Пример #1
0
    def test_authenticated(self):
        _session_db = {}
        cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
                        server_info=SERVER_INFO, **CONSUMER_CONFIG)

        sid, location = cons.begin("http://localhost:8087",
                                   "http://localhost:8088/authorization")

        resp = self.provider.authorization_endpoint(urlparse(location).query)
        assert resp.status == "303 See Other"
        resp = urlparse(resp.message).query
        with LogCapture(level=logging.DEBUG) as logcap:
            aresp = cons.handle_authorization_response(query=resp)

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['state', 'code', 'client_id', 'iss'])
        assert _eq(cons.grant[sid].keys(), ['tokens', 'code', 'exp_in',
                                            'seed', 'id_token',
                                            'grant_expiration_time'])

        state = aresp['state']
        assert _eq(logcap.records[0].msg, '- authorization - code flow -')
        assert logcap.records[1].msg in expected_outcome(
            'QUERY: ', ['state={}'.format(state), 'code=<REDACTED>',
                        'client_id=client1',
                        'iss=https%3A%2F%2Fexample.com%2Fas'])
        expected = {'iss': 'https://example.com/as',
                    'state': state, 'code': '<REDACTED>',
                    'client_id': 'client1'}
        # Eval here to avoid intermittent failures due to dict ordering
        assert _eq(eval(logcap.records[2].msg[29:-1]), expected)
        expected = ["'client_id': 'client1'", "'iss': 'https://example.com/as'",
                    "'keyjar': <KeyJar(issuers=[])>"]
        assert _eq(sorted(logcap.records[3].msg[22:-1].split(', ')), expected)
Пример #2
0
    def test_authenticated_token(self):
        _state, location = self.cons.begin("openid", response_type="token",
                                           path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=urlparse(location).query)
        parsed = parse_qs(urlparse(resp.message).fragment)
        assert parsed["token_type"][0] == "Bearer"
        assert "access_token" in parsed
Пример #3
0
    def checkRoundtrips(self, url, parsed, split):
        result = urllib_parse.urlparse(url)
        self.assertEqual(result, parsed)
        t = (result.scheme, result.netloc, result.path,
             result.params, result.query, result.fragment)
        self.assertEqual(t, parsed)
        # put it back together and it should be the same
        result2 = urllib_parse.urlunparse(result)
        self.assertEqual(result2, url)
        self.assertEqual(result2, result.geturl())

        # the result of geturl() is a fixpoint; we can always parse it
        # again to get the same result:
        result3 = urllib_parse.urlparse(result.geturl())
        self.assertEqual(result3.geturl(), result.geturl())
        self.assertEqual(result3,          result)
        self.assertEqual(result3.scheme,   result.scheme)
        self.assertEqual(result3.netloc,   result.netloc)
        self.assertEqual(result3.path,     result.path)
        self.assertEqual(result3.params,   result.params)
        self.assertEqual(result3.query,    result.query)
        self.assertEqual(result3.fragment, result.fragment)
        self.assertEqual(result3.username, result.username)
        self.assertEqual(result3.password, result.password)
        self.assertEqual(result3.hostname, result.hostname)
        self.assertEqual(result3.port,     result.port)

        # check the roundtrip using urlsplit() as well
        result = urllib_parse.urlsplit(url)
        self.assertEqual(result, split)
        t = (result.scheme, result.netloc, result.path,
             result.query, result.fragment)
        self.assertEqual(t, split)
        result2 = urllib_parse.urlunsplit(result)
        self.assertEqual(result2, url)
        self.assertEqual(result2, result.geturl())

        # check the fixpoint property of re-parsing the result of geturl()
        result3 = urllib_parse.urlsplit(result.geturl())
        self.assertEqual(result3.geturl(), result.geturl())
        self.assertEqual(result3,          result)
        self.assertEqual(result3.scheme,   result.scheme)
        self.assertEqual(result3.netloc,   result.netloc)
        self.assertEqual(result3.path,     result.path)
        self.assertEqual(result3.query,    result.query)
        self.assertEqual(result3.fragment, result.fragment)
        self.assertEqual(result3.username, result.username)
        self.assertEqual(result3.password, result.password)
        self.assertEqual(result3.hostname, result.hostname)
        self.assertEqual(result3.port,     result.port)
Пример #4
0
 def test_issue14072(self):
     p1 = urllib_parse.urlsplit('tel:+31-641044153')
     self.assertEqual(p1.scheme, 'tel')
     self.assertEqual(p1.path, '+31-641044153')
     p2 = urllib_parse.urlsplit('tel:+31641044153')
     self.assertEqual(p2.scheme, 'tel')
     self.assertEqual(p2.path, '+31641044153')
     # assert the behavior for urlparse
     p1 = urllib_parse.urlparse('tel:+31-641044153')
     self.assertEqual(p1.scheme, 'tel')
     self.assertEqual(p1.path, '+31-641044153')
     p2 = urllib_parse.urlparse('tel:+31641044153')
     self.assertEqual(p2.scheme, 'tel')
     self.assertEqual(p2.path, '+31641044153')
Пример #5
0
    def parse_discovery_service_request(self, url="", query=""):
        if url:
            part = urlparse(url)
            dsr = parse_qs(part[4])
        elif query:
            dsr = parse_qs(query)
        else:
            dsr = {}

        # verify

        for key in ["isPassive", "return", "returnIDParam", "policy",
                    'entityID']:
            try:
                assert len(dsr[key]) == 1
                dsr[key] = dsr[key][0]
            except KeyError:
                pass

        if "return" in dsr:
            part = urlparse(dsr["return"])
            if part.query:
                qp = parse_qs(part.query)
                if "returnIDParam" in dsr:
                    assert dsr["returnIDParam"] not in qp.keys()
                else:
                    assert "entityID" not in qp.keys()
        else:
            # If metadata not used this is mandatory
            raise VerificationError("Missing mandatory parameter 'return'")

        if "policy" not in dsr:
            dsr["policy"] = IDPDISC_POLICY

        try:
            assert dsr["isPassive"] in ["true", "false"]
        except KeyError:
            pass

        if "isPassive" in dsr and dsr["isPassive"] == "true":
            dsr["isPassive"] = True
        else:
            dsr["isPassive"] = False

        if not "returnIDParam" in dsr:
            dsr["returnIDParam"] = "entityID"

        return dsr
Пример #6
0
 def clean_domain(self):
     parsed = urlparse(self.cleaned_data['domain'])
     if parsed.scheme or parsed.netloc:
         domain_string = parsed.netloc
     else:
         domain_string = parsed.path
     return domain_string
Пример #7
0
    def _parse_request(self, request, data, sformat, client_id=None):
        if sformat == "json":
            request = request().from_json(data)
        elif sformat == "jwt":
            request = request().from_jwt(data, keyjar=self.keyjar)
        elif sformat == "urlencoded":
            if '?' in data:
                parts = urlparse(data)
                scheme, netloc, path, params, query, fragment = parts[:6]
            else:
                query = data
            request = request().from_urlencoded(query)
        else:
            raise ParseError("Unknown package format: '%s'" % sformat,
                             request)

        # get the verification keys
        if client_id:
            keys = self.keyjar.verify_keys(client_id)
            sender = client_id
        else:
            try:
                keys = self.keyjar.verify_keys(request["client_id"])
                sender = request['client_id']
            except KeyError:
                keys = None
                sender = ''

        logger.debug("verify keys: {}".format(keys))
        request.verify(key=keys, keyjar=self.keyjar, sender=sender)
        return request
Пример #8
0
def url_compare(url1, url2):
    url1 = urlparse(url1)
    url2 = urlparse(url2)

    if url1.scheme != url2.scheme:
        return False
    if url1.netloc != url2.netloc:
        return False
    if url1.path != url2.path:
        return False
    if not query_string_compare(url1.query, url2.query):
        return False
    if not query_string_compare(url1.fragment, url2.fragment):
        return False

    return True
Пример #9
0
def parse_resource(resource):
    """

    :param resource:
    :return: A tuple: op_id and test_id
    """
    p = urlparse(resource)
    if p[0] == 'acct':
        loc, dom = p[2].split('@', 1)  # Should I check the domain part ?
        _x = loc.split('.')
        if len(_x) == 2:
            return _x
        elif len(_x) > 2:
            return '.'.join(_x[0:-1]), _x[-1]
        else:
            raise ValueError('Need both op_id and test_id, got {}'.format(_x))
    elif p[0] in ['http', 'https']:
        _x = p[2][1:].split('/')  # skip leading '/'
        if len(_x) >= 2:
            return _x[:2]  # only return the first two parts
        else:
            _txt = 'Need both op_id and test_id, got {}'.format(_x)
            logger.error(_txt)
            raise ValueError(_txt)
    else:
        return None
Пример #10
0
    def test_complete_auth_token(self):
        _state = "state0"
        self.consumer.consumer_config["response_type"] = ["code", "token"]

        args = {
            "client_id": self.consumer.client_id,
            "response_type": self.consumer.consumer_config["response_type"],
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)
        self.consumer._backup("state0")

        assert result.status_code == 302
        parsed = urlparse(result.headers["location"])
        baseurl = "{}://{}{}".format(parsed.scheme, parsed.netloc, parsed.path)
        assert baseurl == self.consumer.redirect_uris[0]

        part = self.consumer.parse_authz(query=parsed.query)
        auth = part[0]
        acc = part[1]
        assert part[2] is None

        assert isinstance(auth, AuthorizationResponse)
        assert isinstance(acc, AccessTokenResponse)
        print(auth.keys())
        assert _eq(auth.keys(), ['code', 'access_token',
                                 'token_type', 'state', 'client_id', 'scope'])
        assert _eq(acc.keys(), ['token_type', 'state', 'access_token', 'scope'])
def migrate_url(apps, schema_editor):
    Domain = apps.get_model("projects", "Domain")
    Domain.objects.filter(count=0).delete()
    for domain in Domain.objects.all():
        if domain.project.superprojects.count() or domain.project.main_language_project:
            print("{project} is a subproject or translation. Deleting domain.".format(
                project=domain.project.slug))
            domain.delete()
            continue
        parsed = urlparse(domain.url)
        if parsed.scheme or parsed.netloc:
            domain_string = parsed.netloc
        else:
            domain_string = parsed.path
        try:
            domain.domain = domain_string
            domain.save()
            print(u"Added {domain} from {url}".format(url=domain.url, domain=domain_string))
        except Exception as e:
            print(e)
            print(u"Failed {domain} from {url}".format(url=domain.url, domain=domain_string))

        dms = Domain.objects.filter(domain=domain_string).order_by('-count')
        if dms.count() > 1:
            for dm in list(dms)[1:]:
                dm.delete()
Пример #12
0
def login_hint(oper, args):
    """
    Context: AsyncAuthn
    Action: Sets the request argument 'login_hint' to a value picked from the
    configuration.
    
    Example:
        "login_hint": null

    :param oper: 
    :param args: 
    :return: 
    """
    _iss = oper.conv.entity.provider_info["issuer"]
    p = urlparse(_iss)
    _default = "buffy@%s" % p.netloc
    try:
        hint = oper.conv.get_tool_attribute("login_hint")
    except KeyError:
        hint = _default
    else:
        if hint is None:
            hint = _default
        # elif "@" not in hint:
        #     hint = "%s@%s" % (hint, p.netloc)

    oper.req_args["login_hint"] = hint
Пример #13
0
    def __call__(self, value):
        allow_private_repos = getattr(settings, 'ALLOW_PRIVATE_REPOS', False)
        public_schemes = ['https', 'http', 'git', 'ftps', 'ftp']
        private_schemes = ['ssh', 'ssh+git']
        valid_schemes = public_schemes
        if allow_private_repos:
            valid_schemes += private_schemes
        url = urlparse(value)

        # Malicious characters go first
        if '&&' in value or '|' in value:
            raise ValidationError(_('Invalid character in the URL'))
        elif url.scheme in valid_schemes:
            return value

        # Repo URL is not a supported scheme at this point, but there are
        # several cases where we might support it
        # Launchpad
        elif value.startswith('lp:'):
            return value
        # Relative paths are conditionally supported
        elif value.startswith('.') and not self.disallow_relative_url:
            return value
        # SSH cloning and ``[email protected]:user/project.git``
        elif self.re_git_user.search(value) or url.scheme in private_schemes:
            if allow_private_repos:
                return value
            else:
                # Throw a more helpful error message
                raise ValidationError('Manual cloning via SSH is not supported')

        # No more valid URLs without supported URL schemes
        raise ValidationError(_('Invalid scheme for URL'))
Пример #14
0
    def __call__(self):
        # find the name of the file to which the JWKS should be written
        try:
            _uri = self.conv.entity.registration_response["jwks_uri"]
        except KeyError:
            raise RequirementsNotMet("No dynamic key handling")

        r = urlparse(_uri)
        # find the old key for this key usage and mark that as inactive
        for kb in self.conv.entity.keyjar.issuer_keys[""]:
            for key in list(kb.keys()):
                if key.use in self.new_key["use"]:
                    key.inactive = True

        kid = 0
        # only one key
        _nk = self.new_key
        _typ = _nk["type"].upper()

        if _typ == "RSA":
            kb = KeyBundle(source="file://%s" % _nk["key"],
                           fileformat="der", keytype=_typ,
                           keyusage=_nk["use"])
        else:
            kb = {}

        for k in list(kb.keys()):
            k.serialize()
            k.kid = self.kid_template % kid
            kid += 1
            self.conv.entity.kid[k.use][k.kty] = k.kid
        self.conv.entity.keyjar.add_kb("", kb)

        dump_jwks(self.conv.entity.keyjar[""], r.path[1:])
Пример #15
0
Файл: sp.py Проект: Amli/pysaml2
    def __init__(self, rememberer_name, config, saml_client, wayf, cache,
                 sid_store=None, discovery="", idp_query_param="",
                 sid_store_cert=None, ):
        self.rememberer_name = rememberer_name
        self.wayf = wayf
        self.saml_client = saml_client
        self.conf = config
        self.cache = cache
        self.discosrv = discovery
        self.idp_query_param = idp_query_param
        self.logout_endpoints = [urlparse(ep)[2] for ep in config.endpoint(
            "single_logout_service")]
        try:
            self.metadata = self.conf.metadata
        except KeyError:
            self.metadata = None
        if sid_store:
            self.outstanding_queries = shelve.open(sid_store, writeback=True,
                                                   protocol=2)
        else:
            self.outstanding_queries = {}
        if sid_store_cert:
            self.outstanding_certs = shelve.open(sid_store_cert, writeback=True,
                                                 protocol=2)
        else:
            self.outstanding_certs = {}

        self.iam = platform.node()
Пример #16
0
    def test_begin_file(self, tmpdir):
        path = tmpdir.strpath
        self.consumer.consumer_config["request_method"] = "file"
        self.consumer.consumer_config["temp_dir"] = path
        self.consumer.consumer_config["temp_path"] = path
        self.consumer.consumer_config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid", "code",
                                            path="http://localhost:8087")

        with responses.RequestsMock() as rsps:
            p = urlparse(self.consumer.request_uri)
            rsps.add(rsps.GET, self.consumer.request_uri,
                     body=open(p.path).read(), status=200,
                     content_type='application/urlencoded')

            authreq = srv.parse_authorization_request(url=location)
            assert _eq(list(authreq.keys()),
                       ['max_age', 'state', 'redirect_uri', 'response_type',
                        'client_id', 'scope', 'claims'])

            assert authreq["state"] == sid
            assert authreq["scope"] == self.consumer.consumer_config["scope"]
            assert authreq["client_id"] == self.consumer.client_id
            assert authreq["redirect_uri"].startswith(
                "http://localhost:8087/authz")
Пример #17
0
    def test_complete_secret_auth(self):
        _state = "state0"
        del self.consumer.consumer_config["password"]

        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)
        assert result.status_code == 302
        parsed = urlparse(result.headers["location"])
        baseurl = "{}://{}{}".format(parsed.scheme, parsed.netloc, parsed.path)
        assert baseurl == self.consumer.redirect_uris[0]

        self.consumer.parse_response(AuthorizationResponse, info=parsed.query,
                                     sformat="urlencoded")

        resp = self.consumer.complete(_state)
        assert isinstance(resp, AccessTokenResponse)
        assert _eq(resp.keys(),
                   ['token_type', 'state', 'access_token', 'scope'])

        assert resp["state"] == _state
Пример #18
0
    def test_userinfo(self):
        _state = "state0"

        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)
        assert result.status_code == 302
        parsed = urlparse(result.headers["location"])
        baseurl = "{}://{}{}".format(parsed.scheme, parsed.netloc, parsed.path)
        assert baseurl == self.consumer.redirect_uris[0]

        self.consumer.parse_response(AuthorizationResponse, info=parsed.query,
                                     sformat="urlencoded")

        self.consumer.complete(_state)

        result = self.consumer.get_user_info(_state)
        assert isinstance(result, OpenIDSchema)
        assert _eq(result.keys(),
                   ['name', 'email', 'verified', 'nickname', 'sub'])
Пример #19
0
    def test_token_endpoint_auth(self):
        state, location = self.cons.begin("openid", "code",
                                          path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=urlparse(location).query)

        aresp = self.cons.parse_response(AuthorizationResponse, resp.message,
                                         sformat="urlencoded")

        # Construct Access token request
        areq = self.cons.construct_AccessTokenRequest(
                redirect_uri="http://example.com/authz",
                client_id="client_1",
                client_secret='abcdefghijklmnop',
                state=state)

        txt = areq.to_urlencoded()
        self.cons.client_secret='drickyoughurt'

        csb = ClientSecretBasic(self.cons)
        http_args = csb.construct(areq)

        resp = self.provider.token_endpoint(request=txt, remote_user="******",
                                            request_method="POST",
                                            authn=http_args['headers'][
                                                'Authorization'])

        atr = TokenErrorResponse().deserialize(resp.message, "json")
        assert atr["token_type"] == 'Bearer'
Пример #20
0
    def test_sign_userinfo(self):
        _state = "state0"
        self.consumer.client_prefs = {"userinfo_signed_response_alg": "RS256"}
        self.consumer.provider_info = {
            "userinfo_endpoint": "http://localhost:8088/userinfo",
            "issuer": "http://localhost:8088/"}
        del self.consumer.consumer_config["request_method"]

        args = {
            "client_id": self.consumer.client_id,
            "response_type": "code",
            "scope": ["openid"],
        }

        self.consumer.begin("openid", "code")
        result = self.consumer.do_authorization_request(state=_state,
                                                        request_args=args)
        parsed = urlparse(result.headers["location"])
        self.consumer.parse_response(AuthorizationResponse, info=parsed.query,
                                     sformat="urlencoded")

        self.consumer.complete(_state)

        result = self.consumer.get_user_info(_state)
        assert isinstance(result, OpenIDSchema)
        assert _eq(result.keys(),
                   ['name', 'email', 'verified', 'nickname', 'sub'])
Пример #21
0
    def test_authenticated_hybrid(self):
        _state, location = self.cons.begin(
                scope="openid email claims_in_id_token",
                response_type="code id_token",
                path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=urlparse(location).query)

        part = self.cons.parse_authz(resp.message)

        aresp = part[0]
        assert part[1] is None
        assert part[2] is not None

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['scope', 'state', 'code', 'id_token'])

        assert _eq(self.cons.grant[_state].keys(),
                   ['code', 'id_token', 'tokens',
                    'exp_in',
                    'grant_expiration_time', 'seed'])
        id_token = part[2]
        assert isinstance(id_token, IdToken)
        assert _eq(id_token.keys(),
                   ['nonce', 'c_hash', 'sub', 'iss', 'acr', 'exp', 'auth_time',
                    'iat', 'aud'])
Пример #22
0
def set_webfinger_resource(oper, args):
    """
    Context: WebFinger Query
    Action: Specifies the webfinger resource. If the OP supports
    webfinger queries then the resource is set to the value of 'webfinger_url'
    or 'webfinger_email' from the test instance configuration.

    :param oper: An WebFinger instance
    :param args: None or a dictionary with the key 'pattern'
    """

    try:
        oper.resource = oper.op_args["resource"]
    except KeyError:
        if oper.dynamic:
            if args:
                _p = urlparse(get_issuer(oper.conv))
                oper.op_args["resource"] = args["pattern"].format(
                    test_id=oper.conv.test_id, host=_p.netloc,
                    oper_id=oper.conv.operator_id)
            else:
                _base = oper.sh.tool_conf['issuer']
                if oper.conv.operator_id is None:
                    oper.resource = _base
                else:
                    oper.resource = os.path.join(_base, oper.conv.operator_id,
                                                 oper.conv.test_id)
Пример #23
0
def find_identifier(uri):
    if uri.startswith("http"):
        p = urlparse(uri)
        return p.path[1:]  # Skip leading "/"
    elif uri.startswith("acct:"):
        a = uri[5:]
        l, d = a.split("@")
        return l
Пример #24
0
    def test_authenticated(self):
        client = Client(**CLIENT_CONFIG)
        client.authorization_endpoint = "https://example.com/as"

        sid = rndstr(8)
        args = {"redirect_uri": "http://localhost:8087/authz", "state": sid, "response_type": "code"}

        url, body, ht_args, csi = client.request_info(AuthorizationRequest, "GET", request_args=args)

        resp = self.provider.authorization_endpoint(urlparse(url).query)
        assert resp.status == "302 Found"
        resp = urlparse(resp.message).query
        aresp = client.parse_authz_response(resp)

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ["state", "code", "client_id", "iss"])
        assert _eq(client.grant[sid].keys(), ["tokens", "code", "exp_in", "seed", "id_token", "grant_expiration_time"])
Пример #25
0
    def parse_url_request(request, url=None, query=None):
        if url:
            parts = urlparse(url)
            scheme, netloc, path, params, query, fragment = parts[:6]

        req = request().deserialize(query, "urlencoded")
        req.verify()
        return req
Пример #26
0
    def test_attributes_bad_port(self):
        """Check handling of non-integer ports."""
        p = urllib_parse.urlsplit("http://www.example.net:foo")
        self.assertEqual(p.netloc, "www.example.net:foo")
        self.assertRaises(ValueError, lambda: p.port)

        p = urllib_parse.urlparse("http://www.example.net:foo")
        self.assertEqual(p.netloc, "www.example.net:foo")
        self.assertRaises(ValueError, lambda: p.port)

        # Once again, repeat ourselves to test bytes
        p = urllib_parse.urlsplit(b"http://www.example.net:foo")
        self.assertEqual(p.netloc, b"www.example.net:foo")
        self.assertRaises(ValueError, lambda: p.port)

        p = urllib_parse.urlparse(b"http://www.example.net:foo")
        self.assertEqual(p.netloc, b"www.example.net:foo")
        self.assertRaises(ValueError, lambda: p.port)
Пример #27
0
 def save(self, *args, **kwargs):  # pylint: disable=arguments-differ
     from readthedocs.projects import tasks
     parsed = urlparse(self.domain)
     if parsed.scheme or parsed.netloc:
         self.domain = parsed.netloc
     else:
         self.domain = parsed.path
     super(Domain, self).save(*args, **kwargs)
     broadcast(type='app', task=tasks.symlink_domain, args=[self.project.pk, self.pk])
Пример #28
0
def include(url, test_id):
    p = urlparse(url)
    if p.path[1:].startswith(test_id):
        if len(p.path[1:].split("/")) <= 1:
            return os.path.join(url, "_/_/_/normal")
        else:
            return url

    return "%s://%s/%s%s_/_/_/normal" % (p.scheme, p.netloc, test_id, p.path)
Пример #29
0
    def test_authenticated(self):
        _session_db = {}
        cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
                        server_info=SERVER_INFO, **CONSUMER_CONFIG)

        sid, location = cons.begin("http://localhost:8087",
                                   "http://localhost:8088/authorization")

        resp = self.provider.authorization_endpoint(urlparse(location).query)
        assert resp.status == "303 See Other"
        resp = urlparse(resp.message).query
        aresp = cons.handle_authorization_response(query=resp)

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['state', 'code', 'client_id', 'iss'])
        assert _eq(cons.grant[sid].keys(), ['tokens', 'code', 'exp_in',
                                            'seed', 'id_token',
                                            'grant_expiration_time'])
Пример #30
0
    def _verify_redirect_uri(self, areq):
        """
        MUST NOT contain a fragment
        MAY contain query component

        :return: An error response if the redirect URI is faulty otherwise
            None
        """
        try:
            _redirect_uri = unquote(areq["redirect_uri"])

            part = urlparse(_redirect_uri)
            if part.fragment:
                raise URIError("Contains fragment")

            (_base, _query) = splitquery(_redirect_uri)
            if _query:
                _query = parse_qs(_query)

            match = False
            for regbase, rquery in self.cdb[str(areq["client_id"])][
                "redirect_uris"]:
                if _base == regbase or _redirect_uri.startswith(regbase):
                    # every registered query component must exist in the
                    # redirect_uri
                    if rquery:
                        for key, vals in rquery.items():
                            assert key in _query
                            for val in vals:
                                assert val in _query[key]
                    # and vice versa, every query component in the redirect_uri
                    # must be registered
                    if _query:
                        if rquery is None:
                            raise ValueError
                        for key, vals in _query.items():
                            assert key in rquery
                            for val in vals:
                                assert val in rquery[key]
                    match = True
                    break
            if not match:
                raise RedirectURIError("Doesn't match any registered uris")
            # ignore query components that are not registered
            return None
        except Exception as err:
            logger.error("Faulty redirect_uri: %s" % areq["redirect_uri"])
            try:
                _cinfo = self.cdb[str(areq["client_id"])]
            except KeyError:
                logger.info("Unknown client: %s" % areq["client_id"])
                raise UnknownClient(areq["client_id"])
            else:
                logger.info("Registered redirect_uris: %s" % _cinfo)
                raise RedirectURIError(
                    "Faulty redirect_uri: %s" % areq["redirect_uri"])
Пример #31
0
 def get_urlinfo(self, info):
     if '?' in info or '#' in info:
         parts = urlparse(info)
         scheme, netloc, path, params, query, fragment = parts[:6]
         # either query of fragment
         if query:
             info = query
         else:
             info = fragment
     return info
Пример #32
0
    def test_authenticated_none(self):
        _state, location = self.cons.begin("openid", response_type="none",
                                           path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=location.split("?")[1])
        parsed = urlparse(resp.message)
        assert "{}://{}{}".format(parsed.scheme, parsed.netloc,
                                  parsed.path) == "http://localhost:8087/authz"
        assert "state" in parse_qs(parsed.query)
Пример #33
0
    def test_userinfo_endpoint(self):
        self.cons.client_secret = "drickyoughurt"
        self.cons.config["response_type"] = ["token"]
        self.cons.config["request_method"] = "parameter"
        state, location = self.cons.begin("openid", "token",
                                          path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=urlparse(location).query)

        # redirect
        atr = AuthorizationResponse().deserialize(
                urlparse(resp.message).fragment, "urlencoded")

        uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")

        resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
        ident = OpenIDSchema().deserialize(resp.message, "json")
        assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
Пример #34
0
def update_url_with_kwargs(url, **kwargs):
    if not url:
        return

    url_parts = list(urlparse(url))
    query = dict(parse_qsl(url_parts[4]))
    query.update(kwargs)
    url_parts[4] = urlencode(query)

    return urlunparse(url_parts)
Пример #35
0
    def test_authenticated(self):
        _session_db = {}
        cons = Consumer(_session_db,
                        client_config=CLIENT_CONFIG,
                        server_info=SERVER_INFO,
                        **CONSUMER_CONFIG)

        sid, location = cons.begin("http://localhost:8087",
                                   "http://localhost:8088/authorization")

        resp = self.provider.authorization_endpoint(urlparse(location).query)
        assert resp.status == "303 See Other"
        resp = urlparse(resp.message).query
        with LogCapture(level=logging.DEBUG) as logcap:
            aresp = cons.handle_authorization_response(query=resp)

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['state', 'code', 'client_id', 'iss'])
        assert _eq(cons.grant[sid].keys(), [
            'tokens', 'code', 'exp_in', 'seed', 'id_token',
            'grant_expiration_time'
        ])

        state = aresp['state']
        assert _eq(logcap.records[0].msg, '- authorization - code flow -')
        assert verify_outcome(logcap.records[1].msg, 'QUERY: ', [
            'state={}'.format(state), 'code=<REDACTED>', 'client_id=client1',
            'iss=https://example.com/as'
        ])

        expected = {
            'iss': 'https://example.com/as',
            'state': state,
            'code': '<REDACTED>',
            'client_id': 'client1'
        }
        # Eval here to avoid intermittent failures due to dict ordering
        assert _eq(eval(logcap.records[2].msg[29:-1]), expected)
        expected = [
            "'client_id': 'client1'", "'iss': 'https://example.com/as'",
            "'keyjar': <KeyJar(issuers=[])>"
        ]
        assert _eq(sorted(logcap.records[3].msg[22:-1].split(', ')), expected)
Пример #36
0
 def save(self, *args, **kwargs):  # pylint: disable=arguments-differ
     from readthedocs.projects import tasks
     parsed = urlparse(self.domain)
     if parsed.scheme or parsed.netloc:
         self.domain = parsed.netloc
     else:
         self.domain = parsed.path
     super(Domain, self).save(*args, **kwargs)
     broadcast(type='app', task=tasks.symlink_domain,
               args=[self.project.pk, self.pk],)
Пример #37
0
    def wait(self, url):
        domain = urlparse(url).netloc
        last_accessed = self.domains.get(domain)

        if self.delay > 0 and last_accessed is not None:
            sleep_secs = self.delay - (datetime.datetime.now() -
                                       last_accessed).seconds
            if sleep_secs > 0:
                time.sleep(sleep_secs)
        self.domains[domain] = datetime.datetime.now()
Пример #38
0
 def get_urlinfo(info):
     # If info is a whole URL pick out the query or fragment part
     if '?' in info or '#' in info:
         parts = urlparse(info)
         scheme, netloc, path, params, query, fragment = parts[:6]
         # either query of fragment
         if query:
             info = query
         else:
             info = fragment
     return info
Пример #39
0
    def parse_url_request(request, url=None, query=None):
        if url:
            parts = urlparse(url)
            scheme, netloc, path, params, query, fragment = parts[:6]

        if isinstance(query, dict):
            req = request(**query)
        else:
            req = request().deserialize(query, "urlencoded")
        req.verify()
        return req
Пример #40
0
    def test_telurl_params(self):
        p1 = urllib_parse.urlparse('tel:123-4;phone-context=+1-650-516')
        self.assertEqual(p1.scheme, 'tel')
        self.assertEqual(p1.path, '123-4')
        self.assertEqual(p1.params, 'phone-context=+1-650-516')

        p1 = urllib_parse.urlparse('tel:+1-201-555-0123')
        self.assertEqual(p1.scheme, 'tel')
        self.assertEqual(p1.path, '+1-201-555-0123')
        self.assertEqual(p1.params, '')

        p1 = urllib_parse.urlparse('tel:7042;phone-context=example.com')
        self.assertEqual(p1.scheme, 'tel')
        self.assertEqual(p1.path, '7042')
        self.assertEqual(p1.params, 'phone-context=example.com')

        p1 = urllib_parse.urlparse('tel:863-1234;phone-context=+1-914-555')
        self.assertEqual(p1.scheme, 'tel')
        self.assertEqual(p1.path, '863-1234')
        self.assertEqual(p1.params, 'phone-context=+1-914-555')
Пример #41
0
    def test_authorization_endpoint_id_token(self):
        bib = {
            "scope": ["openid"],
            "state": "id-6da9ca0cc23959f5f33e8becd9b08cae",
            "redirect_uri": "http://localhost:8087/authz",
            "response_type": ["code", "id_token"],
            "client_id": "a1b2c3",
            "nonce": "Nonce",
            "prompt": ["none"]
        }

        req = AuthorizationRequest(**bib)
        areq = AuthorizationRequest(response_type="code",
                                    client_id="client_1",
                                    redirect_uri="http://example.com/authz",
                                    scope=["openid"],
                                    state="state000")

        sdb = self.provider.sdb
        ae = AuthnEvent("userX", "salt")
        sid = sdb.create_authz_session(ae, areq)
        sdb.do_sub(sid, "client_salt")
        _info = sdb[sid]
        # All this is jut removed when the id_token is constructed
        # The proper information comes from the session information
        _user_info = IdToken(iss="https://foo.example.om",
                             sub="foo",
                             aud=bib["client_id"],
                             exp=epoch_in_a_while(minutes=10),
                             acr="2",
                             nonce=bib["nonce"])

        idt = self.provider.id_token_as_signed_jwt(_info,
                                                   access_token="access_token",
                                                   user_info=_user_info)

        req["id_token"] = idt
        query_string = req.to_urlencoded()

        # client_id not in id_token["aud"] so login required
        resp = self.provider.authorization_endpoint(request=query_string,
                                                    cookie="FAIL")
        parsed_resp = parse_qs(urlparse(resp.message).fragment)
        assert parsed_resp["error"][0] == "login_required"

        req["client_id"] = "client_1"
        query_string = req.to_urlencoded()

        # client_id is in id_token["aud"] so no login required
        resp = self.provider.authorization_endpoint(request=query_string,
                                                    cookie="FAIL")

        assert resp.message.startswith("http://localhost:8087/authz")
Пример #42
0
def replace_host(url, host):
    """
    将一个url的host替换成为目标host, 生成新的url.
    :param url:
    :param host:
    :return:
    """
    if url is None:
        return ''
    pr = urlparse(url)
    r = pr._replace(netloc=host)
    return r.geturl()
Пример #43
0
    def test_authenticated_url(self):
        state, location = self.cons.begin("openid", "code",
                                          path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=urlparse(location).query)

        aresp = self.cons.parse_response(AuthorizationResponse, resp.message,
                                         sformat="urlencoded")

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['code', 'state', 'scope', 'client_id', 'iss'])
Пример #44
0
def sign_http_args(method, url, headers, body=''):
    p = urlparse(url)

    kwargs = {'path': p.path, 'host': p.netloc, 'headers': headers,
              'method': method}

    if body:
        kwargs['body'] = body

    query_params = compact(parse_qs(p.query))
    kwargs['query_params'] = query_params
    return kwargs
Пример #45
0
def login_hint(oper, args):
    _iss = oper.conv.entity.provider_info["issuer"]
    p = urlparse(_iss)
    try:
        hint = oper.conv.get_tool_attribute("login_hint")
    except KeyError:
        hint = "buffy@%s" % p.netloc
    else:
        if "@" not in hint:
            hint = "%s@%s" % (hint, p.netloc)

    oper.req_args["login_hint"] = hint
def pack_redirect_uri(redirect_uris):
    ruri = []
    for uri in redirect_uris:
        if urlparse(uri).fragment:
            print("Faulty redirect uri, contains fragment", file=sys.stderr)
        base, query = splitquery(uri)
        if query:
            ruri.append([base, parse_qs(query)])
        else:
            ruri.append([base, query])

    return ruri
Пример #47
0
    def test_attributes_without_netloc(self):
        # This example is straight from RFC 3261.  It looks like it
        # should allow the username, hostname, and port to be filled
        # in, but doesn't.  Since it's a URI and doesn't use the
        # scheme://netloc syntax, the netloc and related attributes
        # should be left empty.
        uri = "sip:[email protected];maddr=239.255.255.1;ttl=15"
        p = urllib_parse.urlsplit(uri)
        self.assertEqual(p.netloc, "")
        self.assertEqual(p.username, None)
        self.assertEqual(p.password, None)
        self.assertEqual(p.hostname, None)
        self.assertEqual(p.port, None)
        self.assertEqual(p.geturl(), uri)

        p = urllib_parse.urlparse(uri)
        self.assertEqual(p.netloc, "")
        self.assertEqual(p.username, None)
        self.assertEqual(p.password, None)
        self.assertEqual(p.hostname, None)
        self.assertEqual(p.port, None)
        self.assertEqual(p.geturl(), uri)

        # You guessed it, repeating the test with bytes input
        uri = b"sip:[email protected];maddr=239.255.255.1;ttl=15"
        p = urllib_parse.urlsplit(uri)
        self.assertEqual(p.netloc, b"")
        self.assertEqual(p.username, None)
        self.assertEqual(p.password, None)
        self.assertEqual(p.hostname, None)
        self.assertEqual(p.port, None)
        self.assertEqual(p.geturl(), uri)

        p = urllib_parse.urlparse(uri)
        self.assertEqual(p.netloc, b"")
        self.assertEqual(p.username, None)
        self.assertEqual(p.password, None)
        self.assertEqual(p.hostname, None)
        self.assertEqual(p.port, None)
        self.assertEqual(p.geturl(), uri)
Пример #48
0
    def test_authorization_endpoint_bad_scope(self):
        bib = {"scope": ["openid", "offline_access"],
               "state": "id-6da9ca0cc23959f5f33e8becd9b08cae",
               "redirect_uri": "http://localhost:8087/authz",
               "response_type": ["code"],
               "client_id": "a1b2c3"}

        arq = AuthorizationRequest(**bib)
        resp = self.provider.authorization_endpoint(request=arq.to_urlencoded())
        assert resp.status == "303 See Other"
        parsed = parse_qs(urlparse(resp.message).query)
        assert parsed["error"][0] == "invalid_request"
        assert parsed["error_description"][0] == "consent in prompt"
Пример #49
0
    def test_authenticated(self):
        client = Client(**CLIENT_CONFIG)
        client.authorization_endpoint = 'https://example.com/as'

        sid = rndstr(8)
        args = {
            'redirect_uri': "http://localhost:8087/authz",
            "state": sid, "response_type": 'code'}

        url, body, ht_args, csi = client.request_info(
            AuthorizationRequest, 'GET', request_args=args)

        resp = self.provider.authorization_endpoint(urlparse(url).query)
        assert resp.status == "303 See Other"
        resp = urlparse(resp.message).query
        aresp = client.parse_authz_response(resp)

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['state', 'code', 'client_id', 'iss'])
        assert _eq(client.grant[sid].keys(), ['tokens', 'code', 'exp_in',
                                              'seed', 'id_token',
                                              'grant_expiration_time'])
Пример #50
0
 def test_portseparator(self):
     # Issue 754016 makes changes for port separator ':' from scheme separator
     self.assertEqual(urllib_parse.urlparse("path:80"),
             ('','','path:80','','',''))
     self.assertEqual(urllib_parse.urlparse("http:"),('http','','','','',''))
     self.assertEqual(urllib_parse.urlparse("https:"),('https','','','','',''))
     self.assertEqual(urllib_parse.urlparse("http://www.python.org:80"),
             ('http','www.python.org:80','','','',''))
     # As usual, need to check bytes input as well
     self.assertEqual(urllib_parse.urlparse(b"path:80"),
             (b'',b'',b'path:80',b'',b'',b''))
     self.assertEqual(urllib_parse.urlparse(b"http:"),(b'http',b'',b'',b'',b'',b''))
     self.assertEqual(urllib_parse.urlparse(b"https:"),(b'https',b'',b'',b'',b'',b''))
     self.assertEqual(urllib_parse.urlparse(b"http://www.python.org:80"),
             (b'http',b'www.python.org:80',b'',b'',b'',b''))
Пример #51
0
    def test_authenticated(self):
        _state, location = self.cons.begin("openid", "code",
                                           path="http://localhost:8087")

        resp = self.provider.authorization_endpoint(
                request=urlparse(location).query)

        parsed = urlparse(resp.message)
        assert "{}://{}{}".format(parsed.scheme, parsed.netloc,
                                  parsed.path) == "http://localhost:8087/authz"

        part = self.cons.parse_authz(query=resp.message)

        aresp = part[0]
        assert part[1] is None
        assert part[2] is None

        assert isinstance(aresp, AuthorizationResponse)
        assert _eq(aresp.keys(), ['code', 'state', 'scope', 'client_id', 'iss'])

        assert _eq(self.cons.grant[_state].keys(),
                   ['code', 'tokens', 'id_token', 'exp_in', 'seed',
                    'grant_expiration_time'])
Пример #52
0
 def test_mixed_types_rejected(self):
     # Several functions that process either strings or ASCII encoded bytes
     # accept multiple arguments. Check they reject mixed type input
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlparse("www.python.org", b"http")
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlparse(b"www.python.org", "http")
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlsplit("www.python.org", b"http")
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlsplit(b"www.python.org", "http")
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlunparse(( b"http", "www.python.org","","","",""))
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlunparse(("http", b"www.python.org","","","",""))
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlunsplit((b"http", "www.python.org","","",""))
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urlunsplit(("http", b"www.python.org","","",""))
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urljoin("http://python.org", b"http://python.org")
     with self.assertRaisesRegex(TypeError, "Cannot mix str"):
         urllib_parse.urljoin(b"http://python.org", "http://python.org")
Пример #53
0
def decide_if_cors(sender, request, **kwargs):  # pylint: disable=unused-argument
    """
    Decide whether a request should be given CORS access.

    This checks that:
    * The URL is whitelisted against our CORS-allowed domains
    * The Domain exists in our database, and belongs to the project being queried.

    Returns True when a request should be given CORS access.
    """
    if 'HTTP_ORIGIN' not in request.META:
        return False
    host = urlparse(request.META['HTTP_ORIGIN']).netloc.split(':')[0]

    # Don't do domain checking for this API for now
    if request.path_info.startswith('/api/v2/sustainability'):
        return True

    # Don't do domain checking for APIv2 when the Domain is known
    if request.path_info.startswith('/api/v2/') and request.method in SAFE_METHODS:
        domain = Domain.objects.filter(domain__icontains=host)
        if domain.exists():
            return True

    valid_url = False
    for url in WHITELIST_URLS:
        if request.path_info.startswith(url):
            valid_url = True
            break

    if valid_url:
        project_slug = request.GET.get('project', None)
        try:
            project = Project.objects.get(slug=project_slug)
        except Project.DoesNotExist:
            log.warning(
                'Invalid project passed to domain. [%s:%s]',
                project_slug,
                host,
            )
            return False

        domain = Domain.objects.filter(
            Q(domain__icontains=host),
            Q(project=project) | Q(project__subprojects__child=project),
        )
        if domain.exists():
            return True

    return False
Пример #54
0
def main_setup(log):
    from oidctest import profiles
    from oidctest import oper

    parser = argparse.ArgumentParser()
    parser.add_argument('-f', dest='flows')
    parser.add_argument('-l', dest="log_name")
    parser.add_argument('-p', dest="profile")
    parser.add_argument(dest="config")
    cargs = parser.parse_args()

    if "/" in cargs.flows:
        head, tail = os.path.split(cargs.flows)
        sys.path.insert(0, head)
        FLOWS = importlib.import_module(tail)
    else:
        FLOWS = importlib.import_module(cargs.flows)

    CONF = importlib.import_module(cargs.config)

    if cargs.log_name:
        setup_logger(log, cargs.log_name)
    else:
        setup_logger(log)

    # Add own keys for signing/encrypting JWTs
    try:
        jwks, keyjar, kidd = build_keyjar(CONF.keys)
    except KeyError:
        raise
    else:
        # export JWKS
        p = urlparse(CONF.KEY_EXPORT_URL)
        with open("." + p.path, "w") as f:
            f.write(json.dumps(jwks))
        jwks_uri = p.geturl()

    return {
        "base_url": CONF.BASE,
        "kidd": kidd,
        "jwks_uri": jwks_uri,
        "flows": FLOWS.FLOWS,
        "conf": CONF,
        "cinfo": CONF.INFO,
        "orddesc": FLOWS.ORDDESC,
        "profiles": profiles,
        "operations": oper,
        "profile": cargs.profile
    }
Пример #55
0
def resource(oper, args):
    """
    Context:
    Action:
    Example:

    :param oper: 
    :param args: 
    :return: 
    """

    _p = urlparse(get_issuer(oper.conv))
    oper.op_args["resource"] = args["pattern"].format(
        test_id=oper.conv.test_id, host=_p.netloc,
        oper_id=oper.conv.operator_id)
Пример #56
0
    def test_authorization_endpoint(self):
        bib = {"scope": ["openid"],
               "state": "id-6da9ca0cc23959f5f33e8becd9b08cae",
               "redirect_uri": "http://localhost:8087/authz",
               "response_type": ["code"],
               "client_id": "a1b2c3",
               "nonce": "Nonce"}

        arq = AuthorizationRequest(**bib)

        resp = self.provider.authorization_endpoint(request=arq.to_urlencoded())
        parsed = parse_qs(urlparse(resp.message).query)
        assert parsed["scope"] == ["openid"]
        assert parsed["state"][0] == "id-6da9ca0cc23959f5f33e8becd9b08cae"
        assert "code" in parsed
Пример #57
0
    def test_authenticated_token(self):
        _session_db = {}
        cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
                        server_info=SERVER_INFO, **CONSUMER_CONFIG)

        sid, location = cons.begin("http://localhost:8087",
                                   "http://localhost:8088/authorization",
                                   "token")

        QUERY_STRING = location.split("?")[1]
        resp = self.provider.authorization_endpoint(QUERY_STRING)
        auth_resp = parse_qs(urlparse(resp.message).fragment)

        assert "access_token" in auth_resp
        assert auth_resp["token_type"][0] == "Bearer"
Пример #58
0
def get_base(base):
    """
    Make sure a '/' terminated URL is returned
    """
    part = urlparse(base)

    if part.path:
        if not part.path.endswith("/"):
            _path = part.path[:] + "/"
        else:
            _path = part.path[:]
    else:
        _path = "/"

    return "%s://%s%s" % (part.scheme, part.netloc, _path,)
Пример #59
0
 def test_unparse_parse(self):
     str_cases = [
         'Python',
         './Python',
         'x-newscheme://foo.com/stuff',
         'x://y',
         'x:/y',
         'x:/',
         '/',
     ]
     bytes_cases = [x.encode('ascii') for x in str_cases]
     for u in str_cases + bytes_cases:
         self.assertEqual(urllib_parse.urlunsplit(urllib_parse.urlsplit(u)),
                          u)
         self.assertEqual(urllib_parse.urlunparse(urllib_parse.urlparse(u)),
                          u)
Пример #60
0
    def verify(self, **kwargs):
        if "initiate_login_uri" in self and not self[
                "initiate_login_uri"].startswith("https:"):
            raise RegistrationError('initiate_login_uri is not https')

        if "redirect_uris" in self:
            for uri in self["redirect_uris"]:
                if urlparse(uri).fragment:
                    raise InvalidRedirectUri(
                        "redirect_uri contains fragment: %s" % uri)

        for uri in ["client_uri", "logo_uri", "tos_uri", "policy_uri"]:
            if uri in self:
                try:
                    resp = requests.request("GET",
                                            str(self[uri]),
                                            allow_redirects=True,
                                            verify=False)
                except requests.ConnectionError:
                    raise MissingPage(self[uri])

                if resp.status_code not in SUCCESSFUL:
                    raise MissingPage(self[uri])

        # if "grant_types" in self and "response_types" in self:
        #     for typ in self["grant_types"]:
        #         if typ == "authorization_code":
        #             assert "code" in self["response_types"]
        #         elif typ == "implicit":
        #             assert "token" in self["response_types"]

        try:
            ss = self['software_statement']
        except KeyError:
            pass
        else:
            # need to get the client keys before I can verify any signature
            # kj = kwargs['keyjar']
            # The case where jwks_uri is used
            # try:
            #     kj.add(,self['jwks_uri'])
            _ss = []
            for _s in ss:
                _ss.append(unpack_software_statement(_s, '', kwargs['keyjar']))
            self['__software_statement'] = _ss

        return super(RegistrationRequest, self).verify(**kwargs)