2011-11-30 15:06:19 +01:00
|
|
|
__author__ = 'rohe0002'
|
|
|
|
import urllib
|
|
|
|
|
|
|
|
from pytest import raises
|
|
|
|
|
2011-12-08 07:31:42 +01:00
|
|
|
from oic.oauth2 import rndstr
|
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
from oic.oauth2.consumer import Consumer
|
|
|
|
from oic.oauth2.consumer import stateID
|
|
|
|
from oic.oauth2.consumer import factory
|
|
|
|
|
2013-04-03 22:11:44 +02:00
|
|
|
from oic.utils.http_util import make_cookie
|
2012-02-05 13:02:27 +01:00
|
|
|
from oic.oauth2.message import MissingRequiredAttribute
|
2012-05-15 14:29:18 +02:00
|
|
|
from oic.oauth2.message import AuthorizationResponse
|
|
|
|
from oic.oauth2.message import AuthorizationErrorResponse
|
|
|
|
from oic.oauth2.message import AccessTokenResponse
|
|
|
|
from oic.oauth2.message import TokenErrorResponse
|
2012-02-05 13:02:27 +01:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
from oic.oauth2.consumer import AuthzError
|
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
from utils_for_tests import URLObject
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
#from oic.oauth2.message import
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-03-24 19:26:03 +01:00
|
|
|
# client_id=None, ca_certs=None,grant_expire_in=600, client_timeout=0,
|
|
|
|
# jwt_keys=None
|
2011-11-30 15:06:19 +01:00
|
|
|
CLIENT_CONFIG = {
|
|
|
|
"client_id": "number5",
|
|
|
|
"ca_certs": "/usr/local/etc/oic/ca_certs.txt",
|
|
|
|
}
|
|
|
|
|
|
|
|
CONSUMER_CONFIG = {
|
|
|
|
"authz_page": "/authz",
|
|
|
|
"flow_type": "code",
|
|
|
|
#"password": args.passwd,
|
|
|
|
"scope": ["openid"],
|
|
|
|
"response_type": "code",
|
|
|
|
#"expire_in": 600,
|
|
|
|
}
|
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
SERVER_INFO = {
|
|
|
|
"version": "3.0",
|
|
|
|
"issuer": "https://connect-op.heroku.com",
|
|
|
|
"authorization_endpoint": "http://localhost:8088/authorization",
|
|
|
|
"token_endpoint": "http://localhost:8088/token",
|
2012-01-16 15:37:05 +01:00
|
|
|
#"userinfo_endpoint":"http://localhost:8088/user_info",
|
2011-11-30 15:06:19 +01:00
|
|
|
#"check_id_endpoint":"http://localhost:8088/id_token",
|
|
|
|
#"registration_endpoint":"https://connect-op.heroku.com/connect/client",
|
|
|
|
#"scopes_supported":["openid","profile","email","address","PPID"],
|
2013-05-28 16:02:12 +02:00
|
|
|
"flows_supported": ["code", "token", "code token"],
|
2011-11-30 15:06:19 +01:00
|
|
|
#"identifiers_supported":["public","ppid"],
|
|
|
|
#"x509_url":"https://connect-op.heroku.com/cert.pem"
|
|
|
|
}
|
|
|
|
|
|
|
|
BASE_ENVIRON = {'SERVER_PROTOCOL': 'HTTP/1.1',
|
2013-05-28 16:02:12 +02:00
|
|
|
'REQUEST_METHOD': 'GET',
|
|
|
|
'QUERY_STRING': '',
|
|
|
|
'HTTP_CONNECTION': 'keep-alive',
|
|
|
|
'REMOTE_ADDR': '127.0.0.1',
|
|
|
|
'wsgi.url_scheme': 'http',
|
|
|
|
'SERVER_PORT': '8087',
|
|
|
|
'PATH_INFO': '/register',
|
|
|
|
'HTTP_HOST': 'localhost:8087',
|
|
|
|
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
|
|
|
|
|
|
|
|
'HTTP_ACCEPT_LANGUAGE': 'sv-se',
|
|
|
|
'CONTENT_TYPE': 'text/plain',
|
|
|
|
'REMOTE_HOST': '1.0.0.127.in-addr.arpa',
|
|
|
|
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
|
|
|
|
'COMMAND_MODE': 'unix2003'}
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_stateID():
|
|
|
|
seed = rndstr()
|
2013-05-28 16:02:12 +02:00
|
|
|
sid0 = stateID("http://example.com/home", seed)
|
|
|
|
sid1 = stateID("http://example.com/home", seed)
|
2011-11-30 15:06:19 +01:00
|
|
|
assert sid0
|
|
|
|
assert sid1
|
|
|
|
assert sid0 != sid1
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_init_consumer():
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer({}, client_config=CLIENT_CONFIG, server_info=SERVER_INFO,
|
|
|
|
**CONSUMER_CONFIG)
|
2011-11-30 15:06:19 +01:00
|
|
|
assert cons
|
|
|
|
|
|
|
|
cons._backup("123456")
|
|
|
|
|
|
|
|
assert "123456" in cons.sdb
|
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer({}, client_config=CLIENT_CONFIG, **CONSUMER_CONFIG)
|
2011-11-30 15:06:19 +01:00
|
|
|
assert cons.authorization_endpoint is None
|
|
|
|
|
|
|
|
cons = Consumer({}, **CONSUMER_CONFIG)
|
|
|
|
assert cons.authorization_endpoint is None
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_factory():
|
|
|
|
_session_db = {}
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
|
|
|
|
sid = stateID("https://example.org/", cons.seed)
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = sid
|
2011-11-30 15:06:19 +01:00
|
|
|
cons._backup(sid)
|
|
|
|
cons.sdb["seed:%s" % cons.seed] = sid
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
kaka = make_cookie(CLIENT_CONFIG["client_id"], _state, cons.seed,
|
2013-05-28 16:02:12 +02:00
|
|
|
expire=360, path="/")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
|
|
|
_oac = factory(kaka[1], _session_db, CLIENT_CONFIG["client_id"],
|
2013-05-28 16:02:12 +02:00
|
|
|
client_config=CLIENT_CONFIG, server_info=SERVER_INFO,
|
2011-11-30 15:06:19 +01:00
|
|
|
**CONSUMER_CONFIG)
|
|
|
|
|
|
|
|
assert _oac
|
2014-10-01 11:37:06 +02:00
|
|
|
assert _oac.client_id == cons.client_id
|
2011-11-30 15:06:19 +01:00
|
|
|
assert _oac.seed == cons.seed
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_consumer_begin():
|
|
|
|
_session_db = {}
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, loc = cons.begin("http://localhost:8087",
|
|
|
|
"http://localhost:8088/authorization")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
|
|
|
# state is dynamic
|
2013-03-14 15:14:38 +01:00
|
|
|
params = {"scope": "openid",
|
2014-10-01 11:37:06 +02:00
|
|
|
"state": sid,
|
2013-03-14 15:14:38 +01:00
|
|
|
"redirect_uri": "http://localhost:8087/authz",
|
|
|
|
"response_type": "code",
|
|
|
|
"client_id": "number5"}
|
2011-11-30 15:06:19 +01:00
|
|
|
|
|
|
|
url = "http://localhost:8088/authorization?%s" % urllib.urlencode(params)
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
loc_obj = URLObject.create(loc)
|
|
|
|
url_obj = URLObject.create(url)
|
|
|
|
assert loc_obj == url_obj
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-12-05 14:59:41 +01:00
|
|
|
def test_consumer_handle_authorization_response():
|
2011-11-30 15:06:19 +01:00
|
|
|
_session_db = {}
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.debug = True
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, loc = cons.begin("http://localhost:8087",
|
|
|
|
"http://localhost:8088/authorization")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
|
2014-10-01 11:37:06 +02:00
|
|
|
state=sid)
|
2012-03-19 15:19:50 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
res = cons.handle_authorization_response(query=atr.to_urlencoded())
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert res.type() == "AuthorizationResponse"
|
2014-10-01 11:37:06 +02:00
|
|
|
print cons.grant[sid]
|
|
|
|
grant = cons.grant[sid]
|
2011-11-30 15:06:19 +01:00
|
|
|
assert grant.code == "SplxlOBeZQQYbYS6WxSbIA"
|
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_consumer_parse_authz_exception():
|
|
|
|
_session_db = {}
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.debug = True
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, loc = cons.begin("http://localhost:8087",
|
|
|
|
"http://localhost:8088/authorization")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA",
|
2014-10-01 11:37:06 +02:00
|
|
|
state=sid)
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
adict = atr.to_dict()
|
2011-11-30 15:06:19 +01:00
|
|
|
del adict["code"]
|
2013-03-14 15:14:38 +01:00
|
|
|
QUERY_STRING = urllib.urlencode(adict)
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-02-05 13:02:27 +01:00
|
|
|
raises(MissingRequiredAttribute,
|
2013-03-14 15:14:38 +01:00
|
|
|
"cons.handle_authorization_response(query=QUERY_STRING)")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_consumer_parse_authz_error():
|
|
|
|
_session_db = {}
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.debug = True
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, loc = cons.begin("http://localhost:8087",
|
|
|
|
"http://localhost:8088/authorization")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
atr = AuthorizationErrorResponse(error="access_denied", state=sid)
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
QUERY_STRING = atr.to_urlencoded()
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2011-12-05 14:59:41 +01:00
|
|
|
raises(AuthzError,
|
2013-03-14 15:14:38 +01:00
|
|
|
"cons.handle_authorization_response(query=QUERY_STRING)")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_consumer_parse_access_token():
|
2011-12-02 13:56:05 +01:00
|
|
|
# implicit flow test
|
2011-11-30 15:06:19 +01:00
|
|
|
_session_db = {}
|
2013-05-28 16:02:12 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.debug = True
|
|
|
|
environ = BASE_ENVIRON
|
|
|
|
|
|
|
|
cons.response_type = ["token"]
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, loc = cons.begin("http://localhost:8087",
|
|
|
|
"http://localhost:8088/authorization")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
|
|
|
|
token_type="example",
|
|
|
|
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
|
|
|
|
example_parameter="example_value",
|
2014-10-01 11:37:06 +02:00
|
|
|
state=sid)
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
res = cons.handle_authorization_response(query=atr.to_urlencoded())
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
assert res.type() == "AccessTokenResponse"
|
2014-10-01 11:37:06 +02:00
|
|
|
print cons.grant[sid]
|
|
|
|
grant = cons.grant[sid]
|
2011-12-02 13:56:05 +01:00
|
|
|
assert len(grant.tokens) == 1
|
|
|
|
token = grant.tokens[0]
|
|
|
|
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-11-30 15:06:19 +01:00
|
|
|
def test_consumer_parse_authz_error_2():
|
|
|
|
_session_db = {}
|
2013-04-03 22:11:44 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2011-11-30 15:06:19 +01:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.debug = True
|
|
|
|
|
2013-03-14 15:14:38 +01:00
|
|
|
_ = cons.begin("http://localhost:8087",
|
|
|
|
"http://localhost:8088/authorization")
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = TokenErrorResponse(error="invalid_client")
|
2013-03-14 15:14:38 +01:00
|
|
|
QUERY_STRING = atr.to_urlencoded()
|
2011-11-30 15:06:19 +01:00
|
|
|
|
2011-12-05 14:59:41 +01:00
|
|
|
raises(AuthzError,
|
2013-03-14 15:14:38 +01:00
|
|
|
"cons.handle_authorization_response(query=QUERY_STRING)")
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
def test_consumer_client_auth_info():
|
|
|
|
_session_db = {}
|
2013-04-03 22:11:44 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2012-05-29 16:19:43 +02:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.client_secret = "secret0"
|
|
|
|
ra, ha, extra = cons.client_auth_info()
|
|
|
|
assert ra == {'client_secret': 'secret0', 'client_id': 'number5'}
|
|
|
|
assert ha == {}
|
|
|
|
assert extra == {'auth_method': 'bearer_body'}
|
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2012-05-29 16:19:43 +02:00
|
|
|
def test_consumer_client_get_access_token_reques():
|
|
|
|
_session_db = {}
|
2013-04-03 22:11:44 +02:00
|
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
2012-05-29 16:19:43 +02:00
|
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
|
|
cons.client_secret = "secret0"
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state"
|
2012-05-29 16:19:43 +02:00
|
|
|
cons.redirect_uris = ["https://www.example.com/oic/cb"]
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
|
2012-05-29 16:19:43 +02:00
|
|
|
cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(),
|
2013-05-28 16:02:12 +02:00
|
|
|
"urlencoded")
|
2012-05-29 16:19:43 +02:00
|
|
|
resp2 = AccessTokenResponse(access_token="token1",
|
|
|
|
token_type="Bearer", expires_in=0,
|
2014-10-01 11:37:06 +02:00
|
|
|
state=_state)
|
2012-05-29 16:19:43 +02:00
|
|
|
cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(),
|
2013-05-28 16:02:12 +02:00
|
|
|
"urlencoded")
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
url, body, http_args = cons.get_access_token_request(_state)
|
2014-11-24 23:18:29 +01:00
|
|
|
url_obj = URLObject.create(url)
|
|
|
|
expected_url_obj = URLObject.create("http://localhost:8088/token")
|
|
|
|
assert url_obj == expected_url_obj
|
|
|
|
body_splits = body.split('&')
|
|
|
|
expected_body_splits = "code=auth_grant&client_secret=secret0&" \
|
|
|
|
"grant_type=authorization_code&client_id=number5&" \
|
|
|
|
"redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb".split('&')
|
|
|
|
assert set(body_splits) == set(expected_body_splits)
|
2013-05-28 16:02:12 +02:00
|
|
|
assert http_args == {'headers': {
|
2014-06-20 13:08:32 +02:00
|
|
|
'Content-type': 'application/x-www-form-urlencoded'}}
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
if __name__ == "__main__":
|
|
|
|
test_consumer_parse_access_token()
|