def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# Those that use seed wants bytes but I can only store str.
# seed
_seed = kwargs.get("seed") or rndstr(32)
self.seed = as_bytes(_seed)
def test_setup_auth_session_revoked(self):
request = AuthorizationRequest(
client_id="client_id",
redirect_uri="https://rp.example.com/cb",
response_type=["id_token"],
state="state",
nonce="nonce",
scope="openid",
)
redirect_uri = request["redirect_uri"]
cinfo = {
"client_id": "client_id",
"redirect_uris": [("https://rp.example.com/cb", {})],
"id_token_signed_response_alg": "RS256",
}
_ec = self.endpoint.server_get("endpoint_context")
session_id = self._create_session(request)
item = _ec.authn_broker.db["anon"]
item["method"].user = b64e(as_bytes(json.dumps({"uid": "krall", "sid": session_id})))
grant = _ec.session_manager[session_id]
grant.revoked = True
res = self.endpoint.setup_auth(request, redirect_uri, cinfo, None)
assert set(res.keys()) == {"args", "function"}
def basic_authn(authn):
if not authn.startswith("Basic "):
raise AuthnFailure("Wrong type of authorization token")
(_id,
_secret) = as_unicode(base64.b64decode(as_bytes(authn[6:]))).split(":")
return {'id': _id, 'secret': _secret}
def service_endpoint(self, name, **kwargs):
logger.info(kwargs)
logger.info('At the {} endpoint'.format(name))
endpoint = self.endpoint_context.endpoint[name]
try:
authn = cherrypy.request.headers['Authorization']
except KeyError:
pr_args = {}
else:
pr_args = {'auth': authn}
if endpoint.request_placement == 'body':
if cherrypy.request.process_request_body is True:
_request = cherrypy.request.body.read()
else:
raise cherrypy.HTTPError(400, 'Missing HTTP body')
if not _request:
_request = kwargs
req_args = endpoint.parse_request(_request, **pr_args)
else:
req_args = endpoint.parse_request(kwargs, **pr_args)
logger.info('request: {}'.format(req_args))
if isinstance(req_args, ResponseMessage) and 'error' in req_args:
return as_bytes(req_args.to_json())
try:
if cherrypy.request.cookie:
args = endpoint.process_request(req_args,
cookie=cherrypy.request.cookie)
else:
args = endpoint.process_request(req_args)
except Exception:
message = traceback.format_exception(*sys.exc_info())
cherrypy.response.headers['Content-Type'] = 'text/html'
return as_bytes(json.dumps({'error': 'server_error',
'error_description': message},
sort_keys=True, indent=4))
if 'http_response' in args:
return as_bytes(args['http_response'])
return self.do_response(endpoint, req_args, **args)
def generate_request_uris(self, path):
"""
Need to generate a redirect_uri path that is unique for a OP/RP combo
This is to counter the mix-up attack.
:param path: Leading path
:return: A list of one unique URL
"""
_hash = hashlib.sha256()
try:
_hash.update(as_bytes(self.provider_info['issuer']))
except KeyError:
_hash.update(as_bytes(self.issuer))
_hash.update(as_bytes(self.base_url))
if not path.startswith('/'):
return ['{}/{}/{}'.format(self.base_url, path, _hash.hexdigest())]
return ['{}{}/{}'.format(self.base_url, path, _hash.hexdigest())]