def test_token_error_reponse_calls_to_error_view_if_set(self): token_endpoint = ISSUER + '/token' error_response = { 'error': 'invalid_request', 'error_description': 'test error' } responses.add(responses.POST, token_endpoint, body=json.dumps(error_response), content_type='application/json') authn = OIDCAuthentication(self.app, provider_configuration_info={ 'issuer': ISSUER, 'token_endpoint': token_endpoint }, client_registration_info=dict( client_id='abc', client_secret='foo')) error_view_mock = MagicMock() authn._error_view = error_view_mock state = 'test_tate' with self.app.test_request_context('/redirect_uri?code=foo&state=' + state): flask.session['state'] = state authn._handle_authentication_response() error_view_mock.assert_called_with(**error_response)
def test_configurable_userinfo_endpoint_method_is_used(self, method): state = 'state' nonce = 'nonce' sub = 'foobar' authn = OIDCAuthentication( self.app, provider_configuration_info={ 'issuer': ISSUER, 'token_endpoint': '/token' }, client_registration_info={'client_id': 'foo'}, userinfo_endpoint_method=method) authn.client.do_access_token_request = MagicMock( return_value=AccessTokenResponse( **{ 'id_token': IdToken(**{ 'sub': sub, 'nonce': nonce }), 'access_token': 'access_token' })) userinfo_request_mock = MagicMock(return_value=OpenIDSchema( **{'sub': sub})) authn.client.do_user_info_request = userinfo_request_mock with self.app.test_request_context('/redirect_uri?code=foo&state=' + state): flask.session['state'] = state flask.session['nonce'] = nonce flask.session['destination'] = '/' authn._handle_authentication_response() userinfo_request_mock.assert_called_with(method=method, state=state)
def test_session_expiration_set_to_id_token_exp(self): token_endpoint = ISSUER + '/token' userinfo_endpoint = ISSUER + '/userinfo' exp_time = 10 epoch_int = int(time.mktime(datetime(2017, 1, 1).timetuple())) id_token = IdToken( **{ 'sub': 'sub1', 'iat': epoch_int, 'iss': ISSUER, 'aud': 'foo', 'nonce': 'test', 'exp': epoch_int + exp_time }) token_response = { 'access_token': 'test', 'token_type': 'Bearer', 'id_token': id_token.to_jwt() } userinfo_response = {'sub': 'sub1'} responses.add(responses.POST, token_endpoint, body=json.dumps(token_response), content_type='application/json') responses.add(responses.POST, userinfo_endpoint, body=json.dumps(userinfo_response), content_type='application/json') authn = OIDCAuthentication( self.app, provider_configuration_info={ 'issuer': ISSUER, 'token_endpoint': token_endpoint, 'userinfo_endpoint': userinfo_endpoint }, client_registration_info={ 'client_id': 'foo', 'client_secret': 'foo' }, ) self.app.config.update({'SESSION_PERMANENT': True}) with self.app.test_request_context( '/redirect_uri?state=test&code=test'): flask.session['destination'] = '/' flask.session['state'] = 'test' flask.session['nonce'] = 'test' flask.session['id_token'] = id_token.to_dict() flask.session['id_token_jwt'] = id_token.to_jwt() authn._handle_authentication_response() assert flask.session.permanent is True assert int(flask.session.permanent_session_lifetime) == exp_time
def test_token_error_reponse_returns_default_error_if_no_error_view_set( self): token_endpoint = ISSUER + '/token' error_response = { 'error': 'invalid_request', 'error_description': 'test error' } responses.add(responses.POST, token_endpoint, body=json.dumps(error_response), content_type='application/json') authn = OIDCAuthentication(self.app, provider_configuration_info={ 'issuer': ISSUER, 'token_endpoint': token_endpoint }, client_registration_info=dict( client_id='abc', client_secret='foo')) state = 'test_tate' with self.app.test_request_context('/redirect_uri?code=foo&state=' + state): flask.session['state'] = state response = authn._handle_authentication_response() assert response == 'Something went wrong with the authentication, please try to login again.'
def test_authentication_error_reponse_calls_to_error_view_if_set(self): state = 'test_tate' error_response = { 'error': 'invalid_request', 'error_description': 'test error' } authn = OIDCAuthentication( self.app, provider_configuration_info={'issuer': ISSUER}, client_registration_info=dict(client_id='abc', client_secret='foo')) error_view_mock = MagicMock() authn._error_view = error_view_mock with self.app.test_request_context( '/redirect_uri?{error}&state={state}'.format( error=urlencode(error_response), state=state)): flask.session['state'] = state authn._handle_authentication_response() error_view_mock.assert_called_with(**error_response)
def test_configurable_userinfo_endpoint_method_is_used(self, method): state = 'state' nonce = 'nonce' sub = 'foobar' authn = OIDCAuthentication(self.app, provider_configuration_info={'issuer': ISSUER, 'token_endpoint': '/token'}, client_registration_info={'client_id': 'foo'}, userinfo_endpoint_method=method) authn.client.do_access_token_request = MagicMock( return_value={'id_token': IdToken(**{'sub': sub, 'nonce': nonce}), 'access_token': 'access_token'}) userinfo_request_mock = MagicMock(return_value=OpenIDSchema(**{'sub': sub})) authn.client.do_user_info_request = userinfo_request_mock with self.app.test_request_context('/redirect_uri?code=foo&state=' + state): flask.session['state'] = state flask.session['nonce'] = nonce flask.session['destination'] = '/' authn._handle_authentication_response() userinfo_request_mock.assert_called_with(method=method, state=state)
def test_authentication_error_reponse_returns_default_error_if_no_error_view_set( self): state = 'test_tate' error_response = { 'error': 'invalid_request', 'error_description': 'test error' } authn = OIDCAuthentication( self.app, provider_configuration_info={'issuer': ISSUER}, client_registration_info=dict(client_id='abc', client_secret='foo')) with self.app.test_request_context( '/redirect_uri?{error}&state={state}'.format( error=urlencode(error_response), state=state)): flask.session['state'] = state response = authn._handle_authentication_response() assert response == 'Something went wrong with the authentication, please try to login again.'