer ' + token}
params = urllib.urlencode({
'api-version': '1.6'
})
try:
conn = httplib.HTTPSConnection(self.baseUrlGraph.replace("https://","").rstrip("/"))
conn.request("GET", self.baseUrlGraph + "myorganization/users/"+external_id+"?%s" % params, "", headers)
response = conn.getresponse()
data = json.load(response)
conn.close()
except Exception as e:
print(e)
attributes = [ ]
roles = self._get_roles(data, token, external_id)
# On Demand provisioning of the user
oid = self.get_oid(external_id)
self.provision_user(oid, external_id)
return {
'username': oid,
'first_name': data['givenName'],
'last_name': data['surname'],
'roles': roles,
'attributes': attributes
}
def test_success_dynamic_instance_discovery(self):
instanceDiscoveryRequest = util.setup_expected_instance_discovery_request(
200,
cp['authorityHosts']['global'],
{'tenant_discovery_endpoint' : 'http://foobar'},
self.nonHardCodedAuthorizeEndpoint
)
responseOptions = { 'authority' : self.nonHardCodedAuthority}
response = util.create_response(responseOptions)
wireResponse = response['wireResponse']
util.setup_expected_client_cred_token_request_response(200, wireResponse, self.nonHardCodedAuthority)
token_response = adal.acquire_token_with_client_credentials(
self.nonHardCodedAuthority, cp['clientId'], cp['clientSecret'], response['resource'])
self.assertTrue(
util.is_match_token_response(response['cachedResponse'], token_response),
'The response does not match what was expected.: ' + str(token_response)
)
from time import sleep, ctime
import sys
test_passed = True
appName = 'azureTesting'
authority = 'https://login.microsoftonline.com/' + os.environ['AZURE_TENANT_ID']
client_id = os.environ['AZURE_CLIENT_ID']
client_secret = os.environ['AZURE_APPKEY']
subscription_id = os.environ['AZURE_SUBSCRIPTION_ID']
clouddriver_host = 'http://localhost:7002'
azure_creds = os.getenv('AZURE_CREDENTIALS', 'azure-cred1')
token_response = adal.acquire_token_with_client_credentials(
authority,
client_id,
client_secret
)
access_token = token_response.get('accessToken')
headers = {"Authorization": 'Bearer ' + access_token}
security_group_endpoint = 'https://management.azure.com/subscriptions/' + subscription_id + '/resourceGroups/' + appName + '-westus/providers/Microsoft.Network/networkSecurityGroups/' + appName + '-st1-d1?api-version=2015-05-01-preview'
deployment_endpoint = 'https://management.azure.com/subscriptions/' + subscription_id + '/resourceGroups/' + appName + '-westus/providers/microsoft.resources/deployments/' + appName + '-st1-d1-deployment?api-version=2015-11-01'
print ctime(), ' - Check for existing security group'
sys.stdout.flush()
r = requests.get(security_group_endpoint, headers=headers)
#the next line will fail if there is not 'error' as the first element.
#this should pass if the security group has not been created yet
def test_acquire_token_with_client_creds(self):
token_response = adal.acquire_token_with_client_credentials(
client_cred_params['authority'], client_cred_params['client_id'],
client_cred_params['secret'])
self.validate_token_response_client_credentials(token_response)
def test_acquire_token_with_client_creds(self):
token_response = adal.acquire_token_with_client_credentials(
client_cred_params['authority'],
client_cred_params['client_id'],
client_cred_params['secret'])
self.validate_token_response_client_credentials(token_response)
def test_http_error(self):
util.setup_expected_instance_discovery_request(500, cp['authorityHosts']['global'], None, self.nonHardCodedAuthorizeEndpoint)
with self.assertRaisesRegexp(Exception, '500'):
token_response = adal.acquire_token_with_client_credentials(
self.nonHardCodedAuthority, cp['clientId'], cp['clientSecret'], cp['resource'])
def get_access_token(tenant_id, application_id, application_secret):
token_response = adal.acquire_token_with_client_credentials(
authentication_endpoint + tenant_id, application_id,
application_secret)
return token_response.get('accessToken')
