def test_parse_registration_request(self):
regreq = RegistrationRequest(
contacts=["*****@*****.**"],
redirect_uris=["http://example.org/jqauthz"],
application_name="pacubar",
client_id=CLIENT_ID,
operation="register",
application_type="web",
)
request = self.srv.parse_registration_request(
data=regreq.to_urlencoded())
assert isinstance(request, RegistrationRequest)
assert _eq(
request.keys(),
[
"redirect_uris",
"contacts",
"client_id",
"application_name",
"operation",
"application_type",
"response_types",
],
)
assert request["application_name"] == "pacubar"
assert request["operation"] == "register"
def test_registration_request(self):
req = RegistrationRequest(
operation="register",
default_max_age=10,
require_auth_time=True,
default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {
"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web",
"default_acr": "foo",
"require_auth_time": True,
"operation": "register",
"default_max_age": 10,
"response_types": ["code"]
}
assert js_obj == expected_js_obj
flattened_list_dict = {
k: v[0] if isinstance(v, list) else v
for k, v in expected_js_obj.items()
}
assert query_string_compare(req.to_urlencoded(),
urlencode(flattened_list_dict))
def test_scope_who_am_i(provider):
registration_params = {
"application_type": "web",
"response_types": ["code", "token"],
"redirect_uris": "http://example.org"
}
reg_req = RegistrationRequest(**registration_params)
resp = provider.registration_endpoint(reg_req.to_urlencoded())
reg_resp = RegistrationResponse().from_json(resp.message)
auth_req = AuthorizationRequest(
**{
"client_id": reg_resp["client_id"],
"scope": "openid who_am_i",
"response_type": "code token",
"redirect_uri": "http://example.org",
"state": "state0",
"nonce": "nonce0"
})
resp = provider.authorization_endpoint(auth_req.to_urlencoded())
auth_resp = AuthorizationResponse().from_urlencoded(resp.message)
userinfo_req = UserInfoRequest(
**{"access_token": auth_resp["access_token"]})
resp = provider.userinfo_endpoint(userinfo_req.to_urlencoded())
userinfo_resp = AuthorizationResponse().from_json(resp.message)
assert userinfo_resp["given_name"] == "Bruce"
assert userinfo_resp["family_name"] == "Lee"
def test_registration_request():
req = RegistrationRequest(type="client_associate", default_max_age=10,
require_auth_time=True, default_acr="foo")
js = req.to_json()
print js
assert js == '{"require_auth_time": true, "default_acr": "foo", "type": "client_associate", "default_max_age": 10}'
ue = req.to_urlencoded()
print ue
assert ue == 'default_acr=foo&type=client_associate&default_max_age=10&require_auth_time=True'
def test_registration_endpoint():
server = provider_init
req = RegistrationRequest(operation="register")
req["application_type"] = "web"
req["client_name"] = "My super service"
req["redirect_uris"] = ["http://example.com/authz"]
req["contacts"] = ["*****@*****.**"]
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = req.to_urlencoded()
resp = server.registration_endpoint(environ, start_response)
print resp
regresp = RegistrationResponse().deserialize(resp[0], "json")
print regresp.keys()
assert _eq(regresp.keys(), ['redirect_uris', 'application_type',
'expires_at', 'registration_access_token',
'client_id', 'client_secret', 'client_name',
"contacts"])
# --- UPDATE ----
req = RegistrationRequest(operation="client_update")
req["application_type"] = "web"
req["client_name"] = "My super duper service"
req["redirect_uris"] = ["http://example.com/authz"]
req["contacts"] = ["*****@*****.**"]
environ = BASE_ENVIRON.copy()
environ["QUERY_STRING"] = req.to_urlencoded()
environ["HTTP_AUTHORIZATION"] = "Bearer %s" % regresp["registration_access_token"]
resp = server.registration_endpoint(environ, start_response)
print resp
update = RegistrationResponse().deserialize(resp[0], "json")
print update.keys()
assert _eq(update.keys(), ['redirect_uris', 'application_type',
'expires_at', 'registration_access_token',
'client_id', 'client_secret', 'client_name',
'contacts'])
def test_registration_request():
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
print js
assert js == '{"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": true, "operation": "register", "default_max_age": 10}'
ue = req.to_urlencoded()
print ue
assert ue == 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'
def test_registration_request():
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10}
assert js_obj == expected_js_obj
ue = req.to_urlencoded()
ue_splits = ue.split('&')
expected_ue_splits = 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'.split('&')
assert _eq(ue_splits, expected_ue_splits)
def test_registration_request():
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10}
assert js_obj == expected_js_obj
ue = req.to_urlencoded()
ue_splits = ue.split('&')
expected_ue_splits = 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'.split('&')
assert _eq(ue_splits, expected_ue_splits)
def test_registration_request():
req = RegistrationRequest(operation="register",
default_max_age=10,
require_auth_time=True,
default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
print js
assert js == '{"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": true, "operation": "register", "default_max_age": 10}'
ue = req.to_urlencoded()
print ue
assert ue == 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'
def test_registration_with_non_https(provider):
redirect_uris = ["http://example.org"]
registration_params = {
"application_type": "web",
"response_types": ["id_token", "token"],
"redirect_uris": redirect_uris}
req = RegistrationRequest(**registration_params)
resp = provider.registration_endpoint(req.to_urlencoded())
resp = RegistrationResponse().from_json(resp.message)
assert resp["client_id"] is not None
assert resp["client_secret"] is not None
assert resp["redirect_uris"] == redirect_uris
def test_registration_with_non_https(provider):
redirect_uris = ["http://example.org"]
registration_params = {
"application_type": "web",
"response_types": ["id_token", "token"],
"redirect_uris": redirect_uris
}
req = RegistrationRequest(**registration_params)
resp = provider.registration_endpoint(req.to_urlencoded())
resp = RegistrationResponse().from_json(resp.message)
assert resp["client_id"] is not None
assert resp["client_secret"] is not None
assert resp["redirect_uris"] == redirect_uris
def test_registration_request(self):
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=[
"https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web", "default_acr": "foo",
"require_auth_time": True, "operation": "register",
"default_max_age": 10}
assert js_obj == expected_js_obj
assert query_string_compare(req.to_urlencoded(),
"redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10")
def test_registration_request(self):
req = RegistrationRequest(operation="register", default_max_age=10,
require_auth_time=True, default_acr="foo",
application_type="web",
redirect_uris=[
"https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web", "default_acr": "foo",
"require_auth_time": True, "operation": "register",
"default_max_age": 10, "response_types": ["code"]}
assert js_obj == expected_js_obj
flattened_list_dict = {k: v[0] if isinstance(v, list) else v for k, v in expected_js_obj.items()}
assert query_string_compare(req.to_urlencoded(), urlencode(flattened_list_dict))
def register(self, url, operation="register", application_type="web",
**kwargs):
req = RegistrationRequest(operation=operation,
application_type=application_type)
if operation == "update":
req["client_id"] = self.client_id
req["client_secret"] = self.client_secret
for prop in req.parameters():
if prop in ["operation", "client_id", "client_secret"]:
continue
try:
req[prop] = kwargs[prop]
except KeyError:
try:
req[prop] = self.behaviour[prop]
except KeyError:
pass
if "redirect_uris" not in req:
try:
req["redirect_uris"] = self.redirect_uris
except AttributeError:
raise MissingRequiredAttribute("redirect_uris")
headers = {"content-type": "application/x-www-form-urlencoded"}
if operation == "client_update":
headers["Authorization"] = "Bearer %s" % self.registration_access_token
rsp = self.http_request(url, "POST", data=req.to_urlencoded(),
headers=headers)
if rsp.status_code == 200:
resp = RegistrationResponse().deserialize(rsp.text, "json")
self.client_secret = resp["client_secret"]
self.client_id = resp["client_id"]
self.registration_expires = resp["expires_at"]
self.registration_access_token = resp["registration_access_token"]
else:
err = ErrorResponse().deserialize(rsp.text, "json")
raise Exception("Registration failed: %s" % err.get_json())
return resp
def test_parse_registration_request(self):
regreq = RegistrationRequest(contacts=["*****@*****.**"],
redirect_uris=[
"http://example.org/jqauthz"],
application_name="pacubar",
client_id=CLIENT_ID,
operation="register",
application_type="web")
request = self.srv.parse_registration_request(
data=regreq.to_urlencoded())
assert isinstance(request, RegistrationRequest)
assert _eq(request.keys(), ['redirect_uris', 'contacts', 'client_id',
'application_name', 'operation',
'application_type', 'response_types'])
assert request["application_name"] == "pacubar"
assert request["operation"] == "register"
def test_registered_redirect_uri_with_query_component():
provider2 = Provider("FOOP", {}, {}, None, None)
environ = {}
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb?foo=bar"])
registration_req = rr.to_urlencoded()
resp = provider2.registration_endpoint(environ, start_response,
query=registration_req)
regresp = RegistrationResponse().from_json(resp[0])
print regresp.to_dict()
faulty = [
"http://example.org/cb",
"http://example.org/cb/foo",
"http://example.org/cb?got=you",
"http://example.org/cb?foo=you"
]
correct = [
"http://example.org/cb?foo=bar",
"http://example.org/cb?foo=bar&got=you",
"http://example.org/cb?foo=bar&foo=you"
]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=regresp["client_id"],
scope="openid",
response_type="code")
print areq
assert provider2._verify_redirect_uri(areq) != None
for ruri in correct:
areq = AuthorizationRequest(redirect_uri= ruri,
client_id=regresp["client_id"])
resp = provider2._verify_redirect_uri(areq)
print resp
assert resp == None
def register(self, server, type="client_associate", **kwargs):
req = RegistrationRequest(type=type)
if type == "client_update" or type == "rotate_secret":
req["client_id"] = self.client_id
req["client_secret"] = self.client_secret
for prop in req.parameters():
if prop in ["type", "client_id", "client_secret"]:
continue
try:
val = getattr(self, prop)
if val:
req[prop] = val
except Exception:
val = None
if not val:
try:
req[prop] = kwargs[prop]
except KeyError:
pass
headers = {"content-type": "application/x-www-form-urlencoded"}
rsp = self.http_request(server, "POST", data=req.to_urlencoded(),
headers=headers)
if rsp.status_code == 200:
if type == "client_associate" or type == "rotate_secret":
rr = RegistrationResponseCARS()
else:
rr = RegistrationResponseCU()
resp = rr.deserialize(rsp.text, "json")
self.client_secret = resp["client_secret"]
self.client_id = resp["client_id"]
self.registration_expires = resp["expires_at"]
else:
err = ErrorResponse().deserialize(rsp.text, "json")
raise Exception("Registration failed: %s" % err.get_json())
return resp
def test_scope_who_am_i(provider):
registration_params = {
"application_type": "web",
"response_types": ["code", "token"],
"redirect_uris": "http://example.org"}
reg_req = RegistrationRequest(**registration_params)
resp = provider.registration_endpoint(reg_req.to_urlencoded())
reg_resp = RegistrationResponse().from_json(resp.message)
auth_req = AuthorizationRequest(
**{"client_id": reg_resp["client_id"], "scope": "openid who_am_i",
"response_type": "code token",
"redirect_uri": "http://example.org", "state": "state0", "nonce": "nonce0"})
resp = provider.authorization_endpoint(auth_req.to_urlencoded())
auth_resp = AuthorizationResponse().from_urlencoded(resp.message)
userinfo_req = UserInfoRequest(**{"access_token": auth_resp["access_token"]})
resp = provider.userinfo_endpoint(userinfo_req.to_urlencoded())
userinfo_resp = AuthorizationResponse().from_json(resp.message)
assert userinfo_resp["given_name"] == "Bruce"
assert userinfo_resp["family_name"] == "Lee"
def test_registered_redirect_uri_without_query_component():
provider = Provider("FOO", {}, {}, None, None)
rr = RegistrationRequest(operation="register",
redirect_uris=["http://example.org/cb"])
registration_req = rr.to_urlencoded()
provider.registration_endpoint({}, start_response,
query=registration_req)
correct = [
"http://example.org/cb",
"http://example.org/cb/foo",
"http://example.org/cb?got=you",
"http://example.org/cb/foo?got=you"
]
faulty = [
"http://example.org/foo",
"http://example.com/cb",
]
for ruri in faulty:
areq = AuthorizationRequest(redirect_uri=ruri,
client_id=provider.cdb.keys()[0],
response_type="code",
scope="openid")
print areq
assert provider._verify_redirect_uri(areq) != None
for ruri in correct:
areq = AuthorizationRequest(redirect_uri= ruri,
client_id=provider.cdb.keys()[0])
resp = provider._verify_redirect_uri(areq)
if resp:
print resp.message
assert resp is None
def test_registration_request(self):
req = RegistrationRequest(
operation="register",
default_max_age=10,
require_auth_time=True,
default_acr="foo",
application_type="web",
redirect_uris=["https://example.com/authz_cb"])
js = req.to_json()
js_obj = json.loads(js)
expected_js_obj = {
"redirect_uris": ["https://example.com/authz_cb"],
"application_type": "web",
"default_acr": "foo",
"require_auth_time": True,
"operation": "register",
"default_max_age": 10
}
assert js_obj == expected_js_obj
assert query_string_compare(
req.to_urlencoded(),
"redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10"
)