def test_federated_happy_path_and_correlation_id(self):
correlationId = '12300002-0000-0000-c000-000000000000'
util.set_correlation_id(correlationId)
util.setup_expected_user_realm_response_common(True)
util.setup_expected_mex_wstrust_request_common()
response = util.create_response()
assertion = self.setup_expected_oauth_assertion_request(response)
logFunctionCalled = False
def testCorrelationIdLog(level, message):
logFunctionCalled = True
self.assertIsNotNone(message)
logOptions = {
'level' : 3,
'log' : testCorrelationIdLog
}
oldOptions = log.get_logging_options()
log.set_logging_options(logOptions)
authorityUrl = response['authority'] + '/' + cp['tenant']
token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'Response did not match expected: ' + JSON.stringify(token_response))
log.set_logging_options(oldOptions)
util.set_correlation_id()
self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'The response did not match what was expected')
self.assertTrue(logFunctionCalled, 'Logging was turned on but no messages were recieved.')
def test_federated_happy_path_and_correlation_id(self):
util.setup_expected_user_realm_response_common(True)
util.setup_expected_mex_wstrust_request_common()
response = util.create_response()
assertion = self.setup_expected_oauth_assertion_request(response)
buffer = StringIO()
handler = logging.StreamHandler(buffer)
util.turn_on_logging(level='DEBUG', handler=handler)
authorityUrl = response['authority']
context = adal.AuthenticationContext(authorityUrl)
correlation_id = '12300002-0000-0000-c000-000000000000'
context.correlation_id = correlation_id
#action
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response),
'Response did not match expected: ' + json.dumps(token_response))
#assert
log_content = buffer.getvalue()
self.assertTrue(correlation_id in log_content, 'Logging was turned on but no messages were recieved.')
self.assertNotIn(cp['clientId'], log_content, "Should not log ClientID")
self.assertNotIn(
cp['username'].split('@')[0], log_content, "Should not contain PII")
def test_federated_happy_path_and_correlation_id(self):
util.setup_expected_user_realm_response_common(True)
util.setup_expected_mex_wstrust_request_common()
response = util.create_response()
assertion = self.setup_expected_oauth_assertion_request(response)
buffer = StringIO()
handler = logging.StreamHandler(buffer)
util.turn_on_logging(level='DEBUG', handler=handler)
authorityUrl = response['authority']
context = adal.AuthenticationContext(authorityUrl)
correlation_id = '12300002-0000-0000-c000-000000000000'
context.correlation_id = correlation_id
#action
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response),
'Response did not match expected: ' + json.dumps(token_response))
#assert
log_content = buffer.getvalue()
self.assertTrue(correlation_id in log_content, 'Logging was turned on but no messages were recieved.')
def test_invalid_id_token(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
wireResponse = response['wireResponse']
response_options = {'noIdToken': True}
response = util.create_response(response_options)
# break the id token
idToken = wireResponse['id_token']
idToken = idToken.replace('.', ' ')
wireResponse['id_token'] = idToken
authorityUrl = response['authority']
upRequest = self.setup_expected_username_password_request_response(
200, wireResponse, authorityUrl)
context = adal.AuthenticationContext(authorityUrl)
#action
token_response = context.acquire_token_with_username_password(
response['resource'], cp['username'], cp['password'],
cp['clientId'])
#assert
self.assertTrue(
util.is_match_token_response(response['cachedResponse'],
token_response),
'Response did not match expected: ' + json.dumps(token_response))
def test_managed_happy_path(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
authorityUrl = response['authority'] + '/' + cp['tenant']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl)
token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'Response did not match expected: ' + JSON.stringify(token_response))
def test_no_access_token(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
del response['wireResponse']['access_token']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority'])
authorityUrl = response['authority'] + '/' + cp['tenant']
# Did not receive expected error about missing token_type
with self.assertRaises(Exception):
token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
def test_bad_int_in_response(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
response['wireResponse']['expires_in'] = 'foo'
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority'])
authorityUrl = response['authority'] + '/' + cp['tenant']
# Did not receive expected error about bad int parameter
with self.assertRaises(Exception):
token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
def test_no_access_token(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
del response['wireResponse']['access_token']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority'])
authorityUrl = response['authority']
context = adal.AuthenticationContext(authorityUrl)
#action
try:
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
self.fail('Did not receive expected error about missing token_type')
except Exception as exp:
#assert
self.assertEqual('wire_response is missing access_token', exp.args[0])
def test_managed_happy_path(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
authorityUrl = response['authority']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl)
context = adal.AuthenticationContext(authorityUrl)
#action
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'],
cp['password'], cp['clientId'])
#assert
self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response),
'Response did not match expected: ' + json.dumps(token_response))
def test_no_access_token(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
del response['wireResponse']['access_token']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority'])
authorityUrl = response['authority']
context = adal.AuthenticationContext(authorityUrl)
#action
try:
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
self.fail('Did not receive expected error about missing token_type')
except Exception as exp:
#assert
self.assertEqual('wire_response is missing access_token', exp.args[0])
def test_managed_happy_path(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
authorityUrl = response['authority']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl)
context = adal.AuthenticationContext(authorityUrl)
#action
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'],
cp['password'], cp['clientId'])
#assert
self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response),
'Response did not match expected: ' + json.dumps(token_response))
def test_bad_int_in_response(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
response['wireResponse']['expires_in'] = 'foo'
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority'])
authorityUrl = response['authority']
context = adal.AuthenticationContext(authorityUrl)
#action
try:
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
self.fail('Did not see expected warning message about bad expires_in field')
except Exception as exp:
#assert
self.assertEqual("invalid literal for int() with base 10: 'foo'", exp.args[0])
def test_bad_int_in_response(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
response['wireResponse']['expires_in'] = 'foo'
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], response['authority'])
authorityUrl = response['authority']
context = adal.AuthenticationContext(authorityUrl)
#action
try:
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
self.fail('Did not see expected warning message about bad expires_in field')
except Exception as exp:
#assert
self.assertEqual("invalid literal for int() with base 10: 'foo'", exp.args[0])
def test_bad_id_token_base64_in_response(self):
foundWarning = False
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
def findIdTokenWarning(level, message):
if 'decoded' in message:
foundWarning = True
util.turn_on_logging() #, findIdTokenWarning)
#util.turnOnLogging(None, findIdTokenWarning)
response['wireResponse']['id_token'] = 'aaaaaaa./+===.aaaaaa'
authorityUrl = response['authority'] + '/' + cp['tenant']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl)
token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
self.assertTrue(foundWarning, 'Did not see expected warning message about bad id_token base64.')
def test_invalid_id_token(self):
''' TODO: Test Failing as of 2015/06/03 and needs to be completed. '''
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
wireResponse = response['wireResponse']
response_options = { 'noIdToken' : True }
#response = util.create_response(response_options)
# break the id token
#idToken = wireResponse['id_token']
#idToken = idToken.replace('.', ' ')
#wireResponse['id_token'] = idToken
authorityUrl = response['authority'] + '/' + cp['tenant']
upRequest = self.setup_expected_username_password_request_response(200, wireResponse, authorityUrl)
token_response = adal.acquire_token_with_username_password(authorityUrl, cp['username'], cp['password'], cp['clientId'], response['resource'])
self.assertTrue(util.isMatchTokenResponse(response['cachedResponse'], token_response), 'Response did not match expected: ' + JSON.stringify(token_response))
def test_bad_id_token_base64_in_response(self):
foundWarning = False
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
log_content = StringIO()
handler = logging.StreamHandler(log_content)
util.turn_on_logging(level='WARNING', handler=handler)
response['wireResponse']['id_token'] = 'aaaaaaa./+===.aaaaaa'
expected_warn = 'The returned id_token could not be decoded: aaaaaaa./+===.aaaaaa'
authorityUrl = response['authority']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl)
context = adal.AuthenticationContext(authorityUrl)
#action and verify
self.assertRaises(UnicodeDecodeError, context.acquire_token_with_username_password, response['resource'], cp['username'], cp['password'], cp['clientId'])
def test_bad_id_token_base64_in_response(self):
foundWarning = False
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
log_content = StringIO()
handler = logging.StreamHandler(log_content)
util.turn_on_logging(level='WARNING', handler=handler)
response['wireResponse']['id_token'] = 'aaaaaaa./+===.aaaaaa'
expected_warn = 'The returned id_token could not be decoded: aaaaaaa./+===.aaaaaa'
authorityUrl = response['authority']
upRequest = self.setup_expected_username_password_request_response(200, response['wireResponse'], authorityUrl)
context = adal.AuthenticationContext(authorityUrl)
#action and verify
self.assertRaises(UnicodeDecodeError, context.acquire_token_with_username_password, response['resource'], cp['username'], cp['password'], cp['clientId'])
def test_invalid_id_token(self):
util.setup_expected_user_realm_response_common(False)
response = util.create_response()
wireResponse = response['wireResponse']
response_options = { 'noIdToken' : True }
response = util.create_response(response_options)
# break the id token
idToken = wireResponse['id_token']
idToken = idToken.replace('.', ' ')
wireResponse['id_token'] = idToken
authorityUrl = response['authority']
upRequest = self.setup_expected_username_password_request_response(200, wireResponse, authorityUrl)
context = adal.AuthenticationContext(authorityUrl)
#action
token_response = context.acquire_token_with_username_password(response['resource'], cp['username'], cp['password'], cp['clientId'])
#assert
self.assertTrue(util.is_match_token_response(response['cachedResponse'], token_response), 'Response did not match expected: ' + json.dumps(token_response))
