2011-12-02 13:56:05 +01:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
__author__ = 'rohe0002'
|
|
|
|
|
|
|
|
import time
|
|
|
|
import base64
|
|
|
|
import random
|
|
|
|
import hmac
|
|
|
|
import hashlib
|
2012-03-19 15:19:50 +01:00
|
|
|
import json
|
|
|
|
import urllib
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
from oic.oauth2 import Grant
|
2012-03-19 15:19:50 +01:00
|
|
|
from oic.utils import time_util
|
2011-12-02 13:56:05 +01:00
|
|
|
from oic.oauth2 import Client
|
|
|
|
from oic.oauth2 import Server
|
|
|
|
from oic.oauth2 import Token
|
2012-05-15 14:29:18 +02:00
|
|
|
from oic.oauth2.message import *
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-02-22 11:27:27 +01:00
|
|
|
from oic.utils.sdb import Crypt
|
2013-05-01 09:08:21 +02:00
|
|
|
from oic.utils.authn.client import ClientSecretBasic
|
|
|
|
from oic.utils.authn.client import ClientSecretPost
|
|
|
|
from oic.utils.authn.client import BearerBody
|
|
|
|
from oic.utils.authn.client import BearerHeader
|
2013-03-31 17:41:22 +02:00
|
|
|
from oic.utils.keyio import KeyBundle
|
2012-02-22 11:27:27 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
from pytest import raises
|
2014-11-24 23:18:29 +01:00
|
|
|
from utils_for_tests import URLObject, _eq
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
# ----------------- GRANT --------------------
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
ACC_TOK_RESP = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
|
|
|
|
token_type="example",
|
|
|
|
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
|
|
|
|
example_parameter="example_value",
|
|
|
|
scope=["inner", "outer"])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant():
|
|
|
|
grant = Grant()
|
|
|
|
assert grant
|
|
|
|
assert grant.exp_in == 600
|
|
|
|
|
|
|
|
grant = Grant(60)
|
|
|
|
assert grant.exp_in == 60
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_from_code():
|
2012-05-15 14:29:18 +02:00
|
|
|
ar = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
grant = Grant.from_code(ar)
|
|
|
|
|
|
|
|
assert grant
|
|
|
|
assert grant.code == "code"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_add_code():
|
2012-05-15 14:29:18 +02:00
|
|
|
ar = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
grant = Grant()
|
|
|
|
grant.add_code(ar)
|
|
|
|
assert grant
|
|
|
|
assert grant.code == "code"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_update():
|
2012-05-15 14:29:18 +02:00
|
|
|
ar = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
grant = Grant()
|
|
|
|
grant.update(ar)
|
|
|
|
|
|
|
|
assert grant
|
|
|
|
assert grant.code == "code"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_set():
|
2012-05-15 14:29:18 +02:00
|
|
|
ar = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
grant = Grant.from_code(ar)
|
|
|
|
|
|
|
|
assert grant
|
|
|
|
assert grant.code == "code"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_add_token():
|
|
|
|
grant = Grant()
|
2012-05-15 14:29:18 +02:00
|
|
|
grant.update(ACC_TOK_RESP)
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert len(grant.tokens) == 1
|
|
|
|
token = grant.tokens[0]
|
|
|
|
|
|
|
|
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
|
|
|
|
assert token.token_type == "example"
|
|
|
|
assert token.refresh_token == "tGzv3JOkF0XG5Qx2TlKWIA"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_set_3():
|
2012-05-15 14:29:18 +02:00
|
|
|
err = ErrorResponse(error="invalid_request")
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.update(err)
|
|
|
|
|
|
|
|
assert len(grant.tokens) == 0
|
|
|
|
|
|
|
|
|
|
|
|
# ----------------- CLIENT --------------------
|
|
|
|
class TestOAuthClient():
|
|
|
|
def setup_class(self):
|
|
|
|
self.client = Client("1")
|
2012-02-17 10:06:33 +01:00
|
|
|
self.client.redirect_uris = ["http://example.com/redirect"]
|
2014-10-01 11:37:06 +02:00
|
|
|
self.client.response_type = "code"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_areq_1(self):
|
|
|
|
ar = self.client.construct_AuthorizationRequest(
|
2013-02-22 09:50:04 +01:00
|
|
|
request_args={"response_type": ["code"]})
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert ar["redirect_uri"] == "http://example.com/redirect"
|
|
|
|
assert ar["response_type"] == ["code"]
|
|
|
|
assert ar["client_id"] == "1"
|
|
|
|
assert "state" not in ar
|
|
|
|
assert "scope" not in ar
|
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_areq_2(self):
|
2014-10-01 11:37:06 +02:00
|
|
|
req_args = {"response_type": ["code"], "scope": ["foo", "bar"],
|
|
|
|
"state": "abc"}
|
2011-12-02 13:56:05 +01:00
|
|
|
ar = self.client.construct_AuthorizationRequest(request_args=req_args)
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert ar["redirect_uri"] == "http://example.com/redirect"
|
|
|
|
assert ar["response_type"] == ["code"]
|
|
|
|
assert ar["client_id"] == "1"
|
|
|
|
assert ar["state"] == "abc"
|
|
|
|
assert ar["scope"] == ["foo", "bar"]
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_areq_replace_default_state(self):
|
2014-10-01 11:37:06 +02:00
|
|
|
req_args = {"response_type": ["code"], "scope": ["foo", "bar"],
|
|
|
|
"state": "efg"}
|
2011-12-02 13:56:05 +01:00
|
|
|
ar = self.client.construct_AuthorizationRequest(request_args=req_args)
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert ar["redirect_uri"] == "http://example.com/redirect"
|
|
|
|
assert ar["response_type"] == ["code"]
|
|
|
|
assert ar["client_id"] == "1"
|
|
|
|
assert ar["state"] == "efg"
|
|
|
|
assert ar["scope"] == ["foo", "bar"]
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_parse_authz_resp_url(self):
|
|
|
|
url = "https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=ghi"
|
2012-05-15 14:29:18 +02:00
|
|
|
aresp = self.client.parse_response(AuthorizationResponse,
|
2013-02-22 09:50:04 +01:00
|
|
|
info=url, sformat="urlencoded")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
|
|
|
|
assert aresp["state"] == "ghi"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert self.client.grant["ghi"]
|
2012-03-19 15:19:50 +01:00
|
|
|
assert self.client.grant["ghi"].code == aresp["code"]
|
2011-12-02 13:56:05 +01:00
|
|
|
assert self.client.grant["ghi"].grant_expiration_time
|
|
|
|
|
|
|
|
def test_parse_authz_resp_query(self):
|
|
|
|
query = "code=SplxlOBeZQQYbYS6WxSbIA&state=hij"
|
2012-05-15 14:29:18 +02:00
|
|
|
aresp = self.client.parse_response(AuthorizationResponse,
|
2013-02-22 09:50:04 +01:00
|
|
|
info=query, sformat="urlencoded")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
|
|
|
|
assert aresp["state"] == "hij"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
print self.client.grant.keys()
|
|
|
|
assert self.client.grant["hij"]
|
2012-03-19 15:19:50 +01:00
|
|
|
assert self.client.grant["hij"].code == aresp["code"]
|
2011-12-02 13:56:05 +01:00
|
|
|
assert self.client.grant["hij"].grant_expiration_time
|
|
|
|
|
|
|
|
def test_parse_authz_resp_query_multi_scope(self):
|
|
|
|
query = "code=SplxlOBeZQQYbYS6WxAAAA&state=klm"
|
2012-05-15 14:29:18 +02:00
|
|
|
aresp = self.client.parse_response(AuthorizationResponse,
|
2013-02-22 09:50:04 +01:00
|
|
|
info=query, sformat="urlencoded")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert aresp["code"] == "SplxlOBeZQQYbYS6WxAAAA"
|
|
|
|
assert aresp["state"] == "klm"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert self.client.grant["klm"]
|
2012-03-19 15:19:50 +01:00
|
|
|
assert self.client.grant["klm"].code == aresp["code"]
|
2011-12-02 13:56:05 +01:00
|
|
|
assert self.client.grant["klm"].grant_expiration_time
|
|
|
|
|
|
|
|
assert _eq(self.client.grant.keys(), ['ghi', 'hij', 'klm'])
|
|
|
|
|
|
|
|
def test_parse_authz_resp_query_unknown_parameter(self):
|
|
|
|
query = "code=SplxlOBeZQQYbYS6WxSbIA&state=xyz&foo=bar"
|
2012-05-15 14:29:18 +02:00
|
|
|
aresp = self.client.parse_response(AuthorizationResponse,
|
2013-02-22 09:50:04 +01:00
|
|
|
info=query, sformat="urlencoded")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
|
|
|
|
assert aresp["state"] == "xyz"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
print aresp.__dict__.keys()
|
|
|
|
assert "foo" not in aresp.__dict__
|
2012-03-19 15:19:50 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
assert self.client.grant["xyz"]
|
2012-03-19 15:19:50 +01:00
|
|
|
assert self.client.grant["xyz"].code == aresp["code"]
|
2011-12-02 13:56:05 +01:00
|
|
|
assert self.client.grant["xyz"].grant_expiration_time
|
|
|
|
|
|
|
|
def test_get_access_token_request_1(self):
|
|
|
|
self.client.reset()
|
2012-02-17 10:06:33 +01:00
|
|
|
self.client.redirect_uris = ["http://client.example.com/authz"]
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.code = "AbCdEf"
|
2012-10-01 20:50:40 +02:00
|
|
|
grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30
|
2011-12-02 13:56:05 +01:00
|
|
|
self.client.grant = {"stat": grant}
|
|
|
|
|
|
|
|
# scope is default=""
|
|
|
|
atr = self.client.construct_AccessTokenRequest(state="stat")
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert atr["grant_type"] == "authorization_code"
|
|
|
|
assert atr["code"] == "AbCdEf"
|
|
|
|
assert atr["redirect_uri"] == "http://client.example.com/authz"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_construct_access_token_request_fail(self):
|
|
|
|
raises(Exception,
|
|
|
|
'self.client.construct_AccessTokenRequest(state="unknown")')
|
|
|
|
|
|
|
|
def test_get_access_token_request_override(self):
|
|
|
|
self.client.reset()
|
2012-02-17 10:06:33 +01:00
|
|
|
self.client.redirect_uris = ["http://client.example.com/authz"]
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.code = "AbCdEf"
|
2012-10-01 20:50:40 +02:00
|
|
|
grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30
|
2011-12-02 13:56:05 +01:00
|
|
|
self.client.grant = {"xyz": grant}
|
|
|
|
|
|
|
|
atr = self.client.construct_AccessTokenRequest(state="xyz")
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert atr["grant_type"] == "authorization_code"
|
|
|
|
assert atr["code"] == "AbCdEf"
|
|
|
|
assert atr["redirect_uri"] == "http://client.example.com/authz"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_construct_request_no_input(self):
|
|
|
|
self.client.response_type = ["code"]
|
|
|
|
atr = self.client.construct_AuthorizationRequest()
|
|
|
|
|
|
|
|
print atr
|
2012-03-19 15:19:50 +01:00
|
|
|
assert atr["redirect_uri"] == "http://client.example.com/authz"
|
|
|
|
assert atr["response_type"] == ["code"]
|
|
|
|
assert atr["client_id"] == "1"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_parse_access_token_response(self):
|
|
|
|
jso = """{
|
|
|
|
"access_token":"2YotnFZFEjr1zCsicMWpAA",
|
|
|
|
"token_type":"example",
|
|
|
|
"expires_in":3600,
|
|
|
|
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
|
|
|
|
"example_parameter":"example_value"
|
|
|
|
}"""
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
self.client.parse_response(AccessTokenResponse,
|
2012-03-19 15:19:50 +01:00
|
|
|
info="".join([
|
2013-06-04 13:50:29 +02:00
|
|
|
x.strip() for x in jso.split("\n")]))
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert self.client.grant
|
|
|
|
_grant = self.client.grant[""]
|
|
|
|
assert len(_grant.tokens) == 1
|
|
|
|
token = _grant.tokens[0]
|
|
|
|
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
|
|
|
|
assert token.token_type == "example"
|
|
|
|
assert token.expires_in == 3600
|
|
|
|
assert token.refresh_token == "tGzv3JOkF0XG5Qx2TlKWIA"
|
|
|
|
|
|
|
|
# I'm dropping parameters I don't recognize
|
|
|
|
assert "example_parameter" not in self.client.__dict__
|
|
|
|
|
|
|
|
#assert self.client.access_token_is_valid()
|
|
|
|
|
|
|
|
def test_get_access_token_refresh_1(self):
|
|
|
|
print self.client.grant
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
self.client.grant[""].grant_expiration_time = time.time() + 60
|
2011-12-02 13:56:05 +01:00
|
|
|
self.client.grant[""].code = "access_code"
|
|
|
|
token = self.client.grant[""].tokens[0]
|
|
|
|
print token
|
|
|
|
# Uses refresh_token from previous response
|
|
|
|
atr = self.client.construct_RefreshAccessTokenRequest(token=token)
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
print atr.to_dict()
|
2012-03-19 15:19:50 +01:00
|
|
|
assert atr.type() == "RefreshAccessTokenRequest"
|
|
|
|
assert atr["grant_type"] == "refresh_token"
|
|
|
|
assert atr["refresh_token"] == "tGzv3JOkF0XG5Qx2TlKWIA"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_get_access_token_refresh_2(self):
|
|
|
|
self.client.grant["foo"] = Grant()
|
2013-02-22 09:50:04 +01:00
|
|
|
_get = time_util.utc_time_sans_frac() + 60
|
|
|
|
self.client.grant["foo"].grant_expiration_time = _get
|
2011-12-02 13:56:05 +01:00
|
|
|
self.client.grant["foo"].code = "access_code"
|
|
|
|
|
|
|
|
print self.client.grant["foo"]
|
2013-02-22 09:50:04 +01:00
|
|
|
resp = AccessTokenResponse(refresh_token="refresh_with_me",
|
|
|
|
access_token="access")
|
2012-03-19 15:19:50 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
self.client.grant["foo"].tokens.append(Token(resp))
|
|
|
|
# Uses refresh_token from previous response
|
|
|
|
atr = self.client.construct_RefreshAccessTokenRequest(state="foo")
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert atr.type() == "RefreshAccessTokenRequest"
|
|
|
|
assert atr["grant_type"] == "refresh_token"
|
|
|
|
assert atr["refresh_token"] == "refresh_with_me"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_parse_authz_err_response(self):
|
|
|
|
ruri = "https://client.example.com/cb?error=access_denied&state=xyz"
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = self.client.parse_response(AuthorizationResponse,
|
2013-02-22 09:50:04 +01:00
|
|
|
info=ruri, sformat="urlencoded")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
print type(resp), resp
|
2012-03-19 15:19:50 +01:00
|
|
|
assert resp.type() == "AuthorizationErrorResponse"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert resp["error"] == "access_denied"
|
|
|
|
assert resp["state"] == "xyz"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_return_non_existant_grant(self):
|
|
|
|
assert self.client.grant_from_state("123456abcdef") is None
|
|
|
|
|
|
|
|
def test_construct_request_with_extra_args(self):
|
2011-12-10 16:36:08 +01:00
|
|
|
print self.client.__dict__.items()
|
2013-02-22 09:50:04 +01:00
|
|
|
req = self.client.construct_AccessTokenRequest(
|
|
|
|
state="foo", extra_args={"foo": "bar"})
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert req
|
|
|
|
print req.keys()
|
2012-02-02 15:30:04 +01:00
|
|
|
assert _eq(req.keys(), ['code', 'grant_type', 'client_id',
|
2011-12-02 13:56:05 +01:00
|
|
|
'redirect_uri', 'foo'])
|
2012-03-19 15:19:50 +01:00
|
|
|
assert req["foo"] == "bar"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_construct_TokenRevocationRequest(self):
|
|
|
|
req = self.client.construct_TokenRevocationRequest(state="foo")
|
|
|
|
|
|
|
|
assert req
|
|
|
|
print req.keys()
|
|
|
|
assert _eq(req.keys(), ['token'])
|
2012-03-19 15:19:50 +01:00
|
|
|
assert req["token"] == "access"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_request_info_simple(self):
|
|
|
|
self.client.authorization_endpoint = "https://example.com/authz"
|
2014-10-01 11:37:06 +02:00
|
|
|
req_args = {"state": "hmm", "response_type": "code"}
|
|
|
|
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest,
|
|
|
|
request_args=req_args)
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
# default == "POST"
|
|
|
|
assert uri == 'https://example.com/authz'
|
2014-10-01 11:37:06 +02:00
|
|
|
print body
|
2014-11-24 23:18:29 +01:00
|
|
|
body_elts = body.split('&')
|
|
|
|
expected_body = "state=hmm&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1"
|
|
|
|
expected_body_elts = expected_body.split('&')
|
|
|
|
assert set(body_elts) == set(expected_body_elts)
|
2014-06-20 13:08:32 +02:00
|
|
|
assert h_args == {'headers': {'Content-type':
|
|
|
|
'application/x-www-form-urlencoded'}}
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis.type() == "AuthorizationRequest"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_request_info_simple_get(self):
|
2014-10-01 11:37:06 +02:00
|
|
|
self.client.authorization_endpoint = "https://example.com/authz"
|
2013-02-22 09:50:04 +01:00
|
|
|
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest,
|
|
|
|
method="GET")
|
2014-11-24 23:18:29 +01:00
|
|
|
uri_obj = URLObject.create(uri)
|
|
|
|
expected_uri_obj = URLObject.create('https://example.com/authz?redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1')
|
|
|
|
assert uri_obj == expected_uri_obj
|
2011-12-02 13:56:05 +01:00
|
|
|
assert body is None
|
|
|
|
assert h_args == {}
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis.type() == "AuthorizationRequest"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_request_info_simple_get_with_req_args(self):
|
|
|
|
#self.client.authorization_endpoint = "https://example.com/authz"
|
|
|
|
uri, body, h_args, cis = self.client.request_info(
|
2013-02-22 09:50:04 +01:00
|
|
|
AuthorizationRequest, method="GET", request_args={"state": "init"})
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
uri_obj = URLObject.create(uri)
|
|
|
|
expected_uri_obj = URLObject.create('https://example.com/authz?state=init&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1')
|
|
|
|
assert uri_obj == expected_uri_obj
|
2011-12-02 13:56:05 +01:00
|
|
|
assert body is None
|
|
|
|
assert h_args == {}
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis.type() == "AuthorizationRequest"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_request_info_simple_get_with_extra_args(self):
|
|
|
|
#self.client.authorization_endpoint = "https://example.com/authz"
|
|
|
|
uri, body, h_args, cis = self.client.request_info(
|
2013-06-04 13:50:29 +02:00
|
|
|
AuthorizationRequest, method="GET", extra_args={"rock": "little"})
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
|
|
|
|
uri_obj = URLObject.create(uri)
|
|
|
|
expected_uri_obj = URLObject.create('https://example.com/authz?redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1&rock=little')
|
|
|
|
assert uri_obj == expected_uri_obj
|
2011-12-02 13:56:05 +01:00
|
|
|
assert body is None
|
|
|
|
assert h_args == {}
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis.type() == "AuthorizationRequest"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
def test_request_info_with_req_and_extra_args(self):
|
|
|
|
#self.client.authorization_endpoint = "https://example.com/authz"
|
|
|
|
uri, body, h_args, cis = self.client.request_info(
|
2012-05-15 14:29:18 +02:00
|
|
|
AuthorizationRequest,
|
2012-03-19 15:19:50 +01:00
|
|
|
method="GET",
|
2013-03-31 17:41:22 +02:00
|
|
|
request_args={"state": "init"},
|
|
|
|
extra_args={"rock": "little"})
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
uri_obj = URLObject.create(uri)
|
|
|
|
expected_uri_obj = URLObject.create('https://example.com/authz?state=init&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1&rock=little')
|
|
|
|
assert uri_obj == expected_uri_obj
|
2011-12-02 13:56:05 +01:00
|
|
|
assert body is None
|
|
|
|
assert h_args == {}
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis.type() == "AuthorizationRequest"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_get_authorization_request():
|
|
|
|
client = Client()
|
2012-02-17 10:06:33 +01:00
|
|
|
client.redirect_uris = ["https://www.example.com/authz"]
|
2011-12-02 13:56:05 +01:00
|
|
|
client.client_id = "a1b2c3"
|
2013-03-31 17:41:22 +02:00
|
|
|
args = {"response_type": ["code"]}
|
2011-12-02 13:56:05 +01:00
|
|
|
ar = client.construct_AuthorizationRequest(request_args=args)
|
2012-03-19 15:19:50 +01:00
|
|
|
assert ar["client_id"] == 'a1b2c3'
|
|
|
|
assert ar["redirect_uri"] == 'https://www.example.com/authz'
|
|
|
|
assert ar["response_type"] == ['code']
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
client = Client()
|
|
|
|
client.client_id = "a1b2c3"
|
2013-03-31 17:41:22 +02:00
|
|
|
args = {"response_type": ["code"],
|
2011-12-02 13:56:05 +01:00
|
|
|
"redirect_uri": "https://www.example.com/authz"}
|
|
|
|
ar = client.construct_AuthorizationRequest(request_args=args)
|
2012-03-19 15:19:50 +01:00
|
|
|
assert ar["client_id"] == 'a1b2c3'
|
|
|
|
assert ar["redirect_uri"] == 'https://www.example.com/authz'
|
|
|
|
assert ar["response_type"] == ['code']
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_get_access_token_request():
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant(1)
|
|
|
|
grant.add_code(resp)
|
|
|
|
|
|
|
|
client = Client()
|
|
|
|
client.grant["openid"] = grant
|
|
|
|
time.sleep(2)
|
2012-03-19 15:19:50 +01:00
|
|
|
try:
|
|
|
|
client.construct_AccessTokenRequest(state="openid")
|
|
|
|
except Exception, err:
|
|
|
|
assert err.__class__.__name__ == "GrantExpired"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_parse_access_token_response():
|
|
|
|
client = Client()
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
at = AccessTokenResponse(access_token="SlAV32hkKG", token_type="Bearer",
|
|
|
|
refresh_token="8xLOxBtZp8", expire_in=3600)
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
atj = at.to_json()
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
ATR = AccessTokenResponse
|
2011-12-02 13:56:05 +01:00
|
|
|
atr = client.parse_response(ATR, info=atj)
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert _eq(atr.keys(), ['access_token', 'token_type', u'expire_in',
|
|
|
|
'refresh_token'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
uec = at.to_urlencoded()
|
2011-12-02 13:56:05 +01:00
|
|
|
raises(ValueError, 'client.parse_response(ATR, info=uec)')
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
uatr = client.parse_response(ATR, info=uec, sformat="urlencoded")
|
2012-03-19 15:19:50 +01:00
|
|
|
assert _eq(uatr.keys(), ['access_token', 'token_type', 'expire_in',
|
|
|
|
'refresh_token'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
huec = "%s?%s" % ("https://example.com/token", uec)
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
uatr = client.parse_response(ATR, info=huec, sformat="urlencoded")
|
2012-03-19 15:19:50 +01:00
|
|
|
assert _eq(uatr.keys(), ['access_token', 'token_type', 'expire_in',
|
|
|
|
'refresh_token'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
err = ErrorResponse(error="invalid_request",
|
2012-03-19 15:19:50 +01:00
|
|
|
error_description="Something was missing",
|
|
|
|
error_uri="http://example.com/error_message.html")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
jerr = err.to_json()
|
|
|
|
uerr = err.to_urlencoded()
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
_ = client.parse_response(ATR, info=jerr)
|
2013-02-22 09:50:04 +01:00
|
|
|
_ = client.parse_response(ATR, info=uerr, sformat="urlencoded")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
raises(Exception,
|
2013-02-22 09:50:04 +01:00
|
|
|
'client.parse_response(ATR, info=jerr, sformat="urlencoded")')
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
raises(Exception, "client.parse_response(ATR, info=uerr)")
|
|
|
|
|
|
|
|
raises(Exception,
|
2013-02-22 09:50:04 +01:00
|
|
|
'client.parse_response(ATR, info=jerr, sformat="focus")')
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_parse_access_token_response_missing_attribute():
|
2012-05-15 14:29:18 +02:00
|
|
|
at = AccessTokenResponse(access_token="SlAV32hkKG",
|
2013-02-22 09:50:04 +01:00
|
|
|
token_type="Bearer", refresh_token="8xLOxBtZp8",
|
|
|
|
expire_in=3600)
|
2012-03-19 15:19:50 +01:00
|
|
|
|
|
|
|
atdict = at.to_dict()
|
2011-12-02 13:56:05 +01:00
|
|
|
del atdict["access_token"]
|
|
|
|
atj = json.dumps(atdict)
|
|
|
|
print atj
|
|
|
|
client = Client()
|
2012-05-15 14:29:18 +02:00
|
|
|
ATR = AccessTokenResponse
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
try:
|
|
|
|
client.parse_response(ATR, info=atj)
|
|
|
|
except Exception, err:
|
|
|
|
assert err.__class__.__name__ == "MissingRequiredAttribute"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
atuec = urllib.urlencode(atdict)
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
try:
|
2013-02-22 09:50:04 +01:00
|
|
|
client.parse_response(ATR, info=atuec, sformat='urlencoded')
|
2012-03-19 15:19:50 +01:00
|
|
|
except Exception, err:
|
|
|
|
assert err.__class__.__name__ == "MissingRequiredAttribute"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_crypt():
|
|
|
|
crypt = Crypt("4-amino-1H-pyrimidine-2-one")
|
|
|
|
ctext = crypt.encrypt("Cytosine")
|
|
|
|
plain = crypt.decrypt(ctext)
|
|
|
|
print plain
|
|
|
|
assert plain == 'Cytosine '
|
|
|
|
|
|
|
|
ctext = crypt.encrypt("cytidinetriphosp")
|
|
|
|
plain = crypt.decrypt(ctext)
|
|
|
|
|
|
|
|
assert plain == 'cytidinetriphosp'
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_crypt2():
|
|
|
|
db = {}
|
|
|
|
csum = hmac.new("secret", digestmod=hashlib.sha224)
|
|
|
|
csum.update("%s" % time.time())
|
|
|
|
csum.update("%f" % random.random())
|
2013-02-22 09:50:04 +01:00
|
|
|
txt = csum.digest() # 28 bytes long, 224 bits
|
2011-12-02 13:56:05 +01:00
|
|
|
print len(txt)
|
|
|
|
db[txt] = "foobar"
|
2013-02-22 09:50:04 +01:00
|
|
|
txt = "%saces" % txt # another 4 bytes
|
2011-12-02 13:56:05 +01:00
|
|
|
#print len(txt), txt
|
|
|
|
crypt = Crypt("4-amino-1H-pyrimidine-2-one")
|
|
|
|
ctext = crypt.encrypt(txt)
|
|
|
|
onthewire = base64.b64encode(ctext)
|
|
|
|
#print onthewire
|
|
|
|
plain = crypt.decrypt(base64.b64decode(onthewire))
|
|
|
|
#print len(plain), plain
|
|
|
|
#assert plain == txt
|
|
|
|
assert plain.endswith("aces")
|
|
|
|
assert db[plain[:-4]] == "foobar"
|
|
|
|
|
|
|
|
|
|
|
|
def test_grant_init():
|
|
|
|
grant = Grant()
|
|
|
|
assert grant.grant_expiration_time == 0
|
|
|
|
|
|
|
|
grant = Grant()
|
|
|
|
assert grant.grant_expiration_time == 0
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_resp():
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.add_code(resp)
|
|
|
|
|
|
|
|
assert grant.code == "code"
|
|
|
|
assert grant.grant_expiration_time != 0
|
|
|
|
|
|
|
|
grant = Grant(1)
|
|
|
|
grant.add_code(resp)
|
|
|
|
time.sleep(2)
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
assert grant.is_valid() is False
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
grant = Grant.from_code(resp)
|
|
|
|
assert grant.code == "code"
|
|
|
|
assert grant.grant_expiration_time != 0
|
|
|
|
|
|
|
|
|
|
|
|
def test_grant_access_token_1():
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.add_code(resp)
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
|
2013-02-22 09:50:04 +01:00
|
|
|
token_type="example", expires_in=1,
|
|
|
|
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
|
|
|
|
example_parameter="example_value",
|
|
|
|
xscope=["inner", "outer"])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
token = Token(atr)
|
|
|
|
grant.tokens.append(token)
|
|
|
|
|
|
|
|
print grant.keys()
|
2012-01-24 11:24:13 +01:00
|
|
|
assert _eq(grant.keys(), ['tokens', 'id_token', 'code', 'exp_in', 'seed',
|
2011-12-02 13:56:05 +01:00
|
|
|
'grant_expiration_time'])
|
|
|
|
print token.keys()
|
|
|
|
assert _eq(token.keys(), ['token_expiration_time', 'access_token',
|
|
|
|
'expires_in', 'example_parameter', 'token_type',
|
2012-02-05 13:02:27 +01:00
|
|
|
'xscope', 'refresh_token', 'scope',
|
|
|
|
'replaced'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
|
|
|
|
assert token.token_type == "example"
|
|
|
|
assert token.refresh_token == "tGzv3JOkF0XG5Qx2TlKWIA"
|
|
|
|
assert token.example_parameter == "example_value"
|
|
|
|
assert token.xscope == ["inner", "outer"]
|
|
|
|
assert token.token_expiration_time != 0
|
|
|
|
|
|
|
|
time.sleep(2)
|
2013-05-01 09:08:21 +02:00
|
|
|
assert token.is_valid() is False
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_grant_access_token_2():
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.add_code(resp)
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
|
|
|
|
token_type="example",
|
|
|
|
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
|
|
|
|
example_parameter="example_value",
|
|
|
|
scope=["inner", "outer"])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
grant.add_token(atr)
|
|
|
|
|
|
|
|
assert len(grant.tokens) == 1
|
|
|
|
time.sleep(2)
|
|
|
|
token = grant.tokens[0]
|
2013-02-22 09:50:04 +01:00
|
|
|
assert token.is_valid() is True
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert "%s" % grant != ""
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_client_get_grant():
|
|
|
|
cli = Client()
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = AuthorizationResponse(code="code", state="state")
|
2011-12-02 13:56:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.add_code(resp)
|
|
|
|
|
|
|
|
cli.grant["state"] = grant
|
|
|
|
|
|
|
|
gr1 = cli.grant_from_state("state")
|
|
|
|
|
|
|
|
assert gr1.code == "code"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_client_parse_args():
|
|
|
|
cli = Client()
|
|
|
|
|
|
|
|
args = {
|
2013-02-22 09:50:04 +01:00
|
|
|
"response_type": "",
|
|
|
|
"client_id": "client_id",
|
|
|
|
"redirect_uri": "http://example.com/authz",
|
|
|
|
"scope": "scope",
|
|
|
|
"state": "state",
|
|
|
|
}
|
2012-03-19 15:19:50 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
ar_args = cli._parse_args(AuthorizationRequest, **args)
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
assert _eq(ar_args.keys(), ['scope', 'state', 'redirect_uri',
|
|
|
|
'response_type', 'client_id'])
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_client_parse_extra_args():
|
|
|
|
cli = Client()
|
|
|
|
|
|
|
|
args = {
|
2013-02-22 09:50:04 +01:00
|
|
|
"response_type": "",
|
|
|
|
"client_id": "client_id",
|
|
|
|
"redirect_uri": "http://example.com/authz",
|
|
|
|
"scope": "scope",
|
|
|
|
"state": "state",
|
2011-12-02 13:56:05 +01:00
|
|
|
"extra_session": "home"
|
|
|
|
}
|
2012-05-15 14:29:18 +02:00
|
|
|
ar_args = cli._parse_args(AuthorizationRequest, **args)
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert _eq(ar_args.keys(), ['state', 'redirect_uri', 'response_type',
|
|
|
|
'client_id', 'scope', 'extra_session'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_client_endpoint():
|
|
|
|
cli = Client()
|
|
|
|
cli.authorization_endpoint = "https://example.org/oauth2/as"
|
|
|
|
cli.token_endpoint = "https://example.org/oauth2/token"
|
|
|
|
cli.token_revocation_endpoint = "https://example.org/oauth2/token_rev"
|
|
|
|
|
|
|
|
ae = cli._endpoint("authorization_endpoint")
|
|
|
|
assert ae == "https://example.org/oauth2/as"
|
|
|
|
te = cli._endpoint("token_endpoint")
|
|
|
|
assert te == "https://example.org/oauth2/token"
|
|
|
|
tre = cli._endpoint("token_revocation_endpoint")
|
|
|
|
assert tre == "https://example.org/oauth2/token_rev"
|
|
|
|
|
|
|
|
ae = cli._endpoint("authorization_endpoint", **{
|
2012-03-19 15:19:50 +01:00
|
|
|
"authorization_endpoint": "https://example.com/as"})
|
2011-12-02 13:56:05 +01:00
|
|
|
assert ae == "https://example.com/as"
|
|
|
|
|
|
|
|
cli.token_endpoint = ""
|
|
|
|
raises(Exception, 'cli._endpoint("token_endpoint")')
|
|
|
|
raises(Exception, 'cli._endpoint("foo_endpoint")')
|
|
|
|
|
|
|
|
|
|
|
|
def test_server_parse_parse_authorization_request():
|
|
|
|
srv = Server()
|
2012-05-15 14:29:18 +02:00
|
|
|
ar = AuthorizationRequest(response_type=["code"],
|
|
|
|
client_id="foobar",
|
|
|
|
redirect_uri="http://foobar.example.com/oaclient",
|
|
|
|
state="cold")
|
2012-03-19 15:19:50 +01:00
|
|
|
|
|
|
|
uencq = ar.to_urlencoded()
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
areq = srv.parse_authorization_request(query=uencq)
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert areq.type() == "AuthorizationRequest"
|
|
|
|
assert areq["response_type"] == ["code"]
|
|
|
|
assert areq["client_id"] == "foobar"
|
|
|
|
assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
|
|
|
|
assert areq["state"] == "cold"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
urluenc = "%s?%s" % ("https://example.com/authz", uencq)
|
|
|
|
|
|
|
|
areq = srv.parse_authorization_request(url=urluenc)
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert areq.type() == "AuthorizationRequest"
|
|
|
|
assert areq["response_type"] == ["code"]
|
|
|
|
assert areq["client_id"] == "foobar"
|
|
|
|
assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
|
|
|
|
assert areq["state"] == "cold"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_server_parse_jwt_request():
|
|
|
|
srv = Server()
|
2012-05-15 14:29:18 +02:00
|
|
|
ar = AuthorizationRequest(response_type=["code"],
|
2013-02-22 09:50:04 +01:00
|
|
|
client_id="foobar",
|
|
|
|
redirect_uri="http://foobar.example.com/oaclient",
|
|
|
|
state="cold")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
srv.keyjar["foobar"] = KeyBundle([
|
2013-06-04 13:50:29 +02:00
|
|
|
{"kty": "oct", "key": "A1B2C3D4", "use": "ver"},
|
|
|
|
{"kty": "oct", "key": "A1B2C3D4", "use": "sig"}])
|
2013-03-14 15:14:38 +01:00
|
|
|
srv.keyjar[""] = KeyBundle([
|
2013-06-04 13:50:29 +02:00
|
|
|
{"kty": "oct", "key": "A1B2C3D4", "use": "ver"},
|
|
|
|
{"kty": "oct", "key": "A1B2C3D4", "use": "sig"}])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
keys = srv.keyjar.get_signing_key(owner="foobar")
|
2012-03-19 15:19:50 +01:00
|
|
|
_jwt = ar.to_jwt(key=keys, algorithm="HS256")
|
2012-02-19 20:14:03 +01:00
|
|
|
|
2012-02-22 11:27:27 +01:00
|
|
|
req = srv.parse_jwt_request(txt=_jwt)
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert req.type() == "AuthorizationRequest"
|
|
|
|
assert req["response_type"] == ["code"]
|
|
|
|
assert req["client_id"] == "foobar"
|
|
|
|
assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
|
|
|
|
assert req["state"] == "cold"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_server_parse_token_request():
|
2013-02-22 09:50:04 +01:00
|
|
|
atr = AccessTokenRequest(
|
|
|
|
grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA",
|
|
|
|
redirect_uri="https://client.example.com/cb", extra="foo")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
uenc = atr.to_urlencoded()
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
srv = Server()
|
|
|
|
tr = srv.parse_token_request(body=uenc)
|
|
|
|
print tr.keys()
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert tr.type() == "AccessTokenRequest"
|
|
|
|
assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'extra'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert tr["grant_type"] == "authorization_code"
|
|
|
|
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
tr = srv.parse_token_request(body=uenc)
|
2011-12-02 13:56:05 +01:00
|
|
|
print tr.keys()
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert tr.type() == "AccessTokenRequest"
|
2011-12-10 16:36:08 +01:00
|
|
|
assert _eq(tr.keys(), ['code', 'grant_type', 'redirect_uri', 'extra'])
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert tr["extra"] == "foo"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2011-12-02 13:56:05 +01:00
|
|
|
def test_server_parse_refresh_token_request():
|
2012-05-15 14:29:18 +02:00
|
|
|
ratr = RefreshAccessTokenRequest(refresh_token="ababababab",
|
2013-02-22 09:50:04 +01:00
|
|
|
client_id="Client_id")
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
uenc = ratr.to_urlencoded()
|
2011-12-02 13:56:05 +01:00
|
|
|
|
|
|
|
srv = Server()
|
|
|
|
tr = srv.parse_refresh_token_request(body=uenc)
|
|
|
|
print tr.keys()
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert tr.type() == "RefreshAccessTokenRequest"
|
|
|
|
assert tr["refresh_token"] == "ababababab"
|
|
|
|
assert tr["client_id"] == "Client_id"
|
2011-12-02 13:56:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2012-01-16 15:37:05 +01:00
|
|
|
def test_client_secret_post():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
cis = AccessTokenRequest(code="foo", redirect_uri="http://example.com")
|
2012-03-19 15:19:50 +01:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
csp = ClientSecretPost(client)
|
|
|
|
http_args = csp.construct(cis)
|
2012-01-16 15:37:05 +01:00
|
|
|
|
2012-02-02 15:30:04 +01:00
|
|
|
print cis
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis["client_id"] == "A"
|
|
|
|
assert cis["client_secret"] == "boarding pass"
|
2012-01-16 15:37:05 +01:00
|
|
|
print http_args
|
|
|
|
assert http_args is None
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
cis = AccessTokenRequest(code="foo", redirect_uri="http://example.com")
|
2012-02-02 15:30:04 +01:00
|
|
|
|
2012-01-16 15:37:05 +01:00
|
|
|
request_args = {}
|
2013-03-31 17:41:22 +02:00
|
|
|
http_args = csp.construct(cis, request_args,
|
|
|
|
http_args={"client_secret": "another"})
|
2012-01-16 15:37:05 +01:00
|
|
|
|
2012-02-02 15:30:04 +01:00
|
|
|
print cis
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis["client_id"] == "A"
|
|
|
|
assert cis["client_secret"] == "another"
|
2012-01-16 15:37:05 +01:00
|
|
|
print http_args
|
|
|
|
assert http_args == {}
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
def test_client_secret_basic():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
|
|
|
cis = AccessTokenRequest(code="foo", redirect_uri="http://example.com")
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
csb = ClientSecretBasic(client)
|
|
|
|
http_args = csb.construct(cis)
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2014-05-06 11:02:09 +02:00
|
|
|
assert http_args == {"headers": {'Authorization': 'Basic %s'
|
|
|
|
% base64.b64encode('A:boarding pass')}}
|
2012-01-16 15:37:05 +01:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2012-01-16 15:37:05 +01:00
|
|
|
def test_bearer_header():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
|
|
|
request_args = {"access_token": "Sesame"}
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
cis = ResourceRequest()
|
2012-02-02 15:30:04 +01:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
bh = BearerHeader(client)
|
|
|
|
http_args = bh.construct(cis, request_args)
|
2012-02-02 15:30:04 +01:00
|
|
|
|
|
|
|
print cis
|
2012-01-16 15:37:05 +01:00
|
|
|
print http_args
|
2013-02-22 09:50:04 +01:00
|
|
|
assert http_args == {"headers": {"Authorization": "Bearer Sesame"}}
|
|
|
|
|
2012-01-16 15:37:05 +01:00
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
def test_bearer_header_with_http_args():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
|
|
|
request_args = {"access_token": "Sesame"}
|
|
|
|
|
|
|
|
cis = ResourceRequest()
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
bh = BearerHeader(client)
|
|
|
|
http_args = bh.construct(cis, request_args, http_args={"foo": "bar"})
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
print cis
|
|
|
|
print http_args
|
|
|
|
assert _eq(http_args.keys(), ["foo", "headers"])
|
2013-02-22 09:50:04 +01:00
|
|
|
assert http_args["headers"] == {"Authorization": "Bearer Sesame"}
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
# -----------------
|
|
|
|
|
|
|
|
request_args = {"access_token": "Sesame"}
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
bh = BearerHeader(client)
|
|
|
|
http_args = bh.construct(cis, request_args,
|
|
|
|
http_args={"headers": {"x-foo": "bar"}})
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
print cis
|
|
|
|
print http_args
|
|
|
|
assert _eq(http_args.keys(), ["headers"])
|
|
|
|
assert _eq(http_args["headers"].keys(), ["Authorization", "x-foo"])
|
|
|
|
assert http_args["headers"]["Authorization"] == "Bearer Sesame"
|
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
def test_bearer_header_2():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
bh = BearerHeader(client)
|
2013-02-22 09:50:04 +01:00
|
|
|
cis = ResourceRequest(access_token="Sesame")
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2013-03-31 17:41:22 +02:00
|
|
|
http_args = bh.construct(cis)
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
print cis
|
|
|
|
assert "access_token" not in cis
|
|
|
|
print http_args
|
2013-02-22 09:50:04 +01:00
|
|
|
assert http_args == {"headers": {"Authorization": "Bearer Sesame"}}
|
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
def test_bearer_header_3():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
|
|
|
resp1 = AuthorizationResponse(code="auth_grant", state="state")
|
|
|
|
client.parse_response(AuthorizationResponse, resp1.to_urlencoded(),
|
|
|
|
"urlencoded")
|
|
|
|
resp2 = AccessTokenResponse(access_token="token1",
|
|
|
|
token_type="Bearer", expires_in=0,
|
|
|
|
state="state")
|
|
|
|
client.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
|
|
|
|
"urlencoded")
|
|
|
|
|
|
|
|
cis = ResourceRequest()
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
http_args = BearerHeader(client).construct(cis, state="state")
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
print cis
|
|
|
|
assert "access_token" not in cis
|
|
|
|
print http_args
|
2013-03-31 17:41:22 +02:00
|
|
|
assert http_args == {"headers": {"Authorization": "Bearer token1"}}
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
|
2012-01-16 15:37:05 +01:00
|
|
|
def test_bearer_body():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
|
|
|
request_args = {"access_token": "Sesame"}
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
cis = ResourceRequest()
|
2013-03-31 17:41:22 +02:00
|
|
|
http_args = BearerBody(client).construct(cis, request_args)
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis["access_token"] == "Sesame"
|
2012-01-16 15:37:05 +01:00
|
|
|
print http_args
|
|
|
|
assert http_args is None
|
|
|
|
|
|
|
|
# ----------
|
2012-05-15 14:29:18 +02:00
|
|
|
resp = AuthorizationResponse(code="code", state="state")
|
2012-01-16 15:37:05 +01:00
|
|
|
grant = Grant()
|
|
|
|
grant.add_code(resp)
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
|
|
|
|
token_type="example",
|
|
|
|
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
|
|
|
|
example_parameter="example_value",
|
|
|
|
scope=["inner", "outer"])
|
2012-01-16 15:37:05 +01:00
|
|
|
|
|
|
|
grant.add_token(atr)
|
|
|
|
client.grant["state"] = grant
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
cis = ResourceRequest()
|
2013-06-04 13:50:29 +02:00
|
|
|
http_args = BearerBody(client).construct(cis, {}, state="state",
|
|
|
|
scope="inner")
|
2012-03-19 15:19:50 +01:00
|
|
|
assert cis["access_token"] == "2YotnFZFEjr1zCsicMWpAA"
|
2012-01-16 15:37:05 +01:00
|
|
|
print http_args
|
|
|
|
assert http_args is None
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2013-02-22 09:50:04 +01:00
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
def test_bearer_body_get_token():
|
|
|
|
client = Client("A")
|
|
|
|
client.client_secret = "boarding pass"
|
|
|
|
|
|
|
|
resp1 = AuthorizationResponse(code="auth_grant", state="state")
|
|
|
|
client.parse_response(AuthorizationResponse, resp1.to_urlencoded(),
|
|
|
|
"urlencoded")
|
|
|
|
resp2 = AccessTokenResponse(access_token="token1",
|
|
|
|
token_type="Bearer", expires_in=0,
|
|
|
|
state="state")
|
|
|
|
client.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
|
|
|
|
"urlencoded")
|
|
|
|
|
|
|
|
cis = ResourceRequest()
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
_ = BearerBody(client).construct(cis, state="state")
|
2012-05-29 16:19:43 +02:00
|
|
|
|
|
|
|
assert "access_token" in cis
|
|
|
|
assert cis["access_token"] == "token1"
|
2013-06-04 13:50:29 +02:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2014-10-01 11:37:06 +02:00
|
|
|
# tc = TestOAuthClient()
|
|
|
|
# tc.setup_class()
|
|
|
|
# tc.test_request_info_simple_get()
|
|
|
|
|
|
|
|
test_bearer_body()
|