2014-10-17 11:12:39 +02:00
|
|
|
import os
|
|
|
|
|
import shutil
|
|
|
|
|
import tempfile
|
|
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
from oic.oic.message import AccessTokenResponse, AuthorizationResponse
|
2013-03-14 15:14:38 +01:00
|
|
|
from oic.utils.keyio import KeyBundle, keybundle_from_local_file
|
2012-11-02 16:21:38 +01:00
|
|
|
from oic.utils.keyio import KeyJar
|
2012-03-19 15:19:50 +01:00
|
|
|
|
2011-12-08 07:31:42 +01:00
|
|
|
__author__ = 'rohe0002'
|
|
|
|
|
|
|
|
|
|
from oic.oic import Server
|
2011-12-10 16:36:08 +01:00
|
|
|
from oic.oauth2 import rndstr
|
2011-12-08 07:31:42 +01:00
|
|
|
|
|
|
|
|
from oic.oic.consumer import Consumer
|
|
|
|
|
from oic.oic.consumer import IGNORE
|
2011-12-10 16:36:08 +01:00
|
|
|
from oic.oic.consumer import clean_response
|
|
|
|
|
|
2012-02-17 10:06:33 +01:00
|
|
|
from oic.utils.time_util import utc_time_sans_frac
|
2011-12-08 07:31:42 +01:00
|
|
|
from oic.utils.sdb import SessionDB
|
|
|
|
|
|
2012-03-19 15:50:57 +01:00
|
|
|
from fakeoicsrv import MyFakeOICServer
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2014-11-24 23:18:29 +01:00
|
|
|
from utils_for_tests import _eq
|
|
|
|
|
|
2012-02-19 20:14:03 +01:00
|
|
|
CLIENT_SECRET = "abcdefghijklmnop"
|
|
|
|
|
CLIENT_ID = "client_1"
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
KC_SYM_VS = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "ver"})
|
|
|
|
|
KC_SYM_S = KeyBundle({"kty": "oct", "key": "abcdefghijklmnop", "use": "sig"})
|
2012-05-15 14:29:18 +02:00
|
|
|
|
2014-11-12 10:40:53 +01:00
|
|
|
BASE_PATH = os.path.dirname(os.path.abspath(__file__))
|
2014-10-17 11:12:39 +02:00
|
|
|
|
|
|
|
|
KC_RSA = keybundle_from_local_file("%s/rsa.key" % BASE_PATH,
|
2014-05-13 19:48:40 +02:00
|
|
|
"rsa", ["ver", "sig"])
|
2012-02-19 20:14:03 +01:00
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
SRVKEYS = KeyJar()
|
|
|
|
|
SRVKEYS[""] = [KC_RSA]
|
2013-06-04 13:50:29 +02:00
|
|
|
SRVKEYS["client_1"] = [KC_SYM_VS, KC_RSA]
|
2012-11-02 16:21:38 +01:00
|
|
|
|
|
|
|
|
CLIKEYS = KeyJar()
|
|
|
|
|
CLIKEYS["http://localhost:8088"] = [KC_RSA]
|
2013-06-04 13:50:29 +02:00
|
|
|
CLIKEYS[""] = [KC_SYM_VS]
|
2012-11-02 16:21:38 +01:00
|
|
|
CLIKEYS["http://example.com"] = [KC_RSA]
|
2012-02-02 15:30:04 +01:00
|
|
|
|
2011-12-08 07:31:42 +01:00
|
|
|
BASE_ENVIRON = {'SERVER_PROTOCOL': 'HTTP/1.1',
|
2013-06-04 13:50:29 +02:00
|
|
|
'REQUEST_METHOD': 'GET',
|
|
|
|
|
'QUERY_STRING': '',
|
|
|
|
|
'HTTP_CONNECTION': 'keep-alive',
|
|
|
|
|
'REMOTE_ADDR': '127.0.0.1',
|
|
|
|
|
'wsgi.url_scheme': 'http',
|
|
|
|
|
'SERVER_PORT': '8087',
|
|
|
|
|
'PATH_INFO': '/register',
|
|
|
|
|
'HTTP_HOST': 'localhost:8087',
|
|
|
|
|
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
|
|
|
|
|
|
|
|
|
|
'HTTP_ACCEPT_LANGUAGE': 'sv-se',
|
|
|
|
|
'CONTENT_TYPE': 'text/plain',
|
|
|
|
|
'REMOTE_HOST': '1.0.0.127.in-addr.arpa',
|
|
|
|
|
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
|
|
|
|
|
'COMMAND_MODE': 'unix2003'}
|
|
|
|
|
|
|
|
|
|
SERVER_INFO = {
|
|
|
|
|
"version": "3.0",
|
|
|
|
|
"issuer": "https://localhost:8088",
|
|
|
|
|
"authorization_endpoint": "http://localhost:8088/authorization",
|
|
|
|
|
"token_endpoint": "http://localhost:8088/token",
|
|
|
|
|
"userinfo_endpoint": "http://localhost:8088/userinfo",
|
|
|
|
|
"flows_supported": ["code", "token"],
|
2011-12-08 07:31:42 +01:00
|
|
|
}
|
|
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
CONFIG = {
|
|
|
|
|
"authz_page": "authz",
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
"response_type": "code",
|
|
|
|
|
"request_method": "parameter",
|
|
|
|
|
#"temp_dir": "./tmp",
|
|
|
|
|
#"flow_type":
|
2013-06-04 13:50:29 +02:00
|
|
|
"password": "hemligt",
|
2012-02-25 14:10:54 +01:00
|
|
|
"max_age": 3600,
|
2011-12-10 16:36:08 +01:00
|
|
|
#client_secret
|
2013-06-04 13:50:29 +02:00
|
|
|
"user_info": {
|
|
|
|
|
"name": None,
|
2012-02-25 14:10:54 +01:00
|
|
|
}
|
2011-12-10 16:36:08 +01:00
|
|
|
}
|
2012-01-10 09:56:00 +01:00
|
|
|
|
2013-09-23 12:08:42 +02:00
|
|
|
CLIENT_CONFIG = {"client_id": CLIENT_ID}
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-08 07:31:42 +01:00
|
|
|
def start_response(status=200, headers=None):
|
|
|
|
|
if headers is None:
|
|
|
|
|
return "status=%s, headers={}" % (status, )
|
|
|
|
|
else:
|
|
|
|
|
return "status=%s, headers=%s" % (status, headers)
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_clean_response():
|
2012-05-15 14:29:18 +02:00
|
|
|
atr = AccessTokenResponse(access_token="access_token",
|
2013-06-04 13:50:29 +02:00
|
|
|
token_type="bearer", expires_in=600,
|
|
|
|
|
refresh_token="refresh", steps=39, stalls="yes")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
catr = clean_response(atr)
|
|
|
|
|
atr_keys = atr.keys()
|
|
|
|
|
catr_keys = catr.keys()
|
|
|
|
|
assert _eq(atr_keys, ['token_type', 'access_token', 'expires_in',
|
|
|
|
|
'refresh_token', 'steps', 'stalls'])
|
|
|
|
|
assert _eq(catr_keys, ['token_type', 'access_token', 'expires_in',
|
2013-06-04 13:50:29 +02:00
|
|
|
'refresh_token'])
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
AUTHZ_URL = "http://example.com/authorization"
|
|
|
|
|
AUTHZ_ORG_URL = "http://example.org/authorization"
|
2011-12-08 07:31:42 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
|
|
|
|
class TestOICConsumer():
|
2011-12-08 07:31:42 +01:00
|
|
|
def setup_class(self):
|
2014-11-24 10:48:53 +01:00
|
|
|
self.consumer = Consumer(SessionDB(SERVER_INFO["issuer"]),
|
|
|
|
|
CONFIG, CLIENT_CONFIG, SERVER_INFO)
|
2012-02-19 20:14:03 +01:00
|
|
|
self.consumer.client_secret = CLIENT_SECRET
|
2011-12-08 07:31:42 +01:00
|
|
|
|
|
|
|
|
def test_init(self):
|
|
|
|
|
assert self.consumer
|
|
|
|
|
|
|
|
|
|
def test_backup_keys(self):
|
|
|
|
|
keys = self.consumer.__dict__.keys()
|
|
|
|
|
print keys
|
|
|
|
|
_dict = self.consumer.dictionary()
|
|
|
|
|
print _dict.keys()
|
|
|
|
|
dkeys = [key for key in keys if key not in _dict.keys()]
|
|
|
|
|
print dkeys
|
|
|
|
|
assert _eq(dkeys, IGNORE)
|
|
|
|
|
|
|
|
|
|
def test_backup_restore(self):
|
|
|
|
|
_dict = self.consumer.__dict__.items()
|
|
|
|
|
|
|
|
|
|
self.consumer._backup("sid")
|
|
|
|
|
self.consumer.restore("sid")
|
|
|
|
|
|
|
|
|
|
assert _dict == self.consumer.__dict__.items()
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
self.consumer.authorization_endpoint = AUTHZ_URL
|
2011-12-08 07:31:42 +01:00
|
|
|
|
|
|
|
|
assert _dict != self.consumer.__dict__.items()
|
|
|
|
|
|
|
|
|
|
self.consumer.restore("sid")
|
|
|
|
|
|
|
|
|
|
assert _dict == self.consumer.__dict__.items()
|
|
|
|
|
|
|
|
|
|
def test_backup_restore_update(self):
|
2013-06-04 13:50:29 +02:00
|
|
|
self.consumer.authorization_endpoint = AUTHZ_URL
|
2011-12-08 07:31:42 +01:00
|
|
|
self.consumer.token_endpoint = "http://example.com/token"
|
2012-01-16 15:37:05 +01:00
|
|
|
self.consumer.userinfo_endpoint = "http://example.com/userinfo"
|
2011-12-08 07:31:42 +01:00
|
|
|
|
|
|
|
|
self.consumer._backup("sid")
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
self.consumer.authorization_endpoint = AUTHZ_ORG_URL
|
2011-12-08 07:31:42 +01:00
|
|
|
self.consumer.token_endpoint = "http://example.org/token"
|
2012-01-16 15:37:05 +01:00
|
|
|
self.consumer.userinfo_endpoint = ""
|
2011-12-08 07:31:42 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
assert self.consumer.authorization_endpoint == AUTHZ_ORG_URL
|
2011-12-08 07:31:42 +01:00
|
|
|
assert self.consumer.token_endpoint == "http://example.org/token"
|
2012-01-16 15:37:05 +01:00
|
|
|
assert self.consumer.userinfo_endpoint == ""
|
2011-12-08 07:31:42 +01:00
|
|
|
|
|
|
|
|
self.consumer.update("sid")
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
assert self.consumer.authorization_endpoint == AUTHZ_ORG_URL
|
2011-12-08 07:31:42 +01:00
|
|
|
assert self.consumer.token_endpoint == "http://example.org/token"
|
2012-01-16 15:37:05 +01:00
|
|
|
assert self.consumer.userinfo_endpoint == "http://example.com/userinfo"
|
2011-12-08 07:31:42 +01:00
|
|
|
|
|
|
|
|
def test_begin(self):
|
2013-06-04 13:50:29 +02:00
|
|
|
self.consumer.authorization_endpoint = AUTHZ_URL
|
2012-11-02 16:21:38 +01:00
|
|
|
self.consumer.keyjar[""].append(KC_RSA)
|
|
|
|
|
#self.consumer.keyjar.set_sign_key(rsapub, "rsa")
|
|
|
|
|
#self.consumer.keyjar.set_verify_key(rsapub, "rsa")
|
2012-05-29 16:19:43 +02:00
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
srv = Server()
|
|
|
|
|
srv.keyjar = SRVKEYS
|
2013-06-04 13:50:29 +02:00
|
|
|
print "redirect_uris", self.consumer.redirect_uris
|
2012-03-19 15:19:50 +01:00
|
|
|
print "config", self.consumer.config
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, location = self.consumer.begin("openid", "code")
|
2011-12-08 07:31:42 +01:00
|
|
|
print location
|
2012-10-01 20:50:40 +02:00
|
|
|
authreq = srv.parse_authorization_request(url=location)
|
2011-12-08 07:31:42 +01:00
|
|
|
print authreq.keys()
|
2013-05-28 16:02:12 +02:00
|
|
|
assert _eq(authreq.keys(), ['request', 'state', 'max_age', 'claims',
|
|
|
|
|
'response_type', 'client_id', 'scope',
|
|
|
|
|
'redirect_uri'])
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
assert authreq["state"] == sid
|
2012-03-19 15:19:50 +01:00
|
|
|
assert authreq["scope"] == self.consumer.config["scope"]
|
|
|
|
|
assert authreq["client_id"] == self.consumer.client_id
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
def test_begin_file(self):
|
2014-10-17 11:12:39 +02:00
|
|
|
tempdir = tempfile.mkdtemp()
|
2011-12-10 16:36:08 +01:00
|
|
|
self.consumer.config["request_method"] = "file"
|
2014-10-17 11:12:39 +02:00
|
|
|
self.consumer.config["temp_dir"] = tempdir
|
|
|
|
|
self.consumer.config["temp_path"] = tempdir
|
2013-03-16 04:05:55 +01:00
|
|
|
self.consumer.config["authz_page"] = "/authz"
|
2012-11-02 16:21:38 +01:00
|
|
|
srv = Server()
|
|
|
|
|
srv.keyjar = SRVKEYS
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
sid, location = self.consumer.begin("openid", "code",
|
2013-03-16 04:05:55 +01:00
|
|
|
path="http://localhost:8087")
|
2011-12-10 16:36:08 +01:00
|
|
|
print location
|
2012-11-02 16:21:38 +01:00
|
|
|
#vkeys = {".":srv.keyjar.get_verify_key()}
|
|
|
|
|
authreq = srv.parse_authorization_request(url=location)
|
2011-12-10 16:36:08 +01:00
|
|
|
print authreq.keys()
|
2013-05-28 16:02:12 +02:00
|
|
|
assert _eq(authreq.keys(), ['max_age', 'state', 'redirect_uri',
|
2012-03-19 15:19:50 +01:00
|
|
|
'response_type', 'client_id', 'scope',
|
2013-05-28 16:02:12 +02:00
|
|
|
'claims', 'request_uri'])
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
assert authreq["state"] == sid
|
2012-03-19 15:19:50 +01:00
|
|
|
assert authreq["scope"] == self.consumer.config["scope"]
|
|
|
|
|
assert authreq["client_id"] == self.consumer.client_id
|
|
|
|
|
assert authreq["redirect_uri"].startswith("http://localhost:8087/authz")
|
2014-10-17 11:12:39 +02:00
|
|
|
# Cleanup the file we have created
|
|
|
|
|
shutil.rmtree(tempdir)
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
def test_complete(self):
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
|
|
|
|
|
2012-03-24 19:26:03 +01:00
|
|
|
self.consumer.http_request = mfos.http_request
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state0"
|
2011-12-10 16:36:08 +01:00
|
|
|
self.consumer.nonce = rndstr()
|
2012-02-17 10:06:33 +01:00
|
|
|
self.consumer.redirect_uris = ["https://example.com/cb"]
|
2011-12-10 16:36:08 +01:00
|
|
|
args = {
|
|
|
|
|
"client_id": self.consumer.client_id,
|
|
|
|
|
"response_type": "code",
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = self.consumer.do_authorization_request(
|
2014-10-01 11:37:06 +02:00
|
|
|
state=_state, request_args=args)
|
2012-03-24 19:26:03 +01:00
|
|
|
assert result.status_code == 302
|
2012-02-17 10:06:33 +01:00
|
|
|
print "redirect_uris", self.consumer.redirect_uris
|
2012-03-24 19:26:03 +01:00
|
|
|
print result.headers["location"]
|
2012-02-17 10:06:33 +01:00
|
|
|
|
2013-03-16 04:05:55 +01:00
|
|
|
assert result.headers["location"].startswith(
|
|
|
|
|
self.consumer.redirect_uris[0])
|
2012-03-24 19:26:03 +01:00
|
|
|
_, query = result.headers["location"].split("?")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
#vkeys = {".": self.consumer.keyjar.get_verify_key()}
|
2012-07-07 22:14:08 +02:00
|
|
|
|
|
|
|
|
self.consumer.parse_response(AuthorizationResponse, info=query,
|
2013-02-22 09:50:04 +01:00
|
|
|
sformat="urlencoded")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
resp = self.consumer.complete(_state)
|
2011-12-10 16:36:08 +01:00
|
|
|
print resp
|
2012-03-19 15:19:50 +01:00
|
|
|
assert resp.type() == "AccessTokenResponse"
|
2011-12-10 16:36:08 +01:00
|
|
|
print resp.keys()
|
|
|
|
|
assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
|
|
|
|
|
'scope', 'expires_in', 'refresh_token'])
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
assert resp["state"] == _state
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
def test_parse_authz(self):
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
|
|
|
|
|
2012-03-24 19:26:03 +01:00
|
|
|
self.consumer.http_request = mfos.http_request
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state0"
|
2011-12-10 16:36:08 +01:00
|
|
|
self.consumer.nonce = rndstr()
|
|
|
|
|
args = {
|
|
|
|
|
"client_id": self.consumer.client_id,
|
|
|
|
|
"response_type": "code",
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = self.consumer.do_authorization_request(
|
2014-10-01 11:37:06 +02:00
|
|
|
state=_state, request_args=args)
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2012-02-17 10:06:33 +01:00
|
|
|
print self.consumer.sdb.keys()
|
|
|
|
|
print self.consumer.sdb["state0"].keys()
|
2013-03-16 04:05:55 +01:00
|
|
|
part = self.consumer.parse_authz(query=result.headers["location"])
|
2011-12-10 16:36:08 +01:00
|
|
|
print part
|
|
|
|
|
atr = part[0]
|
|
|
|
|
assert part[1] is None
|
|
|
|
|
assert part[2] is None
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
assert atr.type() == "AuthorizationResponse"
|
2014-10-01 11:37:06 +02:00
|
|
|
assert atr["state"] == _state
|
2011-12-10 16:36:08 +01:00
|
|
|
assert "code" in atr
|
|
|
|
|
|
|
|
|
|
def test_parse_authz_implicit(self):
|
|
|
|
|
self.consumer.config["response_type"] = "implicit"
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "statxxx"
|
2011-12-10 16:36:08 +01:00
|
|
|
args = {
|
|
|
|
|
"client_id": self.consumer.client_id,
|
|
|
|
|
"response_type": "implicit",
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = self.consumer.do_authorization_request(
|
2014-10-01 11:37:06 +02:00
|
|
|
state=_state, request_args=args)
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-03-16 04:05:55 +01:00
|
|
|
part = self.consumer.parse_authz(query=result.headers["location"])
|
2011-12-10 16:36:08 +01:00
|
|
|
print part
|
|
|
|
|
assert part[0] is None
|
|
|
|
|
atr = part[1]
|
|
|
|
|
assert part[2] is None
|
|
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert atr.type() == "AccessTokenResponse"
|
2014-10-01 11:37:06 +02:00
|
|
|
assert atr["state"] == _state
|
2011-12-10 16:36:08 +01:00
|
|
|
assert "access_token" in atr
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_complete_secret_auth():
|
2014-11-24 10:48:53 +01:00
|
|
|
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
|
|
|
|
|
CLIENT_CONFIG, SERVER_INFO)
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-03-24 19:26:03 +01:00
|
|
|
consumer.http_request = mfos.http_request
|
2012-02-17 10:06:33 +01:00
|
|
|
consumer.redirect_uris = ["http://example.com/authz"]
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state0"
|
2011-12-10 16:36:08 +01:00
|
|
|
consumer.nonce = rndstr()
|
|
|
|
|
consumer.client_secret = "hemlig"
|
|
|
|
|
consumer.secret_type = "basic"
|
|
|
|
|
del consumer.config["password"]
|
|
|
|
|
|
|
|
|
|
args = {
|
|
|
|
|
"client_id": consumer.client_id,
|
|
|
|
|
"response_type": "code",
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
result = consumer.do_authorization_request(state=_state,
|
2011-12-10 16:36:08 +01:00
|
|
|
request_args=args)
|
2012-03-24 19:26:03 +01:00
|
|
|
assert result.status_code == 302
|
|
|
|
|
assert result.headers["location"].startswith(consumer.redirect_uris[0])
|
|
|
|
|
_, query = result.headers["location"].split("?")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
consumer.parse_response(AuthorizationResponse, info=query,
|
2013-02-22 09:50:04 +01:00
|
|
|
sformat="urlencoded")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
resp = consumer.complete(_state)
|
2011-12-10 16:36:08 +01:00
|
|
|
print resp
|
2012-03-19 15:19:50 +01:00
|
|
|
assert resp.type() == "AccessTokenResponse"
|
2011-12-10 16:36:08 +01:00
|
|
|
print resp.keys()
|
|
|
|
|
assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
|
|
|
|
|
'scope', 'expires_in', 'refresh_token'])
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
assert resp["state"] == _state
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_complete_auth_token():
|
2014-11-24 10:48:53 +01:00
|
|
|
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
|
|
|
|
|
CLIENT_CONFIG, SERVER_INFO)
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-03-24 19:26:03 +01:00
|
|
|
consumer.http_request = mfos.http_request
|
2012-03-19 15:19:50 +01:00
|
|
|
consumer.redirect_uris = ["http://example.com/authz"]
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state0"
|
2011-12-10 16:36:08 +01:00
|
|
|
consumer.nonce = rndstr()
|
|
|
|
|
consumer.client_secret = "hemlig"
|
|
|
|
|
consumer.secret_type = "basic"
|
|
|
|
|
consumer.config["response_type"] = ["code", "token"]
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
args = {
|
|
|
|
|
"client_id": consumer.client_id,
|
|
|
|
|
"response_type": consumer.config["response_type"],
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
result = consumer.do_authorization_request(state=_state,
|
2011-12-10 16:36:08 +01:00
|
|
|
request_args=args)
|
|
|
|
|
consumer._backup("state0")
|
|
|
|
|
|
2012-03-24 19:26:03 +01:00
|
|
|
assert result.status_code == 302
|
2012-02-17 10:06:33 +01:00
|
|
|
#assert result.location.startswith(consumer.redirect_uri[0])
|
2012-03-24 19:26:03 +01:00
|
|
|
_, query = result.headers["location"].split("?")
|
2011-12-10 16:36:08 +01:00
|
|
|
print query
|
2013-03-16 04:05:55 +01:00
|
|
|
part = consumer.parse_authz(query=query)
|
2011-12-10 16:36:08 +01:00
|
|
|
print part
|
|
|
|
|
auth = part[0]
|
|
|
|
|
acc = part[1]
|
|
|
|
|
assert part[2] is None
|
|
|
|
|
|
|
|
|
|
#print auth.dictionary()
|
|
|
|
|
#print acc.dictionary()
|
2012-03-19 15:19:50 +01:00
|
|
|
assert auth.type() == "AuthorizationResponse"
|
|
|
|
|
assert acc.type() == "AccessTokenResponse"
|
2011-12-10 16:36:08 +01:00
|
|
|
print auth.keys()
|
2014-06-20 13:08:32 +02:00
|
|
|
assert _eq(auth.keys(), ['code', 'access_token', 'expires_in',
|
2011-12-10 16:36:08 +01:00
|
|
|
'token_type', 'state', 'scope', 'refresh_token'])
|
|
|
|
|
assert _eq(acc.keys(), ['token_type', 'state', 'access_token', 'scope',
|
|
|
|
|
'expires_in', 'refresh_token'])
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
def test_complete_auth_token_idtoken():
|
2014-11-24 10:48:53 +01:00
|
|
|
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
|
|
|
|
|
CLIENT_CONFIG, SERVER_INFO)
|
2012-11-02 16:21:38 +01:00
|
|
|
consumer.keyjar = CLIKEYS
|
|
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-05-15 14:29:18 +02:00
|
|
|
consumer.http_request = mfos.http_request
|
|
|
|
|
consumer.redirect_uris = ["http://example.com/authz"]
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state0"
|
2012-05-15 14:29:18 +02:00
|
|
|
consumer.nonce = rndstr()
|
|
|
|
|
consumer.client_secret = "hemlig"
|
|
|
|
|
consumer.secret_type = "basic"
|
|
|
|
|
consumer.config["response_type"] = ["id_token", "token"]
|
|
|
|
|
|
|
|
|
|
args = {
|
|
|
|
|
"client_id": consumer.client_id,
|
|
|
|
|
"response_type": consumer.config["response_type"],
|
|
|
|
|
"scope": ["openid"],
|
2013-06-04 13:50:29 +02:00
|
|
|
}
|
2012-05-15 14:29:18 +02:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
result = consumer.do_authorization_request(state=_state,
|
2012-05-15 14:29:18 +02:00
|
|
|
request_args=args)
|
|
|
|
|
consumer._backup("state0")
|
|
|
|
|
|
|
|
|
|
assert result.status_code == 302
|
|
|
|
|
#assert result.location.startswith(consumer.redirect_uri[0])
|
|
|
|
|
_, query = result.headers["location"].split("?")
|
|
|
|
|
print query
|
2013-03-16 04:05:55 +01:00
|
|
|
part = consumer.parse_authz(query=query)
|
2012-05-15 14:29:18 +02:00
|
|
|
print part
|
|
|
|
|
auth = part[0]
|
|
|
|
|
acc = part[1]
|
|
|
|
|
assert part[2] is None
|
|
|
|
|
|
|
|
|
|
#print auth.dictionary()
|
|
|
|
|
#print acc.dictionary()
|
|
|
|
|
assert auth is None
|
|
|
|
|
assert acc.type() == "AccessTokenResponse"
|
|
|
|
|
assert _eq(acc.keys(), ['access_token', 'id_token', 'expires_in',
|
|
|
|
|
'token_type', 'state', 'scope'])
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_userinfo():
|
2014-11-24 10:48:53 +01:00
|
|
|
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
|
|
|
|
|
CLIENT_CONFIG, SERVER_INFO)
|
2012-11-02 16:21:38 +01:00
|
|
|
consumer.keyjar = CLIKEYS
|
|
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-03-24 19:26:03 +01:00
|
|
|
consumer.http_request = mfos.http_request
|
2012-02-17 10:06:33 +01:00
|
|
|
consumer.redirect_uris = ["http://example.com/authz"]
|
2014-10-01 11:37:06 +02:00
|
|
|
_state = "state0"
|
2011-12-10 16:36:08 +01:00
|
|
|
consumer.nonce = rndstr()
|
|
|
|
|
consumer.secret_type = "basic"
|
2012-11-02 16:21:38 +01:00
|
|
|
consumer.set_client_secret("hemligt")
|
|
|
|
|
consumer.keyjar = CLIKEYS
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
args = {
|
|
|
|
|
"client_id": consumer.client_id,
|
|
|
|
|
"response_type": "code",
|
|
|
|
|
"scope": ["openid"],
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
result = consumer.do_authorization_request(state=_state,
|
2011-12-10 16:36:08 +01:00
|
|
|
request_args=args)
|
2012-03-24 19:26:03 +01:00
|
|
|
assert result.status_code == 302
|
|
|
|
|
assert result.headers["location"].startswith(consumer.redirect_uris[0])
|
|
|
|
|
_, query = result.headers["location"].split("?")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2012-05-15 14:29:18 +02:00
|
|
|
consumer.parse_response(AuthorizationResponse, info=query,
|
2013-02-22 09:50:04 +01:00
|
|
|
sformat="urlencoded")
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
consumer.complete(_state)
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2014-10-01 11:37:06 +02:00
|
|
|
result = consumer.get_user_info(_state)
|
2011-12-10 16:36:08 +01:00
|
|
|
print result
|
2012-03-19 15:19:50 +01:00
|
|
|
assert result.type() == "OpenIDSchema"
|
2013-02-03 10:57:46 +01:00
|
|
|
assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def real_test_discover():
|
|
|
|
|
c = Consumer(None, None)
|
|
|
|
|
|
|
|
|
|
principal = "nav@connect-op.heroku.com"
|
|
|
|
|
|
|
|
|
|
res = c.discover(principal)
|
|
|
|
|
print res
|
2012-03-19 15:19:50 +01:00
|
|
|
assert res.type() == "ProviderConfigurationResponse"
|
2011-12-10 16:36:08 +01:00
|
|
|
print res.keys()
|
|
|
|
|
assert _eq(res.keys(), ['registration_endpoint', 'scopes_supported',
|
|
|
|
|
'identifiers_supported', 'token_endpoint',
|
2012-01-16 15:37:05 +01:00
|
|
|
'flows_supported', 'version', 'userinfo_endpoint',
|
2011-12-10 16:36:08 +01:00
|
|
|
'authorization_endpoint', 'x509_url', 'issuer'])
|
|
|
|
|
assert res.version == "3.0"
|
|
|
|
|
print res.flows_supported
|
|
|
|
|
assert _eq(res.flows_supported, ['code', 'token', 'id_token',
|
|
|
|
|
'code token', 'code id_token',
|
|
|
|
|
'id_token token'])
|
|
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_discover():
|
|
|
|
|
c = Consumer(None, None)
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://localhost:8088")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-03-24 19:26:03 +01:00
|
|
|
c.http_request = mfos.http_request
|
|
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
principal = "foo@example.com"
|
|
|
|
|
|
|
|
|
|
res = c.discover(principal)
|
2013-02-03 10:57:46 +01:00
|
|
|
assert res == "http://localhost:8088/"
|
|
|
|
|
|
|
|
|
|
#def test_discover_redirect():
|
|
|
|
|
# c = Consumer(None, None)
|
|
|
|
|
# mfos = MyFakeOICServer(name="http://example.com/")
|
|
|
|
|
# c.http_request = mfos.http_request
|
|
|
|
|
#
|
|
|
|
|
# principal = "bar@example.org"
|
|
|
|
|
#
|
|
|
|
|
# res = c.discover(principal)
|
|
|
|
|
# assert res == "http://example.net/providerconf"
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_provider_config():
|
|
|
|
|
c = Consumer(None, None)
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://example.com")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-03-24 19:26:03 +01:00
|
|
|
c.http_request = mfos.http_request
|
2011-12-10 16:36:08 +01:00
|
|
|
|
|
|
|
|
principal = "foo@example.com"
|
|
|
|
|
|
|
|
|
|
res = c.discover(principal)
|
|
|
|
|
info = c.provider_config(res)
|
2012-03-19 15:19:50 +01:00
|
|
|
assert info.type() == "ProviderConfigurationResponse"
|
2011-12-10 16:36:08 +01:00
|
|
|
print info.keys()
|
2013-03-16 04:05:55 +01:00
|
|
|
assert _eq(info.keys(), ['registration_endpoint', 'jwks_uri',
|
|
|
|
|
'check_session_endpoint',
|
|
|
|
|
'refresh_session_endpoint', 'register_endpoint',
|
2013-02-03 10:57:46 +01:00
|
|
|
'subject_types_supported',
|
|
|
|
|
'token_endpoint_auth_methods_supported',
|
|
|
|
|
'id_token_signing_alg_values_supported',
|
2013-03-16 04:05:55 +01:00
|
|
|
'grant_types_supported', 'user_info_endpoint',
|
|
|
|
|
'claims_parameter_supported',
|
|
|
|
|
'request_parameter_supported',
|
|
|
|
|
'discovery_endpoint', 'issuer',
|
|
|
|
|
'authorization_endpoint', 'scopes_supported',
|
|
|
|
|
'require_request_uri_registration',
|
|
|
|
|
'identifiers_supported', 'token_endpoint',
|
|
|
|
|
'request_uri_parameter_supported', 'version',
|
|
|
|
|
'response_types_supported',
|
|
|
|
|
'end_session_endpoint', 'flows_supported'])
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2012-03-19 15:19:50 +01:00
|
|
|
assert info["end_session_endpoint"] == "http://example.com/end_session"
|
2011-12-10 16:36:08 +01:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2011-12-10 16:36:08 +01:00
|
|
|
def test_client_register():
|
|
|
|
|
c = Consumer(None, None)
|
|
|
|
|
|
|
|
|
|
c.application_type = "web"
|
|
|
|
|
c.application_name = "My super service"
|
2012-02-17 10:06:33 +01:00
|
|
|
c.redirect_uris = ["http://example.com/authz"]
|
2011-12-10 16:36:08 +01:00
|
|
|
c.contact = ["foo@example.com"]
|
|
|
|
|
|
2012-11-02 16:21:38 +01:00
|
|
|
mfos = MyFakeOICServer("http://example.com")
|
|
|
|
|
mfos.keyjar = SRVKEYS
|
2012-03-24 19:26:03 +01:00
|
|
|
c.http_request = mfos.http_request
|
2011-12-10 16:36:08 +01:00
|
|
|
location = c.discover("foo@example.com")
|
|
|
|
|
info = c.provider_config(location)
|
|
|
|
|
|
|
|
|
|
c.register(info["registration_endpoint"])
|
|
|
|
|
assert c.client_id is not None
|
|
|
|
|
assert c.client_secret is not None
|
2012-02-25 14:10:54 +01:00
|
|
|
assert c.registration_expires > utc_time_sans_frac()
|
2013-05-28 16:02:12 +02:00
|
|
|
|
2013-06-04 13:50:29 +02:00
|
|
|
|
2013-05-28 16:02:12 +02:00
|
|
|
if __name__ == "__main__":
|
2014-10-01 11:37:06 +02:00
|
|
|
t = TestOICConsumer()
|
|
|
|
|
t.setup_class()
|
|
|
|
|
t.test_complete()
|
2014-10-15 10:24:35 +02:00
|
|
|
#test_provider_config()
|
