Пример #1
0
def test_complete_secret_auth():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    del consumer.config["password"]

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            sformat="urlencoded")

    resp = consumer.complete()
    print resp
    assert resp.type() == "AccessTokenResponse"
    print resp.keys()
    assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
                             'scope', 'expires_in', 'refresh_token'])

    assert resp["state"] == consumer.state
Пример #2
0
    def setup_consumer(self):
        client_id = "client_1"
        client_config = {
            "client_id": client_id,
            "client_authn_method": CLIENT_AUTHN_METHOD,
            # 'config': {}
        }

        self.consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                                 client_config, SERVER_INFO)
        self.consumer.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
        }
        self.consumer.client_secret = "abcdefghijklmnop"
        self.consumer.keyjar = CLIKEYS
        self.consumer.redirect_uris = ["https://example.com/cb"]
        self.consumer.authorization_endpoint = \
            "http://example.com/authorization"
        self.consumer.token_endpoint = "http://example.com/token"
        self.consumer.userinfo_endpoint = "http://example.com/userinfo"
        self.consumer.client_secret = "hemlig"
        self.consumer.secret_type = "basic"

        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS
        self.consumer.http_request = mfos.http_request
Пример #3
0
    def test_parse_authz(self):
        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS

        self.consumer.http_request = mfos.http_request
        self.consumer.state = "state0"
        self.consumer.nonce = rndstr()
        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(
            state=self.consumer.state, request_args=args)

        print self.consumer.sdb.keys()
        print self.consumer.sdb["state0"].keys()
        part = self.consumer.parse_authz(query=result.headers["location"])
        print part
        atr = part[0]
        assert part[1] is None
        assert part[2] is None

        assert atr.type() == "AuthorizationResponse"
        assert atr["state"] == "state0"
        assert "code" in atr
Пример #4
0
    def test_provider_config(self):
        c = Consumer(None, None)
        mfos = MyFakeOICServer("http://example.com")
        mfos.keyjar = SRVKEYS
        c.http_request = mfos.http_request

        principal = "*****@*****.**"

        res = c.discover(principal)
        info = c.provider_config(res)
        assert isinstance(info, ProviderConfigurationResponse)
        assert _eq(info.keys(), ['registration_endpoint', 'jwks_uri',
                                 'check_session_endpoint',
                                 'refresh_session_endpoint',
                                 'register_endpoint',
                                 'subject_types_supported',
                                 'token_endpoint_auth_methods_supported',
                                 'id_token_signing_alg_values_supported',
                                 'grant_types_supported', 'user_info_endpoint',
                                 'claims_parameter_supported',
                                 'request_parameter_supported',
                                 'discovery_endpoint', 'issuer',
                                 'authorization_endpoint', 'scopes_supported',
                                 'require_request_uri_registration',
                                 'identifiers_supported', 'token_endpoint',
                                 'request_uri_parameter_supported', 'version',
                                 'response_types_supported',
                                 'end_session_endpoint', 'flows_supported'])

        assert info["end_session_endpoint"] == "http://example.com/end_session"
Пример #5
0
    def setup_consumer(self):
        client_id = "client_1"
        client_config = {
            "client_id": client_id,
            "client_authn_method": CLIENT_AUTHN_METHOD,
            # 'config': {}
        }

        self.consumer = Consumer(SessionDB(SERVER_INFO["issuer"]),
                                 CONFIG, client_config, SERVER_INFO)
        self.consumer.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
        self.consumer.client_secret = "abcdefghijklmnop"
        self.consumer.keyjar = CLIKEYS
        self.consumer.redirect_uris = ["https://example.com/cb"]
        self.consumer.authorization_endpoint = \
            "http://example.com/authorization"
        self.consumer.token_endpoint = "http://example.com/token"
        self.consumer.userinfo_endpoint = "http://example.com/userinfo"
        self.consumer.client_secret = "hemlig"
        self.consumer.secret_type = "basic"

        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS
        self.consumer.http_request = mfos.http_request
Пример #6
0
    def test_parse_authz_implicit(self):
        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS

        self.consumer.http_request = mfos.http_request
        self.consumer.config["response_type"] = ["token"]
        _state = "statxxx"
        args = {
            "client_id": self.consumer.client_id,
            "response_type": "implicit",
            "scope": ["openid"],
            "redirect_uri": "http://localhost:8088/cb"
        }

        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)

        part = self.consumer.parse_authz(query=result.headers["location"])
        print part
        assert part[0] is None
        atr = part[1]
        assert part[2] is None

        assert atr.type() == "AccessTokenResponse"
        assert atr["state"] == _state
        assert "access_token" in atr
Пример #7
0
    def test_parse_authz(self):
        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS

        self.consumer.http_request = mfos.http_request
        _state = "state0"
        self.consumer.nonce = rndstr()
        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)

        print self.consumer.sdb["state0"].keys()
        part = self.consumer.parse_authz(query=result.headers["location"])
        print part
        atr = part[0]
        assert part[1] is None
        assert part[2] is None

        assert atr.type() == "AuthorizationResponse"
        assert atr["state"] == _state
        assert "code" in atr
Пример #8
0
def test_userinfo():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.secret_type = "basic"
    consumer.set_client_secret("hemligt")
    consumer.keyjar = CLIKEYS

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state, request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse,
                            info=query,
                            sformat="urlencoded")

    consumer.complete(_state)

    result = consumer.get_user_info(_state)
    print result
    assert result.type() == "OpenIDSchema"
    assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
Пример #9
0
def test_complete_secret_auth():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    del consumer.config["password"]

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            sformat="urlencoded")

    resp = consumer.complete()
    print resp
    assert resp.type() == "AccessTokenResponse"
    print resp.keys()
    assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
                             'scope', 'expires_in', 'refresh_token'])

    assert resp["state"] == consumer.state
Пример #10
0
def test_provider_config():
    c = Consumer(None, None)
    mfos = MyFakeOICServer("http://example.com")
    mfos.keyjar = SRVKEYS
    c.http_request = mfos.http_request

    principal = "*****@*****.**"

    res = c.discover(principal)
    info = c.provider_config(res)
    assert info.type() == "ProviderConfigurationResponse"
    print info.keys()
    assert _eq(info.keys(), [
        'registration_endpoint', 'jwks_uri', 'check_session_endpoint',
        'refresh_session_endpoint', 'register_endpoint',
        'subject_types_supported', 'token_endpoint_auth_methods_supported',
        'id_token_signing_alg_values_supported', 'grant_types_supported',
        'user_info_endpoint', 'claims_parameter_supported',
        'request_parameter_supported', 'discovery_endpoint', 'issuer',
        'authorization_endpoint', 'scopes_supported',
        'require_request_uri_registration', 'identifiers_supported',
        'token_endpoint', 'request_uri_parameter_supported', 'version',
        'response_types_supported', 'end_session_endpoint', 'flows_supported'
    ])

    assert info["end_session_endpoint"] == "http://example.com/end_session"
Пример #11
0
def test_userinfo():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.secret_type = "basic"
    consumer.set_client_secret("hemligt")
    consumer.keyjar = CLIKEYS

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            sformat="urlencoded")

    consumer.complete()

    result = consumer.get_user_info()
    print result
    assert result.type() == "OpenIDSchema"
    assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
Пример #12
0
    def test_parse_authz_implicit(self):
        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS

        self.consumer.http_request = mfos.http_request
        self.consumer.config["response_type"] = ["token"]
        _state = "statxxx"
        args = {
            "client_id": self.consumer.client_id,
            "response_type": "implicit",
            "scope": ["openid"],
            "redirect_uri": "http://localhost:8088/cb"
        }

        result = self.consumer.do_authorization_request(
            state=_state, request_args=args)

        part = self.consumer.parse_authz(query=result.headers["location"])
        print part
        assert part[0] is None
        atr = part[1]
        assert part[2] is None

        assert atr.type() == "AccessTokenResponse"
        assert atr["state"] == _state
        assert "access_token" in atr
Пример #13
0
    def test_discover(self):
        c = Consumer(None, None)
        mfos = MyFakeOICServer("https://*****:*****@example.com"
        res = c.discover(principal)
        assert res == "https://localhost:8088/"
Пример #14
0
    def test_discover(self):
        c = Consumer(None, None)
        mfos = MyFakeOICServer("http://*****:*****@example.com"
        res = c.discover(principal)
        assert res == "http://localhost:8088/"
Пример #15
0
def test_complete_auth_token_idtoken():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["id_token", "token"]
    consumer.registration_response = {
        "id_token_signed_response_alg": "RS256",
    }
    consumer.provider_info = {"issuer": "http://localhost:8088/"}  # abs min
    consumer.authz_req = {}  # Store AuthzReq with state as key

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state, request_args=args)
    # consumer._backup("state0")

    assert result.status_code == 302
    #assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    part = consumer.parse_authz(query=query,
                                algs=consumer.sign_enc_algs("id_token"))
    print part
    auth = part[0]
    atr = part[1]
    assert part[2] is None

    #print auth.dictionary()
    #print acc.dictionary()
    assert auth is None
    assert atr.type() == "AccessTokenResponse"
    assert _eq(atr.keys(), [
        'access_token', 'id_token', 'expires_in', 'token_type', 'state',
        'scope'
    ])

    consumer.verify_id_token(atr["id_token"], consumer.authz_req[atr["state"]])
Пример #16
0
def test_complete_auth_token_idtoken():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["id_token", "token"]
    consumer.registration_response = {
        "id_token_signed_response_alg": "RS256",
    }
    consumer.provider_info = {"issuer": "http://localhost:8088/"}  # abs min
    consumer.authz_req = {}  # Store AuthzReq with state as key

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state,
                                               request_args=args)
    # consumer._backup("state0")

    assert result.status_code == 302
    #assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    part = consumer.parse_authz(query=query,
                                algs=consumer.sign_enc_algs("id_token"))
    print part
    auth = part[0]
    atr = part[1]
    assert part[2] is None


    #print auth.dictionary()
    #print acc.dictionary()
    assert auth is None
    assert atr.type() == "AccessTokenResponse"
    assert _eq(atr.keys(), ['access_token', 'id_token', 'expires_in',
                            'token_type', 'state', 'scope'])

    consumer.verify_id_token(atr["id_token"], consumer.authz_req[atr["state"]])
 def create_client(self):
     self.redirect_uri = "http://example.com/redirect"
     self.client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
     self.client.redirect_uris = [self.redirect_uri]
     self.client.authorization_endpoint = "http://example.com/authorization"
     self.client.token_endpoint = "http://example.com/token"
     self.client.userinfo_endpoint = "http://example.com/userinfo"
     self.client.check_session_endpoint = "https://example.com/check_session"
     self.client.client_secret = "abcdefghijklmnop"
     self.client.keyjar[""] = KC_RSA
     self.client.behaviour = {
         "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
     mfos = MyFakeOICServer()
     mfos.keyjar = KEYJ
     self.client.http_request = mfos.http_request
Пример #18
0
def test_sign_userinfo():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS

    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    mfos.userinfo_signed_response_alg = "RS256"

    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.secret_type = "basic"
    consumer.set_client_secret("hemligt")
    consumer.keyjar = CLIKEYS
    consumer.client_prefs = {"userinfo_signed_response_alg": "RS256"}
    consumer.provider_info = {
        "userinfo_endpoint": "http://localhost:8088/userinfo",
        "issuer": "http://localhost:8088/"}
    del consumer.config["request_method"]

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    sid, location = consumer.begin("openid", "code")
    print location

    result = consumer.do_authorization_request(state=_state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            sformat="urlencoded")

    consumer.complete(_state)

    result = consumer.get_user_info(_state)
    print result
    assert result.type() == "OpenIDSchema"
    assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
Пример #19
0
 def create_client(self):
     self.redirect_uri = "http://example.com/redirect"
     self.client = Client(CLIENT_ID,
                          client_authn_method=CLIENT_AUTHN_METHOD)
     self.client.redirect_uris = [self.redirect_uri]
     self.client.authorization_endpoint = "http://example.com/authorization"
     self.client.token_endpoint = "http://example.com/token"
     self.client.userinfo_endpoint = "http://example.com/userinfo"
     self.client.check_session_endpoint = "https://example.com/check_session"
     self.client.client_secret = "abcdefghijklmnop"
     self.client.keyjar[""] = KC_RSA
     self.client.behaviour = {
         "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
     }
     mfos = MyFakeOICServer()
     mfos.keyjar = KEYJ
     self.client.http_request = mfos.http_request
Пример #20
0
def test_complete_auth_token():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["code", "token"]

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state, request_args=args)
    consumer._backup("state0")

    assert result.status_code == 302
    # assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    part = consumer.parse_authz(query=query)
    print part
    auth = part[0]
    acc = part[1]
    assert part[2] is None

    #print auth.dictionary()
    #print acc.dictionary()
    assert auth.type() == "AuthorizationResponse"
    assert acc.type() == "AccessTokenResponse"
    print auth.keys()
    assert _eq(auth.keys(), [
        'code', 'access_token', 'expires_in', 'token_type', 'state', 'scope',
        'refresh_token'
    ])
    assert _eq(acc.keys(), [
        'token_type', 'state', 'access_token', 'scope', 'expires_in',
        'refresh_token'
    ])
Пример #21
0
def test_client_register():
    c = Consumer(None, None)

    c.application_type = "web"
    c.application_name = "My super service"
    c.redirect_uris = ["http://example.com/authz"]
    c.contact = ["*****@*****.**"]

    mfos = MyFakeOICServer("http://example.com")
    mfos.keyjar = SRVKEYS
    c.http_request = mfos.http_request
    location = c.discover("*****@*****.**")
    info = c.provider_config(location)

    c.register(info["registration_endpoint"])
    assert c.client_id is not None
    assert c.client_secret is not None
    assert c.registration_expires > utc_time_sans_frac()
Пример #22
0
    def test_client_register(self):
        c = Consumer(None, None)

        c.application_type = "web"
        c.application_name = "My super service"
        c.redirect_uris = ["http://example.com/authz"]
        c.contact = ["*****@*****.**"]

        mfos = MyFakeOICServer("http://example.com")
        mfos.keyjar = SRVKEYS
        c.http_request = mfos.http_request
        location = c.discover("*****@*****.**")
        info = c.provider_config(location)

        c.register(info["registration_endpoint"])
        assert c.client_id is not None
        assert c.client_secret is not None
        assert c.registration_expires > utc_time_sans_frac()
Пример #23
0
def test_complete_auth_token():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["code", "token"]
    
    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    consumer._backup("state0")

    assert result.status_code == 302
    #assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    environ = redirect_environment(query)

    part = consumer.parse_authz(environ, start_response)
    print part
    auth = part[0]
    acc = part[1]
    assert part[2] is None

    #print auth.dictionary()
    #print acc.dictionary()
    assert auth.type() == "AuthorizationResponse"
    assert acc.type() == "AccessTokenResponse"
    print auth.keys()
    assert _eq(auth.keys(), ['nonce', 'code', 'access_token', 'expires_in',
                             'token_type', 'state', 'scope', 'refresh_token'])
    assert _eq(acc.keys(), ['token_type', 'state', 'access_token', 'scope',
                            'expires_in', 'refresh_token'])
Пример #24
0
    def test_do_authorization_request(self):
        self.client.grant = {}
        self.client.redirect_uris = ["https://www.example.com/authz"]
        self.client.authorization_endpoint = "http://oic.example.org/authorization"
        self.client.client_id = "a1b2c3"
        self.client.state = "state0"
        mfos = MyFakeOICServer()
        mfos.keyjar = KEYJ
        self.client.http_request = mfos.http_request

        args = {"response_type":["code"],
                "scope": ["openid"]}
        result = self.client.do_authorization_request(state=self.client.state,
                                                      request_args=args)
        assert result.status_code == 302
        _loc = result.headers["location"]
        assert _loc.startswith(self.client.redirect_uris[0])
        _, query = _loc.split("?")

        self.client.parse_response(AuthorizationResponse, info=query,
                                   sformat="urlencoded")
Пример #25
0
    def test_complete(self):
        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS

        self.consumer.http_request = mfos.http_request
        _state = "state0"
        self.consumer.nonce = rndstr()
        self.consumer.redirect_uris = ["https://example.com/cb"]
        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)
        assert result.status_code == 302
        print "redirect_uris", self.consumer.redirect_uris
        print result.headers["location"]

        assert result.headers["location"].startswith(
            self.consumer.redirect_uris[0])
        _, query = result.headers["location"].split("?")

        # vkeys = {".": self.consumer.keyjar.get_verify_key()}

        self.consumer.parse_response(AuthorizationResponse,
                                     info=query,
                                     sformat="urlencoded")

        resp = self.consumer.complete(_state)
        print resp
        assert resp.type() == "AccessTokenResponse"
        print resp.keys()
        assert _eq(resp.keys(), [
            'token_type', 'state', 'access_token', 'scope', 'expires_in',
            'refresh_token'
        ])

        assert resp["state"] == _state
Пример #26
0
    def test_do_authorization_request(self):
        self.client.grant = {}
        self.client.redirect_uris = ["https://www.example.com/authz"]
        self.client.authorization_endpoint = \
            "http://oic.example.org/authorization"
        self.client.client_id = "a1b2c3"
        self.client.state = "state0"
        mfos = MyFakeOICServer()
        mfos.keyjar = KEYJ
        self.client.http_request = mfos.http_request

        args = {"response_type": ["code"], "scope": ["openid"]}
        result = self.client.do_authorization_request(state=self.client.state,
                                                      request_args=args)
        assert result.status_code == 302
        _loc = result.headers["location"]
        assert _loc.startswith(self.client.redirect_uris[0])
        _, query = _loc.split("?")

        self.client.parse_response(AuthorizationResponse,
                                   info=query,
                                   sformat="urlencoded")
Пример #27
0
    def test_complete(self):
        mfos = MyFakeOICServer("http://localhost:8088")
        mfos.keyjar = SRVKEYS

        self.consumer.http_request = mfos.http_request
        self.consumer.state = "state0"
        self.consumer.nonce = rndstr()
        self.consumer.redirect_uris = ["https://example.com/cb"]
        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(
            state=self.consumer.state, request_args=args)
        assert result.status_code == 302
        print "redirect_uris", self.consumer.redirect_uris
        print result.headers["location"]

        assert result.headers["location"].startswith(
            self.consumer.redirect_uris[0])
        _, query = result.headers["location"].split("?")

        #vkeys = {".": self.consumer.keyjar.get_verify_key()}

        self.consumer.parse_response(AuthorizationResponse, info=query,
                                     sformat="urlencoded")

        resp = self.consumer.complete()
        print resp
        assert resp.type() == "AccessTokenResponse"
        print resp.keys()
        assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
                                 'scope', 'expires_in', 'refresh_token'])

        assert resp["state"] == self.consumer.state
Пример #28
0
def test_provider_config():
    c = Consumer(None, None)
    mfos = MyFakeOICServer("http://example.com")
    mfos.keyjar = SRVKEYS
    c.http_request = mfos.http_request

    principal = "*****@*****.**"

    res = c.discover(principal)
    info = c.provider_config(res)
    assert info.type() == "ProviderConfigurationResponse"
    print info.keys()
    assert _eq(info.keys(), ['registration_endpoint', u'check_session_endpoint',
                             u'refresh_session_endpoint', 'scopes_supported',
                             'subject_types_supported',
                             'token_endpoint_auth_methods_supported',
                             'id_token_signing_alg_values_supported',
                             u'flows_supported', 'version',
                             u'identifiers_supported', u'user_info_endpoint',
                             'response_types_supported', 'end_session_endpoint',
                             'authorization_endpoint', u'discovery_endpoint',
                             'token_endpoint', 'x509_url', 'issuer'])

    assert info["end_session_endpoint"] == "http://example.com/end_session"
Пример #29
0
from oic.oic.consumer import Consumer
from oic.utils.keyio import KeyChain, KeyJar

__author__ = 'rohe0002'
from fakeoicsrv import MyFakeOICServer

CLIENT_SECRET = "abcdefghijklmnop"
CLIENT_ID = "client_1"

RSAPUB = "../oc3/certs/mycert.key"

KC_HMAC_VS = KeyChain({"hmac": CLIENT_SECRET}, usage=["ver", "sig"])
KC_RSA = KeyChain(source="file://%s" % RSAPUB, type="rsa", usage=["ver", "sig"])
KC_HMAC_S = KeyChain({"hmac": CLIENT_SECRET}, usage=["sig"])

SRVKEYS = KeyJar()
SRVKEYS[""] = [KC_RSA]
SRVKEYS["client_1"] = [KC_HMAC_VS, KC_RSA]

c = Consumer(None, None)
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request

principal = "*****@*****.**"

res = c.discover(principal)
info = c.provider_config(res)
assert info.type() == "ProviderConfigurationResponse"