def create_sdb(self):
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[""] = [kb]
self.sdb = SessionDB(
"https://example.com/",
db=DictSessionBackend(),
code_factory=DefaultToken("supersecret",
"verybadpassword",
typ="A",
lifetime=600),
token_factory=JWTToken(
"T",
keyjar=kj,
lt_pattern={
"code": 3600,
"token": 900
},
iss="https://example.com/as",
sign_alg="RS256",
),
refresh_token_factory=JWTToken(
"R",
keyjar=kj,
lt_pattern={"": 24 * 3600},
iss="https://example.com/as",
token_storage={},
),
)
def test_get_sids_from_uid_distributed(self):
db = DictSessionBackend()
sdb1 = create_session_db("https://example.com/1",
"secret",
"password",
db=db)
sdb2 = create_session_db("https://example.com/2",
"secret",
"password",
db=db)
ae = AuthnEvent("sub", "salt", time_stamp=time.time())
sid1 = sdb1.create_authz_session(ae, AREQ)
sdb1.do_sub(sid1, "salt")
sid2 = sdb2.create_authz_session(ae, AREQ)
sdb2.do_sub(sid2, "salt")
sdb1sids = sdb1.get_sids_from_uid("sub")
sdb2sids = sdb2.get_sids_from_uid("sub")
assert sdb1sids == sdb2sids
def setup_consumer(self, session_db_factory):
client_id = "client_1"
client_config = {
"client_id": client_id,
"client_authn_method": CLIENT_AUTHN_METHOD,
}
self.consumer = Consumer(DictSessionBackend(), CONFIG, client_config,
SERVER_INFO)
self.consumer.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
self.consumer.keyjar = CLIKEYS
self.consumer.redirect_uris = ["https://example.com/cb"]
self.consumer.authorization_endpoint = "https://example.com/authorization"
self.consumer.token_endpoint = "https://example.com/token"
self.consumer.userinfo_endpoint = "https://example.com/userinfo" # type: ignore
self.consumer.client_secret = "hemlig"
self.consumer.secret_type = "basic"
def create_provider(self, session_db_factory):
self.provider = Provider(
SERVER_INFO["issuer"],
session_db_factory(SERVER_INFO["issuer"]),
self.CDB,
AUTHN_BROKER,
USERINFO,
AUTHZ,
verify_client,
SYMKEY,
urlmap=URLMAP,
keyjar=KEYJAR,
)
self.provider.baseurl = self.provider.name
self.provider.logout_verify_url = "https://127.0.0.1/logout_verify.html"
self.cons = Consumer(
DictSessionBackend(),
CONSUMER_CONFIG.copy(),
CLIENT_CONFIG,
server_info=SERVER_INFO,
)
self.cons.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
self.cons.keyjar[""] = KC_RSA
self.cons.keyjar.import_jwks(self.provider.keyjar.export_jwks(),
self.cons.issuer)
self.cons2 = Consumer({},
CONSUMER_CONFIG.copy(),
CLIENT_CONFIG_2,
server_info=SERVER_INFO)
self.cons2.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
self.cons2.keyjar[""] = KC_RSA
def create_sdb(self):
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[''] = [kb]
self.sdb = SessionDB(
"https://example.com/",
db=DictSessionBackend(),
code_factory=DefaultToken('supersecret',
'verybadpassword',
typ='A',
lifetime=600),
token_factory=JWTToken('T',
keyjar=kj,
lt_pattern={
'code': 3600,
'token': 900
},
iss='https://example.com/as',
sign_alg='RS256'),
refresh_token_factory=JWTToken('R',
keyjar=kj,
lt_pattern={'': 24 * 3600},
iss='https://example.com/as'))
def __init__(
self,
session_db,
consumer_config,
client_config=None,
server_info=None,
debug=False,
client_prefs=None,
sso_db=None,
):
"""
Initialize a Consumer instance.
:param session_db: Where info are kept about sessions
:param config: Configuration of the consumer
:param client_config: Client configuration
:param server_info: Information about the server
:param client_prefs: Run time preferences, which are chosen depends
on what the server can do.
"""
if client_config is None:
client_config = {}
Client.__init__(self, **client_config)
self.consumer_config = consumer_config
if consumer_config:
try:
self.debug = consumer_config["debug"]
except KeyError:
self.debug = 0
if server_info:
for endpoint in ENDPOINTS:
try:
setattr(self, endpoint, server_info[endpoint])
except KeyError:
setattr(self, endpoint, "")
if not isinstance(session_db, SessionBackend):
warnings.warn(
"Please use `SessionBackend` to ensure proper API for the database.",
DeprecationWarning,
)
self.sdb = session_db
if sso_db is not None:
if not isinstance(sso_db, SessionBackend):
warnings.warn(
"Please use `SessionBackend` to ensure proper API for the database.",
DeprecationWarning,
)
self.sso_db: SessionBackend = sso_db
else:
self.sso_db = DictSessionBackend()
self.debug = debug
self.seed = ""
self.nonce = ""
self.request_filename = ""
self.request_uri = ""
self.user_info = None
self.registration_expires_at = 0
self.secret_type = "Bearer"
def setUp(self):
self.backend = DictSessionBackend()
class TestSessionBackend(TestCase):
"""Unittests for SessionBackend - using the DictSessionBackend."""
def setUp(self):
self.backend = DictSessionBackend()
def test_setitem(self):
self.backend["key"] = "value"
self.assertEqual(self.backend.storage["key"], "value")
self.backend["key"] = "new_value"
self.assertEqual(self.backend.storage["key"], "new_value")
def test_getitem(self):
self.backend.storage = {"key": "value"}
self.assertEqual(self.backend["key"], "value")
with self.assertRaises(KeyError):
self.backend["missing"]
def test_delitem(self):
self.backend.storage = {"key": "value"}
del self.backend["key"]
self.assertEqual(self.backend.storage, {})
def test_contains(self):
self.backend["key"] = "value"
self.assertTrue("key" in self.backend)
self.assertFalse("missing" in self.backend)
def test_get_by_sub(self):
self.backend.storage = {"session_id": {"sub": "my_sub"}}
self.assertEqual(set(self.backend.get_by_sub("my_sub")),
{"session_id"})
self.assertEqual(set(self.backend.get_by_sub("missing")), set())
def test_get_by_sub_multiple(self):
self.backend.storage = {
"session_id1": {
"sub": "my_sub"
},
"session_id2": {
"sub": "my_sub"
}
}
self.assertEqual(set(self.backend.get_by_sub("my_sub")),
{"session_id1", "session_id2"})
def test_get_by_uid(self):
aevent = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {"session_id": {"authn_event": aevent}}
self.assertEqual(set(self.backend.get_by_uid("my_uid")),
{"session_id"})
self.assertEqual(set(self.backend.get_by_uid("missing")), set())
def test_get_by_uid_multiple(self):
aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id1": {
"authn_event": aevent1
},
"session_id2": {
"authn_event": aevent2
}
}
self.assertEqual(set(self.backend.get_by_uid("my_uid")),
{"session_id1", "session_id2"})
def test_get_client_ids_for_uid(self):
aevent = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id": {
"authn_event": aevent,
"client_id": "my_client"
}
}
self.assertEqual(set(self.backend.get_client_ids_for_uid("my_uid")),
{"my_client"})
self.assertEqual(set(self.backend.get_client_ids_for_uid("missing")),
set())
def test_get_client_ids_for_uid_multiple(self):
aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id1": {
"authn_event": aevent1,
"client_id": "my_client"
},
"session_id2": {
"authn_event": aevent2,
"client_id": "my_other"
}
}
self.assertEqual(set(self.backend.get_client_ids_for_uid("my_uid")),
{"my_client", "my_other"})
def test_get_verified_logout(self):
aevent1 = AuthnEvent("my_uid1", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid2", "some_salt").to_json()
self.backend.storage = {
"session_id": {
"authn_event": aevent1,
"verified_logout": "verification key"
},
"session_id2": {
"authn_event": aevent2
}
}
self.assertEqual(self.backend.get_verified_logout("my_uid1"),
"verification key")
self.assertIsNone(self.backend.get_verified_logout("my_uid2"))
self.assertIsNone(self.backend.get_verified_logout("missing"))
def test_get_verified_logout_multiple(self):
aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id1": {
"authn_event": aevent1,
"verified_logout": "verification key"
},
"session_id2": {
"authn_event": aevent2,
"verified_logout": "verification key"
}
}
self.assertEqual(self.backend.get_verified_logout("my_uid"),
"verification key")
def test_get_token_ids(self):
aevent = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id": {
"authn_event": aevent,
"id_token": "Id token"
}
}
self.assertEqual(set(self.backend.get_token_ids("my_uid")),
{"Id token"})
self.assertEqual(set(self.backend.get_token_ids("missing")), set())
def test_get_token_ids_multiple(self):
aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id1": {
"authn_event": aevent1,
"id_token": "Id token 1"
},
"session_id2": {
"authn_event": aevent2,
"id_token": "Id token 2"
}
}
self.assertEqual(set(self.backend.get_token_ids("my_uid")),
{"Id token 1", "Id token 2"})
def test_is_revoke_uid_false(self):
aevent = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id": {
"authn_event": aevent,
"revoked": False
}
}
self.assertFalse(self.backend.is_revoke_uid("my_uid"))
def test_is_revoke_uid_true(self):
aevent = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id": {
"authn_event": aevent,
"revoked": True
}
}
self.assertTrue(self.backend.is_revoke_uid("my_uid"))
def test_is_revoke_uid_multiple(self):
aevent1 = AuthnEvent("my_uid", "some_salt").to_json()
aevent2 = AuthnEvent("my_uid", "some_salt").to_json()
self.backend.storage = {
"session_id1": {
"authn_event": aevent1,
"revoked": True
},
"session_id2": {
"authn_event": aevent2,
"revoked": False
}
}
self.assertTrue(self.backend.is_revoke_uid("my_uid"))