def test_parse_registration_request(self): regreq = RegistrationRequest( contacts=["*****@*****.**"], redirect_uris=["http://example.org/jqauthz"], application_name="pacubar", client_id=CLIENT_ID, operation="register", application_type="web", ) request = self.srv.parse_registration_request( data=regreq.to_urlencoded()) assert isinstance(request, RegistrationRequest) assert _eq( request.keys(), [ "redirect_uris", "contacts", "client_id", "application_name", "operation", "application_type", "response_types", ], ) assert request["application_name"] == "pacubar" assert request["operation"] == "register"
def test_registration_request(self): req = RegistrationRequest( operation="register", default_max_age=10, require_auth_time=True, default_acr="foo", application_type="web", redirect_uris=["https://example.com/authz_cb"]) js = req.to_json() js_obj = json.loads(js) expected_js_obj = { "redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10, "response_types": ["code"] } assert js_obj == expected_js_obj flattened_list_dict = { k: v[0] if isinstance(v, list) else v for k, v in expected_js_obj.items() } assert query_string_compare(req.to_urlencoded(), urlencode(flattened_list_dict))
def test_scope_who_am_i(provider): registration_params = { "application_type": "web", "response_types": ["code", "token"], "redirect_uris": "http://example.org" } reg_req = RegistrationRequest(**registration_params) resp = provider.registration_endpoint(reg_req.to_urlencoded()) reg_resp = RegistrationResponse().from_json(resp.message) auth_req = AuthorizationRequest( **{ "client_id": reg_resp["client_id"], "scope": "openid who_am_i", "response_type": "code token", "redirect_uri": "http://example.org", "state": "state0", "nonce": "nonce0" }) resp = provider.authorization_endpoint(auth_req.to_urlencoded()) auth_resp = AuthorizationResponse().from_urlencoded(resp.message) userinfo_req = UserInfoRequest( **{"access_token": auth_resp["access_token"]}) resp = provider.userinfo_endpoint(userinfo_req.to_urlencoded()) userinfo_resp = AuthorizationResponse().from_json(resp.message) assert userinfo_resp["given_name"] == "Bruce" assert userinfo_resp["family_name"] == "Lee"
def test_registration_request(): req = RegistrationRequest(type="client_associate", default_max_age=10, require_auth_time=True, default_acr="foo") js = req.to_json() print js assert js == '{"require_auth_time": true, "default_acr": "foo", "type": "client_associate", "default_max_age": 10}' ue = req.to_urlencoded() print ue assert ue == 'default_acr=foo&type=client_associate&default_max_age=10&require_auth_time=True'
def test_registration_endpoint(): server = provider_init req = RegistrationRequest(operation="register") req["application_type"] = "web" req["client_name"] = "My super service" req["redirect_uris"] = ["http://example.com/authz"] req["contacts"] = ["*****@*****.**"] environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = req.to_urlencoded() resp = server.registration_endpoint(environ, start_response) print resp regresp = RegistrationResponse().deserialize(resp[0], "json") print regresp.keys() assert _eq(regresp.keys(), ['redirect_uris', 'application_type', 'expires_at', 'registration_access_token', 'client_id', 'client_secret', 'client_name', "contacts"]) # --- UPDATE ---- req = RegistrationRequest(operation="client_update") req["application_type"] = "web" req["client_name"] = "My super duper service" req["redirect_uris"] = ["http://example.com/authz"] req["contacts"] = ["*****@*****.**"] environ = BASE_ENVIRON.copy() environ["QUERY_STRING"] = req.to_urlencoded() environ["HTTP_AUTHORIZATION"] = "Bearer %s" % regresp["registration_access_token"] resp = server.registration_endpoint(environ, start_response) print resp update = RegistrationResponse().deserialize(resp[0], "json") print update.keys() assert _eq(update.keys(), ['redirect_uris', 'application_type', 'expires_at', 'registration_access_token', 'client_id', 'client_secret', 'client_name', 'contacts'])
def test_registration_request(): req = RegistrationRequest(operation="register", default_max_age=10, require_auth_time=True, default_acr="foo", application_type="web", redirect_uris=["https://example.com/authz_cb"]) js = req.to_json() print js assert js == '{"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": true, "operation": "register", "default_max_age": 10}' ue = req.to_urlencoded() print ue assert ue == 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'
def test_registration_request(): req = RegistrationRequest(operation="register", default_max_age=10, require_auth_time=True, default_acr="foo", application_type="web", redirect_uris=["https://example.com/authz_cb"]) js = req.to_json() js_obj = json.loads(js) expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10} assert js_obj == expected_js_obj ue = req.to_urlencoded() ue_splits = ue.split('&') expected_ue_splits = 'redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10'.split('&') assert _eq(ue_splits, expected_ue_splits)
def test_registration_with_non_https(provider): redirect_uris = ["http://example.org"] registration_params = { "application_type": "web", "response_types": ["id_token", "token"], "redirect_uris": redirect_uris} req = RegistrationRequest(**registration_params) resp = provider.registration_endpoint(req.to_urlencoded()) resp = RegistrationResponse().from_json(resp.message) assert resp["client_id"] is not None assert resp["client_secret"] is not None assert resp["redirect_uris"] == redirect_uris
def test_registration_with_non_https(provider): redirect_uris = ["http://example.org"] registration_params = { "application_type": "web", "response_types": ["id_token", "token"], "redirect_uris": redirect_uris } req = RegistrationRequest(**registration_params) resp = provider.registration_endpoint(req.to_urlencoded()) resp = RegistrationResponse().from_json(resp.message) assert resp["client_id"] is not None assert resp["client_secret"] is not None assert resp["redirect_uris"] == redirect_uris
def test_registration_request(self): req = RegistrationRequest(operation="register", default_max_age=10, require_auth_time=True, default_acr="foo", application_type="web", redirect_uris=[ "https://example.com/authz_cb"]) js = req.to_json() js_obj = json.loads(js) expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10} assert js_obj == expected_js_obj assert query_string_compare(req.to_urlencoded(), "redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10")
def test_registration_request(self): req = RegistrationRequest(operation="register", default_max_age=10, require_auth_time=True, default_acr="foo", application_type="web", redirect_uris=[ "https://example.com/authz_cb"]) js = req.to_json() js_obj = json.loads(js) expected_js_obj = {"redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10, "response_types": ["code"]} assert js_obj == expected_js_obj flattened_list_dict = {k: v[0] if isinstance(v, list) else v for k, v in expected_js_obj.items()} assert query_string_compare(req.to_urlencoded(), urlencode(flattened_list_dict))
def register(self, url, operation="register", application_type="web", **kwargs): req = RegistrationRequest(operation=operation, application_type=application_type) if operation == "update": req["client_id"] = self.client_id req["client_secret"] = self.client_secret for prop in req.parameters(): if prop in ["operation", "client_id", "client_secret"]: continue try: req[prop] = kwargs[prop] except KeyError: try: req[prop] = self.behaviour[prop] except KeyError: pass if "redirect_uris" not in req: try: req["redirect_uris"] = self.redirect_uris except AttributeError: raise MissingRequiredAttribute("redirect_uris") headers = {"content-type": "application/x-www-form-urlencoded"} if operation == "client_update": headers["Authorization"] = "Bearer %s" % self.registration_access_token rsp = self.http_request(url, "POST", data=req.to_urlencoded(), headers=headers) if rsp.status_code == 200: resp = RegistrationResponse().deserialize(rsp.text, "json") self.client_secret = resp["client_secret"] self.client_id = resp["client_id"] self.registration_expires = resp["expires_at"] self.registration_access_token = resp["registration_access_token"] else: err = ErrorResponse().deserialize(rsp.text, "json") raise Exception("Registration failed: %s" % err.get_json()) return resp
def test_parse_registration_request(self): regreq = RegistrationRequest(contacts=["*****@*****.**"], redirect_uris=[ "http://example.org/jqauthz"], application_name="pacubar", client_id=CLIENT_ID, operation="register", application_type="web") request = self.srv.parse_registration_request( data=regreq.to_urlencoded()) assert isinstance(request, RegistrationRequest) assert _eq(request.keys(), ['redirect_uris', 'contacts', 'client_id', 'application_name', 'operation', 'application_type', 'response_types']) assert request["application_name"] == "pacubar" assert request["operation"] == "register"
def test_registered_redirect_uri_with_query_component(): provider2 = Provider("FOOP", {}, {}, None, None) environ = {} rr = RegistrationRequest(operation="register", redirect_uris=["http://example.org/cb?foo=bar"]) registration_req = rr.to_urlencoded() resp = provider2.registration_endpoint(environ, start_response, query=registration_req) regresp = RegistrationResponse().from_json(resp[0]) print regresp.to_dict() faulty = [ "http://example.org/cb", "http://example.org/cb/foo", "http://example.org/cb?got=you", "http://example.org/cb?foo=you" ] correct = [ "http://example.org/cb?foo=bar", "http://example.org/cb?foo=bar&got=you", "http://example.org/cb?foo=bar&foo=you" ] for ruri in faulty: areq = AuthorizationRequest(redirect_uri=ruri, client_id=regresp["client_id"], scope="openid", response_type="code") print areq assert provider2._verify_redirect_uri(areq) != None for ruri in correct: areq = AuthorizationRequest(redirect_uri= ruri, client_id=regresp["client_id"]) resp = provider2._verify_redirect_uri(areq) print resp assert resp == None
def register(self, server, type="client_associate", **kwargs): req = RegistrationRequest(type=type) if type == "client_update" or type == "rotate_secret": req["client_id"] = self.client_id req["client_secret"] = self.client_secret for prop in req.parameters(): if prop in ["type", "client_id", "client_secret"]: continue try: val = getattr(self, prop) if val: req[prop] = val except Exception: val = None if not val: try: req[prop] = kwargs[prop] except KeyError: pass headers = {"content-type": "application/x-www-form-urlencoded"} rsp = self.http_request(server, "POST", data=req.to_urlencoded(), headers=headers) if rsp.status_code == 200: if type == "client_associate" or type == "rotate_secret": rr = RegistrationResponseCARS() else: rr = RegistrationResponseCU() resp = rr.deserialize(rsp.text, "json") self.client_secret = resp["client_secret"] self.client_id = resp["client_id"] self.registration_expires = resp["expires_at"] else: err = ErrorResponse().deserialize(rsp.text, "json") raise Exception("Registration failed: %s" % err.get_json()) return resp
def test_scope_who_am_i(provider): registration_params = { "application_type": "web", "response_types": ["code", "token"], "redirect_uris": "http://example.org"} reg_req = RegistrationRequest(**registration_params) resp = provider.registration_endpoint(reg_req.to_urlencoded()) reg_resp = RegistrationResponse().from_json(resp.message) auth_req = AuthorizationRequest( **{"client_id": reg_resp["client_id"], "scope": "openid who_am_i", "response_type": "code token", "redirect_uri": "http://example.org", "state": "state0", "nonce": "nonce0"}) resp = provider.authorization_endpoint(auth_req.to_urlencoded()) auth_resp = AuthorizationResponse().from_urlencoded(resp.message) userinfo_req = UserInfoRequest(**{"access_token": auth_resp["access_token"]}) resp = provider.userinfo_endpoint(userinfo_req.to_urlencoded()) userinfo_resp = AuthorizationResponse().from_json(resp.message) assert userinfo_resp["given_name"] == "Bruce" assert userinfo_resp["family_name"] == "Lee"
def test_registered_redirect_uri_without_query_component(): provider = Provider("FOO", {}, {}, None, None) rr = RegistrationRequest(operation="register", redirect_uris=["http://example.org/cb"]) registration_req = rr.to_urlencoded() provider.registration_endpoint({}, start_response, query=registration_req) correct = [ "http://example.org/cb", "http://example.org/cb/foo", "http://example.org/cb?got=you", "http://example.org/cb/foo?got=you" ] faulty = [ "http://example.org/foo", "http://example.com/cb", ] for ruri in faulty: areq = AuthorizationRequest(redirect_uri=ruri, client_id=provider.cdb.keys()[0], response_type="code", scope="openid") print areq assert provider._verify_redirect_uri(areq) != None for ruri in correct: areq = AuthorizationRequest(redirect_uri= ruri, client_id=provider.cdb.keys()[0]) resp = provider._verify_redirect_uri(areq) if resp: print resp.message assert resp is None
def test_registration_request(self): req = RegistrationRequest( operation="register", default_max_age=10, require_auth_time=True, default_acr="foo", application_type="web", redirect_uris=["https://example.com/authz_cb"]) js = req.to_json() js_obj = json.loads(js) expected_js_obj = { "redirect_uris": ["https://example.com/authz_cb"], "application_type": "web", "default_acr": "foo", "require_auth_time": True, "operation": "register", "default_max_age": 10 } assert js_obj == expected_js_obj assert query_string_compare( req.to_urlencoded(), "redirect_uris=https%3A%2F%2Fexample.com%2Fauthz_cb&application_type=web&default_acr=foo&require_auth_time=True&operation=register&default_max_age=10" )