def test_init(self):
cons = Consumer(DictSessionBackend(),
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
cons._backup("123456")
assert "123456" in cons.sdb
cons = Consumer(DictSessionBackend(),
client_config=CLIENT_CONFIG,
**CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
cons = Consumer(DictSessionBackend, **CONSUMER_CONFIG)
assert cons.authorization_endpoint is None
def test_factory():
sdb = DictSessionBackend()
consumer = Consumer(
sdb,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
settings=CLIENT_SETTINGS,
**CONSUMER_CONFIG,
)
sid = stateID("https://example.org/", consumer.seed)
_state = sid
consumer._backup(sid)
consumer.sdb["seed:%s" % consumer.seed] = sid
kaka = make_cookie(CLIENT_CONFIG["client_id"],
_state,
consumer.seed,
expire=360,
path="/")
_oac = factory(
kaka[1],
sdb,
CLIENT_CONFIG["client_id"],
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG,
)
assert _oac.client_id == consumer.client_id
assert _oac.seed == consumer.seed
def setup_consumer(self, session_db_factory):
client_config = {
"client_id": CLIENT_ID,
"client_authn_method": CLIENT_AUTHN_METHOD,
}
self.consumer = Consumer(DictSessionBackend(), CONFIG, client_config,
SERVER_INFO)
self.consumer.keyjar = CLIKEYS
self.consumer.redirect_uris = ["https://example.com/authz"]
self.consumer.client_secret = "hemlig"
self.consumer.secret_type = "basic"
self.consumer.issuer = ISSUER_ID
self.provider = Provider(
ISSUER_ID,
session_db_factory(ISSUER_ID),
CDB,
AUTHN_BROKER,
USERINFO,
AUTHZ,
verify_client,
SYMKEY,
urlmap=URLMAP,
keyjar=SRVKEYS,
)
self.provider.baseurl = self.provider.name
def create_sdb(self):
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[""] = [kb]
self.sdb = SessionDB(
"https://example.com/",
db=DictSessionBackend(),
code_factory=DefaultToken("supersecret",
"verybadpassword",
typ="A",
lifetime=600),
token_factory=JWTToken(
"T",
keyjar=kj,
lt_pattern={
"code": 3600,
"token": 900
},
iss="https://example.com/as",
sign_alg="RS256",
),
refresh_token_factory=JWTToken(
"R",
keyjar=kj,
lt_pattern={"": 24 * 3600},
iss="https://example.com/as",
token_storage={},
),
)
def create_consumer(self):
self.consumer = Consumer(
DictSessionBackend(),
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
settings=CLIENT_SETTINGS,
**CONSUMER_CONFIG,
)
def test_authenticated(self):
_session_db = DictSessionBackend()
cons = Consumer(
_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG,
)
sid, location = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization")
resp = self.provider.authorization_endpoint(urlparse(location).query)
assert resp.status_code == 303
resp = urlparse(resp.message).query
with LogCapture(level=logging.DEBUG) as logcap:
aresp = cons.handle_authorization_response(query=resp)
assert isinstance(aresp, AuthorizationResponse)
assert _eq(aresp.keys(), ["state", "code", "client_id", "iss"])
assert _eq(
cons.grant[sid].keys(),
[
"tokens", "code", "exp_in", "seed", "id_token",
"grant_expiration_time"
],
)
state = aresp["state"]
assert _eq(logcap.records[0].msg, "- authorization - code flow -")
assert verify_outcome(
logcap.records[1].msg,
"QUERY: ",
[
"state={}".format(state),
"code=<REDACTED>",
"client_id=client1",
"iss=https://example.com/as",
],
)
expected = {
"iss": "https://example.com/as",
"state": state,
"code": "<REDACTED>",
"client_id": "client1",
}
# Eval here to avoid intermittent failures due to dict ordering
assert _eq(eval(logcap.records[2].msg[29:-1]), expected)
expected2 = [
"'client_id': 'client1'",
"'iss': 'https://example.com/as'",
"'keyjar': <KeyJar(issuers=[])>",
]
assert _eq(sorted(logcap.records[3].msg[22:-1].split(", ")), expected2)
def create_session_db(
base_url,
secret,
password,
db=None,
token_expires_in=3600,
grant_expires_in=600,
refresh_token_expires_in=86400,
):
"""
Construct SessionDB instance.
Using this you can create a very basic non persistant
session database that issues opaque DefaultTokens.
:param base_url: Same as base_url parameter of `SessionDB`.
:param secret: Secret to pass to `DefaultToken` class.
:param password: Secret key to pass to `DefaultToken` class.
:param db: Storage for the session data, usually a dict.
:param token_expires_in: Expiry time for access tokens in seconds.
:param grant_expires_in: Expiry time for access codes in seconds.
:param refresh_token_expires_in: Expiry time for refresh tokens.
:return: A constructed `SessionDB` object.
"""
code_factory = DefaultToken(secret,
password,
typ="A",
lifetime=grant_expires_in)
token_factory = DefaultToken(secret,
password,
typ="T",
lifetime=token_expires_in)
db = DictSessionBackend() if db is None else db
refresh_token_factory = DefaultToken(secret,
password,
typ="R",
lifetime=refresh_token_expires_in,
token_storage={})
return SessionDB(
base_url,
db,
refresh_db=None,
code_factory=code_factory,
token_factory=token_factory,
refresh_token_factory=refresh_token_factory,
)
def test_authenticated_token(self):
_session_db = DictSessionBackend()
cons = Consumer(_session_db,
client_config=CLIENT_CONFIG,
server_info=SERVER_INFO,
**CONSUMER_CONFIG)
sid, location = cons.begin("http://localhost:8087",
"http://localhost:8088/authorization",
"token")
QUERY_STRING = location.split("?")[1]
resp = self.provider.authorization_endpoint(QUERY_STRING)
auth_resp = parse_qs(urlparse(resp.message).fragment)
assert "access_token" in auth_resp
assert auth_resp["token_type"][0] == "Bearer"
def create_provider(self):
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[""] = [kb]
_sdb = SessionDB(
"https://example.com/",
db=DictSessionBackend(),
code_factory=DefaultToken("supersecret",
"verybadpassword",
typ="A",
lifetime=600),
token_factory=JWTToken(
"T",
keyjar=kj,
lt_pattern={
"code": 3600,
"token": 900
},
iss="https://example.com/as",
sign_alg="RS256",
),
refresh_token_factory=JWTToken(
"R",
keyjar=kj,
lt_pattern={"": 24 * 3600},
iss="https://example.com/as",
token_storage={},
),
)
# name, sdb, cdb, authn_broker, authz, client_authn,
self.provider = Provider(
"as",
_sdb,
CDB,
AUTHN_BROKER,
AUTHZ,
verify_client,
baseurl="https://example.com/as",
)