class TestRPHandlerWithMockOP(object):
@pytest.fixture(autouse=True)
def rphandler_setup(self):
self.rph = RPHandler(
base_url=BASE_URL,
client_configs=CLIENT_CONFIG,
http_lib=MockOP(issuer='https://github.com/login/oauth/authorize'))
def test_finalize(self):
auth_query = self.rph.begin(issuer_id='github')
# The authorization query is sent and after successful authentication
client = self.rph.get_client_from_session_key(
state=auth_query['state'])
_ = client.http(auth_query['url'])
# the user is redirected back to the RP with a positive response
auth_response = AuthorizationResponse(code='access_code',
state=auth_query['state'])
# need session information and the client instance
_session = self.rph.get_session_information(auth_response['state'])
client = self.rph.get_client_from_session_key(
state=auth_response['state'])
# Faking
self.rph.httplib.keyjar = client.service_context.keyjar
# do the rest (= get access token and user info)
# assume code flow
resp = self.rph.finalize(_session['iss'], auth_response.to_dict())
assert set(resp.keys()) == {'userinfo', 'state', 'token'}
class TestRPHandlerWithMockOP(object):
@pytest.fixture(autouse=True)
def rphandler_setup(self):
self.issuer = 'https://github.com/login/oauth/authorize'
self.mock_op = MockOP(issuer=self.issuer)
self.rph = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
http_lib=self.mock_op,
keyjar=KeyJar())
def test_finalize(self):
auth_query = self.rph.begin(issuer_id='github')
# The authorization query is sent and after successful authentication
client = self.rph.get_client_from_session_key(
state=auth_query['state'])
# register a response
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['authorization_endpoint'])
self.mock_op.register_get_response(p.path, 'Redirect', 302)
_ = client.http(auth_query['url'])
# the user is redirected back to the RP with a positive response
auth_response = AuthorizationResponse(code='access_code',
state=auth_query['state'])
# need session information and the client instance
_session = self.rph.get_session_information(auth_response['state'])
client = self.rph.get_client_from_session_key(
state=auth_response['state'])
# Faking
resp = construct_access_token_response(
_session['auth_request']['nonce'],
issuer=self.issuer,
client_id=CLIENT_CONFIG['github']['client_id'],
key_jar=GITHUB_KEY)
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['token_endpoint'])
self.mock_op.register_post_response(
p.path, resp.to_json(), 200, {'content-type': "application/json"})
_info = OpenIDSchema(sub='EndUserSubject',
given_name='Diana',
family_name='Krall',
occupation='Jazz pianist')
p = urlparse(
CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint'])
self.mock_op.register_get_response(
p.path, _info.to_json(), 200, {'content-type': "application/json"})
_github_id = iss_id('github')
client.service_context.keyjar.import_jwks(
GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
# do the rest (= get access token and user info)
# assume code flow
resp = self.rph.finalize(_session['iss'], auth_response.to_dict())
assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'}
def test_dynamic_setup(self):
user_id = 'acct:[email protected]'
_link = Link(rel="http://openid.net/specs/connect/1.0/issuer",
href="https://server.example.com")
webfinger_response = JRD(subject=user_id, links=[_link])
self.mock_op.register_get_response(
'/.well-known/webfinger', webfinger_response.to_json(), 200,
{'content-type': "application/json"})
resp = {
"authorization_endpoint":
"https://server.example.com/connect/authorize",
"issuer":
"https://server.example.com",
"subject_types_supported": ['public'],
"token_endpoint":
"https://server.example.com/connect/token",
"token_endpoint_auth_methods_supported":
["client_secret_basic", "private_key_jwt"],
"userinfo_endpoint":
"https://server.example.com/connect/user",
"check_id_endpoint":
"https://server.example.com/connect/check_id",
"refresh_session_endpoint":
"https://server.example.com/connect/refresh_session",
"end_session_endpoint":
"https://server.example.com/connect/end_session",
"jwks_uri":
"https://server.example.com/jwk.json",
"registration_endpoint":
"https://server.example.com/connect/register",
"scopes_supported":
["openid", "profile", "email", "address", "phone"],
"response_types_supported":
["code", "code id_token", "token id_token"],
"acrs_supported":
["1", "2", "http://id.incommon.org/assurance/bronze"],
"user_id_types_supported": ["public", "pairwise"],
"userinfo_algs_supported":
["HS256", "RS256", "A128CBC", "A128KW", "RSA1_5"],
"id_token_signing_alg_values_supported":
["HS256", "RS256", "A128CBC", "A128KW", "RSA1_5"],
"request_object_algs_supported":
["HS256", "RS256", "A128CBC", "A128KW", "RSA1_5"]
}
pcr = ProviderConfigurationResponse(**resp)
self.mock_op.register_get_response(
'/.well-known/openid-configuration', pcr.to_json(), 200,
{'content-type': "application/json"})
self.mock_op.register_post_response(
'/connect/register', registration_callback, 200,
{'content-type': "application/json"})
auth_query = self.rph.begin(user_id=user_id)
assert auth_query
