def test_client_registration_2(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB("https://example.org/"), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader}) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_name#ja-Jpan-JP" in _resp.keys() assert "client_name" in _resp.keys()
def test_client_registration_2(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader}) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_name#ja-Jpan-JP" in _resp.keys() assert "client_name" in _resp.keys()
def test_client_registration_uri_error(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", "logo_uri": "https://client.example.org/logo.png", "jwks_uri": "https://client.example.org/my_public_keys.jwks" } provider = Provider("pyoicserv", sdb.SessionDB("https://example.org/"), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/") request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientRegistrationError().from_json(resp.message) assert "error" in _resp assert _resp["error"] == "invalid_client_metadata"
def test_client_registration_uri_error(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", "logo_uri": "https://client.example.org/logo.png", "jwks_uri": "https://client.example.org/my_public_keys.jwks" } provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/") request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientRegistrationError().from_json(resp.message) assert "error" in _resp assert _resp["error"] == "invalid_client_metadata"
def test_client_registration_delete(): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader }) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), environ={}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) resp = provider.client_info_endpoint( "", environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, method="DELETE", query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, NoContent) # A read should fail resp = provider.client_info_endpoint( "", environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, Unauthorized)
def test_client_registration_update(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider( "pyoicserv", sdb.SessionDB("https://example.org/"), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader, }, ) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), environ={}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_name#ja-Jpan-JP" in _resp.keys() assert "client_name" in _resp.keys() update = { "client_id": _resp["client_id"], "client_secret": _resp["client_secret"], "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/alt"], "scope": "read write dolphin", "grant_types": ["authorization_code", "refresh_token"], "token_endpoint_auth_method": "client_secret_basic", "jwks_uri": "https://client.example.org/my_public_keys.jwks", "client_name": "My New Example", "client_name#fr": "Mon Nouvel Exemple", } update_req = RegistrationRequest(**update) resp = provider.client_info_endpoint( update_req.to_json(), environ={"HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"],)}, method="PUT", query="client_id=%s" % _resp["client_id"], ) _resp_up = ClientInfoResponse().from_json(resp.message) print _resp_up
def test_client_registration_update(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader}) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), environ={}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_name#ja-Jpan-JP" in _resp.keys() assert "client_name" in _resp.keys() update = { "client_id": _resp["client_id"], "client_secret": _resp["client_secret"], "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/alt"], "scope": "read write dolphin", "grant_types": ["authorization_code", "refresh_token"], "token_endpoint_auth_method": "client_secret_basic", "jwks_uri": "https://client.example.org/my_public_keys.jwks", "client_name": "My New Example", "client_name#fr": "Mon Nouvel Exemple", } update_req = RegistrationRequest(**update) resp = provider.client_info_endpoint( update_req.to_json(), environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, method="PUT", query="client_id=%s" % _resp["client_id"]) _resp_up = ClientInfoResponse().from_json(resp.message) print _resp_up
def test_client_registration_delete(): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } provider = Provider( "pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader, }, ) request = RegistrationRequest(**args) resp = provider.registration_endpoint(request.to_json(), environ={}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) resp = provider.client_info_endpoint( "", environ={"HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"],)}, method="DELETE", query="client_id=%s" % _resp["client_id"], ) assert isinstance(resp, NoContent) # A read should fail resp = provider.client_info_endpoint( "", environ={"HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"],)}, query="client_id=%s" % _resp["client_id"], ) assert isinstance(resp, Unauthorized)
def create_provider(self): authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) self.provider = Provider("pyoicserv", sdb.SessionDB( TestProvider.SERVER_INFO["issuer"]), TestProvider.CDB, authn_broker, Implicit(), verify_client, client_info_url="https://example.com/as", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader})
def test_client_registration(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as/") request = RegistrationRequest(client_name="myself", redirect_uris=["https://example.com/rp"]) resp = provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) _resp = ClientInfoResponse().from_json(resp.message) assert "client_id" in _resp
def __init__( self, name, sdb, cdb, authn_broker, authz, client_authn, symkey, urlmap=None, keyjar=None, hostname="", configuration=None, base_url="", client_authn_methods=None, authn_at_registration="", client_info_url="", secret_lifetime=86400, default_acr="", ): OAUTH2Provider.__init__( self, name, sdb, cdb, authn_broker, authz, client_authn, symkey=symkey, urlmap=urlmap, client_authn_methods=client_authn_methods, authn_at_registration=authn_at_registration, client_info_url=client_info_url, secret_lifetime=secret_lifetime, ) UmaAS.__init__(self, configuration, baseurl=base_url) if keyjar: self.keyjar = keyjar else: self.keyjar = KeyJar() self.hostname = hostname or socket.gethostname self.jwks_uri = [] self.endp = UmaAS.endp[:] self.endp.extend(OAUTH2Provider.endp) self.default_acr = default_acr
def __init__(self, name, sdb, cdb, authn_broker, authz, client_authn, symkey, urlmap=None, keyjar=None, hostname="", configuration=None, base_url="", client_authn_methods=None, authn_at_registration="", client_info_url="", secret_lifetime=86400, default_acr=""): OAUTH2Provider.__init__(self, name, sdb, cdb, authn_broker, authz, client_authn, symkey=symkey, urlmap=urlmap, client_authn_methods=client_authn_methods, authn_at_registration=authn_at_registration, client_info_url=client_info_url, secret_lifetime=secret_lifetime) UmaAS.__init__(self, configuration, baseurl=base_url) if keyjar: self.keyjar = keyjar else: self.keyjar = KeyJar() self.hostname = hostname or socket.gethostname self.jwks_uri = [] self.endp = UmaAS.endp[:] self.endp.extend(OAUTH2Provider.endp) self.default_acr = default_acr
def test_provider_init(): provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, AUTHN_BROKER, AUTHZ, verify_client, client_info_url="https://example.com/as") assert provider
class TestProvider(object): SERVER_INFO = { "version": "3.0", "issuer": "https://connect-op.heroku.com", "authorization_endpoint": "http://localhost:8088/authorization", "token_endpoint": "http://localhost:8088/token", "flows_supported": ["code", "token", "code token"], } CDB = { "a1b2c3": { "password": "******", "client_secret": "drickyoughurt" }, "client1": { "client_secret": "hemlighet", "redirect_uris": [("http://localhost:8087/authz", None)] } } @pytest.fixture(autouse=True) def create_provider(self): authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) self.provider = Provider("pyoicserv", sdb.SessionDB( TestProvider.SERVER_INFO["issuer"]), TestProvider.CDB, authn_broker, Implicit(), verify_client, client_info_url="https://example.com/as", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader}) def test_registration_endpoint(self): request = RegistrationRequest(client_name="myself", redirect_uris=["https://example.com/rp"]) resp = self.provider.registration_endpoint(request.to_json(), {}) assert isinstance(resp, Response) data = json.loads(resp.message) assert data["client_name"] == "myself" assert _eq(data["redirect_uris"], ["https://example.com/rp"]) _resp = ClientInfoResponse().from_json(resp.message) assert "client_id" in _resp def test_registration_uri_error(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", # invalid logo_uri "logo_uri": "https://client.example.org/logo.png", "jwks_uri": "https://client.example.org/my_public_keys.jwks" } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request.to_json(), {}) _resp = ClientRegistrationError().from_json(resp.message) assert "error" in _resp assert _resp["error"] == "invalid_client_metadata" def test_client_registration_utf_8_client_name(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request.to_json(), {}) _resp = ClientInfoResponse().from_json(resp.message) assert _resp[ "client_name#ja-Jpan-JP"] == "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D" assert _resp["client_name"] == "My Example Client" def test_client_user_info_get(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) resp = self.provider.client_info_endpoint( "", environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, query="client_id=%s" % _resp["client_id"]) _resp_cir = ClientInfoResponse().from_json(resp.message) assert _resp == _resp_cir def test_client_registration_update(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) update = { "client_id": _resp["client_id"], "client_secret": _resp["client_secret"], "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/alt"], "scope": "read write dolphin", "grant_types": ["authorization_code", "refresh_token"], "token_endpoint_auth_method": "client_secret_basic", "jwks_uri": "https://client.example.org/my_public_keys.jwks", "client_name": "My New Example", "client_name#fr": "Mon Nouvel Exemple", } update_req = RegistrationRequest(**update) resp = self.provider.client_info_endpoint( update_req.to_json(), environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, method="PUT", query="client_id=%s" % _resp["client_id"]) _resp_up = ClientInfoResponse().from_json(resp.message) assert _resp_up["client_id"] == update["client_id"] assert _resp_up["client_secret"] == update["client_secret"] assert _resp_up["redirect_uris"] == update["redirect_uris"] assert _resp_up["scope"] == update["scope"].split() assert _resp_up["grant_types"] == update["grant_types"] assert _resp_up["token_endpoint_auth_method"] == update[ "token_endpoint_auth_method"] assert _resp_up["jwks_uri"] == update["jwks_uri"] assert _resp_up["client_name"] == update["client_name"] assert _resp_up["client_name#fr"] == update["client_name#fr"] # def test_client_registration_delete(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) resp = self.provider.client_info_endpoint( "", environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, method="DELETE", query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, NoContent) # A read should fail resp = self.provider.client_info_endpoint( "", environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, Unauthorized)