class TestRPHandlerWithMockOP(object): @pytest.fixture(autouse=True) def rphandler_setup(self): self.rph = RPHandler( base_url=BASE_URL, client_configs=CLIENT_CONFIG, http_lib=MockOP(issuer='https://github.com/login/oauth/authorize')) def test_finalize(self): auth_query = self.rph.begin(issuer_id='github') # The authorization query is sent and after successful authentication client = self.rph.get_client_from_session_key( state=auth_query['state']) _ = client.http(auth_query['url']) # the user is redirected back to the RP with a positive response auth_response = AuthorizationResponse(code='access_code', state=auth_query['state']) # need session information and the client instance _session = self.rph.get_session_information(auth_response['state']) client = self.rph.get_client_from_session_key( state=auth_response['state']) # Faking self.rph.httplib.keyjar = client.service_context.keyjar # do the rest (= get access token and user info) # assume code flow resp = self.rph.finalize(_session['iss'], auth_response.to_dict()) assert set(resp.keys()) == {'userinfo', 'state', 'token'}
class TestRPHandlerWithMockOP(object): @pytest.fixture(autouse=True) def rphandler_setup(self): self.issuer = 'https://github.com/login/oauth/authorize' self.mock_op = MockOP(issuer=self.issuer) self.rph = RPHandler(BASE_URL, client_configs=CLIENT_CONFIG, http_lib=self.mock_op, keyjar=KeyJar()) def test_finalize(self): auth_query = self.rph.begin(issuer_id='github') # The authorization query is sent and after successful authentication client = self.rph.get_client_from_session_key( state=auth_query['state']) # register a response p = urlparse( CLIENT_CONFIG['github']['provider_info']['authorization_endpoint']) self.mock_op.register_get_response(p.path, 'Redirect', 302) _ = client.http(auth_query['url']) # the user is redirected back to the RP with a positive response auth_response = AuthorizationResponse(code='access_code', state=auth_query['state']) # need session information and the client instance _session = self.rph.get_session_information(auth_response['state']) client = self.rph.get_client_from_session_key( state=auth_response['state']) # Faking resp = construct_access_token_response( _session['auth_request']['nonce'], issuer=self.issuer, client_id=CLIENT_CONFIG['github']['client_id'], key_jar=GITHUB_KEY) p = urlparse( CLIENT_CONFIG['github']['provider_info']['token_endpoint']) self.mock_op.register_post_response( p.path, resp.to_json(), 200, {'content-type': "application/json"}) _info = OpenIDSchema(sub='EndUserSubject', given_name='Diana', family_name='Krall', occupation='Jazz pianist') p = urlparse( CLIENT_CONFIG['github']['provider_info']['userinfo_endpoint']) self.mock_op.register_get_response( p.path, _info.to_json(), 200, {'content-type': "application/json"}) _github_id = iss_id('github') client.service_context.keyjar.import_jwks( GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id) # do the rest (= get access token and user info) # assume code flow resp = self.rph.finalize(_session['iss'], auth_response.to_dict()) assert set(resp.keys()) == {'userinfo', 'state', 'token', 'id_token'} def test_dynamic_setup(self): user_id = 'acct:[email protected]' _link = Link(rel="http://openid.net/specs/connect/1.0/issuer", href="https://server.example.com") webfinger_response = JRD(subject=user_id, links=[_link]) self.mock_op.register_get_response( '/.well-known/webfinger', webfinger_response.to_json(), 200, {'content-type': "application/json"}) resp = { "authorization_endpoint": "https://server.example.com/connect/authorize", "issuer": "https://server.example.com", "subject_types_supported": ['public'], "token_endpoint": "https://server.example.com/connect/token", "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"], "userinfo_endpoint": "https://server.example.com/connect/user", "check_id_endpoint": "https://server.example.com/connect/check_id", "refresh_session_endpoint": "https://server.example.com/connect/refresh_session", "end_session_endpoint": "https://server.example.com/connect/end_session", "jwks_uri": "https://server.example.com/jwk.json", "registration_endpoint": "https://server.example.com/connect/register", "scopes_supported": ["openid", "profile", "email", "address", "phone"], "response_types_supported": ["code", "code id_token", "token id_token"], "acrs_supported": ["1", "2", "http://id.incommon.org/assurance/bronze"], "user_id_types_supported": ["public", "pairwise"], "userinfo_algs_supported": ["HS256", "RS256", "A128CBC", "A128KW", "RSA1_5"], "id_token_signing_alg_values_supported": ["HS256", "RS256", "A128CBC", "A128KW", "RSA1_5"], "request_object_algs_supported": ["HS256", "RS256", "A128CBC", "A128KW", "RSA1_5"] } pcr = ProviderConfigurationResponse(**resp) self.mock_op.register_get_response( '/.well-known/openid-configuration', pcr.to_json(), 200, {'content-type': "application/json"}) self.mock_op.register_post_response( '/connect/register', registration_callback, 200, {'content-type': "application/json"}) auth_query = self.rph.begin(user_id=user_id) assert auth_query