def initialised_session(self, session_storage): return UserSession(session_storage, self.PROVIDER_NAME)
def test_initialising_session_with_existing_user_session_should_preserve_state( self): storage = {} session1 = UserSession(storage, self.PROVIDER_NAME) session1.update(id_token=self.GOOD_ID_TOKEN) assert session1.is_authenticated() is True assert session1.current_provider == self.PROVIDER_NAME session2 = UserSession(storage, self.PROVIDER_NAME) assert session2.is_authenticated() is True assert session2.current_provider == self.PROVIDER_NAME session3 = UserSession(storage) assert session3.is_authenticated() is True assert session3.current_provider == self.PROVIDER_NAME
def test_trying_to_update_uninitialised_session_should_throw_exception( self): with pytest.raises(UninitialisedSession): UserSession(session_storage={}).update()
def ping(): app.logger.info('ping {}'.format( UserSession(flask.session, 'default').is_authenticated())) return {'info': 'Success'}
def login1(): user_session = UserSession(flask.session) return jsonify(access_token=user_session.access_token, id_token=user_session.id_token, userinfo=user_session.userinfo)
def test_failed_rbac(self, time_mock, utc_time_sans_frac_mock, claims, role_claim, value, source): self.app.config.update({ "OIDC_REQUIRED_ROLES": value, "OIDC_ROLE_CLAIM": role_claim, "OIDC_ROLE_SOURCE": source, }) # freeze time since ID Token validation includes expiration timestamps timestamp = time.mktime(datetime(2017, 1, 1).timetuple()) time_mock.return_value = timestamp utc_time_sans_frac_mock.return_value = int(timestamp) # mock token response user_id = "user1" exp_time = 10 nonce = "test_nonce" id_token_claims = { "iss": self.PROVIDER_BASEURL, "aud": [self.CLIENT_ID], "sub": user_id, "exp": int(timestamp) + exp_time, "iat": int(timestamp), "nonce": nonce, } id_token_claims.update(**claims) id_token_jwt, id_token_signing_key = signed_id_token(id_token_claims) access_token = claims access_token_jwt = jwt.encode(access_token, "secret", algorithm="HS256") token_response = { "access_token": access_token_jwt, "token_type": "Bearer", "id_token": id_token_jwt, } token_endpoint = self.PROVIDER_BASEURL + "/token" responses.add(responses.POST, token_endpoint, json=token_response) responses.add( responses.GET, self.PROVIDER_BASEURL + "/jwks", json={"keys": [id_token_signing_key.serialize()]}, ) # mock userinfo response userinfo = {"sub": user_id, "name": "Test User"} userinfo.update(**claims) userinfo_endpoint = self.PROVIDER_BASEURL + "/userinfo" responses.add(responses.GET, userinfo_endpoint, json=userinfo) authn = self.init_app( provider_metadata_extras={ "token_endpoint": token_endpoint, "userinfo_endpoint": userinfo_endpoint, }) test_endpoint = self.get_auth_endpoint(authn) state = "test_state" with self.app.test_request_context( "/redirect_uri?state={}&code=test".format(state)): UserSession(flask.session, self.PROVIDER_NAME) flask.session["destination"] = "/" flask.session["state"] = state flask.session["nonce"] = nonce authn._handle_authentication_response() with pytest.raises(Unauthorized): assert test_endpoint()