def test_path(): context = Context() with pytest.raises(ValueError): context.path = None with pytest.raises(ValueError): context.path = "/babal" valid_path = "Saml2/sso/redirect" context.path = valid_path assert context.path == valid_path
def test_with_pyoidc(self): responses.add(responses.POST, "https://graph.facebook.com/v2.5/oauth/access_token", body=json.dumps({"access_token": "qwerty", "token_type": "bearer", "expires_in": 9999999999999}), adding_headers={"set-cookie": "TEST=testing; path=/"}, status=200, content_type='application/json') responses.add(responses.GET, "https://graph.facebook.com/v2.5/me", match_querystring=False, body=json.dumps(FB_RESPONSE), status=200, content_type='application/json') context = Context() context.path = 'facebook/sso/redirect' context.state = State() internal_request = InternalRequest(UserIdHashType.transient, 'http://localhost:8087/sp.xml') get_state = Mock() get_state.return_value = STATE resp = self.fb_backend.start_auth(context, internal_request, get_state) context.cookie = resp.headers[0][1] context.request = { "code": FB_RESPONSE_CODE, "state": STATE } self.fb_backend.auth_callback_func = self.verify_callback self.fb_backend.authn_response(context)
def run_server(self, environ, start_response, debug=False): path = environ.get('PATH_INFO', '').lstrip('/') if ".." in path: resp = Unauthorized() return resp(environ, start_response) context = Context() context.path = path # copy wsgi.input stream to allow it to be re-read later by satosa plugins # see: http://stackoverflow.com/questions/1783383/how-do-i-copy-wsgi-input-if-i-want-to-process-post-data-more-than-once content_length = int(environ.get('CONTENT_LENGTH', '0') or '0') body = io.BytesIO(environ['wsgi.input'].read(content_length)) environ['wsgi.input'] = body context.request = unpack_either(environ) environ['wsgi.input'].seek(0) context.wsgi_environ = environ context.cookie = environ.get("HTTP_COOKIE", "") try: resp = self.run(context) if isinstance(resp, Exception): raise resp return resp(environ, start_response) except SATOSANoBoundEndpointError: resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response) except Exception as err: logger.exception("%s" % err) if debug: raise resp = ServiceError("%s" % err) return resp(environ, start_response)
def test_endpoint_routing_to_frontend(self, url_path, expected_frontend, expected_backend): context = Context() context.path = url_path self.router.endpoint_routing(context) assert context.target_frontend == expected_frontend assert context.target_backend == expected_backend
def test_with_pyoidc(self): responses.add(responses.POST, "https://graph.facebook.com/v2.5/oauth/access_token", body=json.dumps({ "access_token": "qwerty", "token_type": "bearer", "expires_in": 9999999999999 }), adding_headers={"set-cookie": "TEST=testing; path=/"}, status=200, content_type='application/json') responses.add(responses.GET, "https://graph.facebook.com/v2.5/me", match_querystring=False, body=json.dumps(FB_RESPONSE), status=200, content_type='application/json') context = Context() context.path = 'facebook/sso/redirect' context.state = State() internal_request = InternalRequest(UserIdHashType.transient, 'http://localhost:8087/sp.xml') get_state = Mock() get_state.return_value = STATE resp = self.fb_backend.start_auth(context, internal_request, get_state) context.cookie = resp.headers[0][1] context.request = {"code": FB_RESPONSE_CODE, "state": STATE} self.fb_backend.auth_callback_func = self.verify_callback self.fb_backend.authn_response(context)
def test_backend(path, provider, endpoint): context = Context() context.path = path spec = router.endpoint_routing(context) assert spec[0] == provider assert spec[1] == endpoint assert context.target_backend == provider assert context.target_frontend is None
def test_endpoint_routing_to_microservice(self, url_path, expected_micro_service): context = Context() context.path = url_path microservice_callable = self.router.endpoint_routing(context) assert context.target_micro_service == expected_micro_service assert microservice_callable == self.router.micro_services[expected_micro_service]["instance"].callback assert context.target_backend is None assert context.target_frontend is None
def test_endpoint_routing_to_microservice(self, url_path, expected_micro_service): context = Context() context.path = url_path microservice_callable = self.router.endpoint_routing(context) assert context.target_micro_service == expected_micro_service assert microservice_callable == self.router.micro_services[ expected_micro_service]["instance"].callback assert context.target_backend is None assert context.target_frontend is None
def setup_authentication_response(self, state=None): context = Context() context.path = 'openid/authz_cb' op_base = TestConfiguration.get_instance().rp_config.OP_URL if not state: state = rndstr() context.request = { 'code': 'F+R4uWbN46U+Bq9moQPC4lEvRd2De4o=', 'scope': 'openid profile email address phone', 'state': state} context.state = self.generate_state(op_base) return context
def test_routing(path, provider, receiver, _): context = Context() context.path = path context.state = state router.endpoint_routing(context) backend = router.backend_routing(context) assert backend == backends[provider] frontend = router.frontend_routing(context) assert frontend == frontends[receiver] assert context.target_frontend == receiver
def setup_authentication_response(self, state=None): context = Context() context.path = 'openid/authz_cb' op_base = TestConfiguration.get_instance().rp_config.OP_URL if not state: state = rndstr() context.request = { 'code': 'F+R4uWbN46U+Bq9moQPC4lEvRd2De4o=', 'scope': 'openid profile email address phone', 'state': state } context.state = self.generate_state(op_base) return context
def test_start_auth(self): context = Context() context.path = 'facebook/sso/redirect' context.state = State() internal_request = InternalRequest(UserIdHashType.transient, 'http://localhost:8087/sp.xml') get_state = Mock() get_state.return_value = STATE resp = self.fb_backend.start_auth(context, internal_request, get_state) # assert resp.headers[0][0] == "Set-Cookie", "Not the correct return cookie" # assert len(resp.headers[0][1]) > 1, "Not the correct return cookie" resp_url = resp.message.split("?") test_url = FB_REDIRECT_URL.split("?") resp_attr = parse_qs(resp_url[1]) test_attr = parse_qs(test_url[1]) assert resp_url[0] == test_url[0] assert len(resp_attr) == len(test_attr), "Redirect url is not correct!" for key in test_attr: assert key in resp_attr, "Redirect url is not correct!" assert test_attr[key] == resp_attr[key], "Redirect url is not correct!"
def test_authn_response(self): context = Context() context.path = 'facebook/sso/redirect' context.state = State() internal_request = InternalRequest(UserIdHashType.transient, 'http://localhost:8087/sp.xml') get_state = Mock() get_state.return_value = STATE resp = self.fb_backend.start_auth(context, internal_request, get_state) context.cookie = resp.headers[0][1] context.request = {"code": FB_RESPONSE_CODE, "state": STATE} # context.request = json.dumps(context.request) self.fb_backend.auth_callback_func = self.verify_callback tmp_consumer = self.fb_backend.get_consumer() tmp_consumer.do_access_token_request = self.verify_do_access_token_request self.fb_backend.get_consumer = Mock() self.fb_backend.get_consumer.return_value = tmp_consumer self.fb_backend.request_fb = self.verify_request_fb self.fb_backend.authn_response(context)
def test_authn_response(self): context = Context() context.path = 'facebook/sso/redirect' context.state = State() internal_request = InternalRequest(UserIdHashType.transient, 'http://localhost:8087/sp.xml') get_state = Mock() get_state.return_value = STATE resp = self.fb_backend.start_auth(context, internal_request, get_state) context.cookie = resp.headers[0][1] context.request = { "code": FB_RESPONSE_CODE, "state": STATE } # context.request = json.dumps(context.request) self.fb_backend.auth_callback_func = self.verify_callback tmp_consumer = self.fb_backend.get_consumer() tmp_consumer.do_access_token_request = self.verify_do_access_token_request self.fb_backend.get_consumer = Mock() self.fb_backend.get_consumer.return_value = tmp_consumer self.fb_backend.request_fb = self.verify_request_fb self.fb_backend.authn_response(context)
def test_start_auth(self): context = Context() context.path = 'facebook/sso/redirect' context.state = State() internal_request = InternalRequest(UserIdHashType.transient, 'http://localhost:8087/sp.xml') get_state = Mock() get_state.return_value = STATE resp = self.fb_backend.start_auth(context, internal_request, get_state) # assert resp.headers[0][0] == "Set-Cookie", "Not the correct return cookie" # assert len(resp.headers[0][1]) > 1, "Not the correct return cookie" resp_url = resp.message.split("?") test_url = FB_REDIRECT_URL.split("?") resp_attr = parse_qs(resp_url[1]) test_attr = parse_qs(test_url[1]) assert resp_url[0] == test_url[0] assert len(resp_attr) == len(test_attr), "Redirect url is not correct!" for key in test_attr: assert key in resp_attr, "Redirect url is not correct!" assert test_attr[key] == resp_attr[ key], "Redirect url is not correct!"
def run_server(self, environ, start_response): path = environ.get("PATH_INFO", "").lstrip("/") if ".." in path: resp = Unauthorized() return resp(environ, start_response) context = Context() context.path = path context.request = unpack_either(environ) context.cookie = environ.get("HTTP_COOKIE", "") try: resp = self.run(context) if isinstance(resp, Exception): raise resp return resp(environ, start_response) except SATOSANoBoundEndpointError: resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response) except Exception as err: logger.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response)
def test_endpoint_routing_to_backend(self, url_path, expected_backend): context = Context() context.path = url_path self.router.endpoint_routing(context) assert context.target_backend == expected_backend assert context.target_frontend is None