__author__ = 'rohe0002' import urllib from pytest import raises from oic.oauth2 import rndstr from oic.oauth2.consumer import Consumer from oic.oauth2.consumer import stateID from oic.oauth2.consumer import factory from oic.utils.http_util import make_cookie from oic.oauth2.message import MissingRequiredAttribute from oic.oauth2.message import AuthorizationResponse from oic.oauth2.message import AuthorizationErrorResponse from oic.oauth2.message import AccessTokenResponse from oic.oauth2.message import TokenErrorResponse from oic.oauth2.consumer import AuthzError from utils_for_tests import URLObject #from oic.oauth2.message import # client_id=None, ca_certs=None,grant_expire_in=600, client_timeout=0, # jwt_keys=None CLIENT_CONFIG = { "client_id": "number5", "ca_certs": "/usr/local/etc/oic/ca_certs.txt", } CONSUMER_CONFIG = { "authz_page": "/authz", "flow_type": "code", #"password": args.passwd, "scope": ["openid"], "response_type": "code", #"expire_in": 600, } SERVER_INFO = { "version": "3.0", "issuer": "https://connect-op.heroku.com", "authorization_endpoint": "http://localhost:8088/authorization", "token_endpoint": "http://localhost:8088/token", #"userinfo_endpoint":"http://localhost:8088/user_info", #"check_id_endpoint":"http://localhost:8088/id_token", #"registration_endpoint":"https://connect-op.heroku.com/connect/client", #"scopes_supported":["openid","profile","email","address","PPID"], "flows_supported": ["code", "token", "code token"], #"identifiers_supported":["public","ppid"], #"x509_url":"https://connect-op.heroku.com/cert.pem" } BASE_ENVIRON = {'SERVER_PROTOCOL': 'HTTP/1.1', 'REQUEST_METHOD': 'GET', 'QUERY_STRING': '', 'HTTP_CONNECTION': 'keep-alive', 'REMOTE_ADDR': '127.0.0.1', 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8087', 'PATH_INFO': '/register', 'HTTP_HOST': 'localhost:8087', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_LANGUAGE': 'sv-se', 'CONTENT_TYPE': 'text/plain', 'REMOTE_HOST': '1.0.0.127.in-addr.arpa', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'COMMAND_MODE': 'unix2003'} def test_stateID(): seed = rndstr() sid0 = stateID("http://example.com/home", seed) sid1 = stateID("http://example.com/home", seed) assert sid0 assert sid1 assert sid0 != sid1 def test_init_consumer(): cons = Consumer({}, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) assert cons cons._backup("123456") assert "123456" in cons.sdb cons = Consumer({}, client_config=CLIENT_CONFIG, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None cons = Consumer({}, **CONSUMER_CONFIG) assert cons.authorization_endpoint is None def test_factory(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) sid = stateID("https://example.org/", cons.seed) _state = sid cons._backup(sid) cons.sdb["seed:%s" % cons.seed] = sid kaka = make_cookie(CLIENT_CONFIG["client_id"], _state, cons.seed, expire=360, path="/") _oac = factory(kaka[1], _session_db, CLIENT_CONFIG["client_id"], client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) assert _oac assert _oac.client_id == cons.client_id assert _oac.seed == cons.seed def test_consumer_begin(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") # state is dynamic params = {"scope": "openid", "state": sid, "redirect_uri": "http://localhost:8087/authz", "response_type": "code", "client_id": "number5"} url = "http://localhost:8088/authorization?%s" % urllib.urlencode(params) loc_obj = URLObject.create(loc) url_obj = URLObject.create(url) assert loc_obj == url_obj def test_consumer_handle_authorization_response(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) res = cons.handle_authorization_response(query=atr.to_urlencoded()) assert res.type() == "AuthorizationResponse" print cons.grant[sid] grant = cons.grant[sid] assert grant.code == "SplxlOBeZQQYbYS6WxSbIA" def test_consumer_parse_authz_exception(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationResponse(code="SplxlOBeZQQYbYS6WxSbIA", state=sid) adict = atr.to_dict() del adict["code"] QUERY_STRING = urllib.urlencode(adict) raises(MissingRequiredAttribute, "cons.handle_authorization_response(query=QUERY_STRING)") def test_consumer_parse_authz_error(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AuthorizationErrorResponse(error="access_denied", state=sid) QUERY_STRING = atr.to_urlencoded() raises(AuthzError, "cons.handle_authorization_response(query=QUERY_STRING)") def test_consumer_parse_access_token(): # implicit flow test _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True environ = BASE_ENVIRON cons.response_type = ["token"] sid, loc = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", state=sid) res = cons.handle_authorization_response(query=atr.to_urlencoded()) assert res.type() == "AccessTokenResponse" print cons.grant[sid] grant = cons.grant[sid] assert len(grant.tokens) == 1 token = grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA" def test_consumer_parse_authz_error_2(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.debug = True _ = cons.begin("http://localhost:8087", "http://localhost:8088/authorization") atr = TokenErrorResponse(error="invalid_client") QUERY_STRING = atr.to_urlencoded() raises(AuthzError, "cons.handle_authorization_response(query=QUERY_STRING)") def test_consumer_client_auth_info(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.client_secret = "secret0" ra, ha, extra = cons.client_auth_info() assert ra == {'client_secret': 'secret0', 'client_id': 'number5'} assert ha == {} assert extra == {'auth_method': 'bearer_body'} def test_consumer_client_get_access_token_reques(): _session_db = {} cons = Consumer(_session_db, client_config=CLIENT_CONFIG, server_info=SERVER_INFO, **CONSUMER_CONFIG) cons.client_secret = "secret0" _state = "state" cons.redirect_uris = ["https://www.example.com/oic/cb"] resp1 = AuthorizationResponse(code="auth_grant", state=_state) cons.parse_response(AuthorizationResponse, resp1.to_urlencoded(), "urlencoded") resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) cons.parse_response(AccessTokenResponse, resp2.to_urlencoded(), "urlencoded") url, body, http_args = cons.get_access_token_request(_state) url_obj = URLObject.create(url) expected_url_obj = URLObject.create("http://localhost:8088/token") assert url_obj == expected_url_obj body_splits = body.split('&') expected_body_splits = "code=auth_grant&client_secret=secret0&" \ "grant_type=authorization_code&client_id=number5&" \ "redirect_uri=https%3A%2F%2Fwww.example.com%2Foic%2Fcb".split('&') assert set(body_splits) == set(expected_body_splits) assert http_args == {'headers': { 'Content-type': 'application/x-www-form-urlencoded'}} if __name__ == "__main__": test_consumer_parse_access_token()