def test_token_error_reponse_calls_to_error_view_if_set(self):
token_endpoint = ISSUER + '/token'
error_response = {
'error': 'invalid_request',
'error_description': 'test error'
}
responses.add(responses.POST,
token_endpoint,
body=json.dumps(error_response),
content_type='application/json')
authn = OIDCAuthentication(self.app,
provider_configuration_info={
'issuer': ISSUER,
'token_endpoint': token_endpoint
},
client_registration_info=dict(
client_id='abc', client_secret='foo'))
error_view_mock = MagicMock()
authn._error_view = error_view_mock
state = 'test_tate'
with self.app.test_request_context('/redirect_uri?code=foo&state=' +
state):
flask.session['state'] = state
authn._handle_authentication_response()
error_view_mock.assert_called_with(**error_response)
def test_configurable_userinfo_endpoint_method_is_used(self, method):
state = 'state'
nonce = 'nonce'
sub = 'foobar'
authn = OIDCAuthentication(
self.app,
provider_configuration_info={
'issuer': ISSUER,
'token_endpoint': '/token'
},
client_registration_info={'client_id': 'foo'},
userinfo_endpoint_method=method)
authn.client.do_access_token_request = MagicMock(
return_value=AccessTokenResponse(
**{
'id_token': IdToken(**{
'sub': sub,
'nonce': nonce
}),
'access_token': 'access_token'
}))
userinfo_request_mock = MagicMock(return_value=OpenIDSchema(
**{'sub': sub}))
authn.client.do_user_info_request = userinfo_request_mock
with self.app.test_request_context('/redirect_uri?code=foo&state=' +
state):
flask.session['state'] = state
flask.session['nonce'] = nonce
flask.session['destination'] = '/'
authn._handle_authentication_response()
userinfo_request_mock.assert_called_with(method=method, state=state)
def test_session_expiration_set_to_id_token_exp(self):
token_endpoint = ISSUER + '/token'
userinfo_endpoint = ISSUER + '/userinfo'
exp_time = 10
epoch_int = int(time.mktime(datetime(2017, 1, 1).timetuple()))
id_token = IdToken(
**{
'sub': 'sub1',
'iat': epoch_int,
'iss': ISSUER,
'aud': 'foo',
'nonce': 'test',
'exp': epoch_int + exp_time
})
token_response = {
'access_token': 'test',
'token_type': 'Bearer',
'id_token': id_token.to_jwt()
}
userinfo_response = {'sub': 'sub1'}
responses.add(responses.POST,
token_endpoint,
body=json.dumps(token_response),
content_type='application/json')
responses.add(responses.POST,
userinfo_endpoint,
body=json.dumps(userinfo_response),
content_type='application/json')
authn = OIDCAuthentication(
self.app,
provider_configuration_info={
'issuer': ISSUER,
'token_endpoint': token_endpoint,
'userinfo_endpoint': userinfo_endpoint
},
client_registration_info={
'client_id': 'foo',
'client_secret': 'foo'
},
)
self.app.config.update({'SESSION_PERMANENT': True})
with self.app.test_request_context(
'/redirect_uri?state=test&code=test'):
flask.session['destination'] = '/'
flask.session['state'] = 'test'
flask.session['nonce'] = 'test'
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
authn._handle_authentication_response()
assert flask.session.permanent is True
assert int(flask.session.permanent_session_lifetime) == exp_time
def test_token_error_reponse_returns_default_error_if_no_error_view_set(
self):
token_endpoint = ISSUER + '/token'
error_response = {
'error': 'invalid_request',
'error_description': 'test error'
}
responses.add(responses.POST,
token_endpoint,
body=json.dumps(error_response),
content_type='application/json')
authn = OIDCAuthentication(self.app,
provider_configuration_info={
'issuer': ISSUER,
'token_endpoint': token_endpoint
},
client_registration_info=dict(
client_id='abc', client_secret='foo'))
state = 'test_tate'
with self.app.test_request_context('/redirect_uri?code=foo&state=' +
state):
flask.session['state'] = state
response = authn._handle_authentication_response()
assert response == 'Something went wrong with the authentication, please try to login again.'
def test_authentication_error_reponse_calls_to_error_view_if_set(self):
state = 'test_tate'
error_response = {
'error': 'invalid_request',
'error_description': 'test error'
}
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info=dict(client_id='abc',
client_secret='foo'))
error_view_mock = MagicMock()
authn._error_view = error_view_mock
with self.app.test_request_context(
'/redirect_uri?{error}&state={state}'.format(
error=urlencode(error_response), state=state)):
flask.session['state'] = state
authn._handle_authentication_response()
error_view_mock.assert_called_with(**error_response)
def test_configurable_userinfo_endpoint_method_is_used(self, method):
state = 'state'
nonce = 'nonce'
sub = 'foobar'
authn = OIDCAuthentication(self.app, provider_configuration_info={'issuer': ISSUER,
'token_endpoint': '/token'},
client_registration_info={'client_id': 'foo'},
userinfo_endpoint_method=method)
authn.client.do_access_token_request = MagicMock(
return_value={'id_token': IdToken(**{'sub': sub, 'nonce': nonce}),
'access_token': 'access_token'})
userinfo_request_mock = MagicMock(return_value=OpenIDSchema(**{'sub': sub}))
authn.client.do_user_info_request = userinfo_request_mock
with self.app.test_request_context('/redirect_uri?code=foo&state=' + state):
flask.session['state'] = state
flask.session['nonce'] = nonce
flask.session['destination'] = '/'
authn._handle_authentication_response()
userinfo_request_mock.assert_called_with(method=method, state=state)
def test_authentication_error_reponse_returns_default_error_if_no_error_view_set(
self):
state = 'test_tate'
error_response = {
'error': 'invalid_request',
'error_description': 'test error'
}
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info=dict(client_id='abc',
client_secret='foo'))
with self.app.test_request_context(
'/redirect_uri?{error}&state={state}'.format(
error=urlencode(error_response), state=state)):
flask.session['state'] = state
response = authn._handle_authentication_response()
assert response == 'Something went wrong with the authentication, please try to login again.'
