247 lines
8.1 KiB
Python
247 lines
8.1 KiB
Python
from mako.lookup import TemplateLookup
|
|
from oic.oauth2 import rndstr
|
|
from oic.utils.authn.authn_context import AuthnBroker
|
|
from oic.utils.authn.client import verify_client
|
|
from oic.utils.authn.user import UserAuthnMethod
|
|
from oic.utils.authz import Implicit
|
|
from oic.utils.http_util import Response
|
|
|
|
from oic.oauth2.message import AuthorizationRequest
|
|
from oic.oauth2.message import AccessTokenRequest
|
|
from oic.oauth2.message import AccessTokenResponse
|
|
from oic.oauth2.message import TokenErrorResponse
|
|
|
|
from oic.utils import sdb
|
|
from oic.oauth2.consumer import Consumer
|
|
from oic.oauth2.provider import Provider
|
|
|
|
from utils_for_tests import _eq
|
|
|
|
CLIENT_CONFIG = {
|
|
"client_id": "client1",
|
|
"ca_certs": "/usr/local/etc/oic/ca_certs.txt",
|
|
}
|
|
|
|
CONSUMER_CONFIG = {
|
|
"authz_page": "/authz",
|
|
"flow_type": "code",
|
|
#"password": args.passwd,
|
|
"scope": [],
|
|
"response_type": "code",
|
|
#"expire_in": 600,
|
|
}
|
|
|
|
SERVER_INFO = {
|
|
"version": "3.0",
|
|
"issuer": "https://connect-op.heroku.com",
|
|
"authorization_endpoint": "http://localhost:8088/authorization",
|
|
"token_endpoint": "http://localhost:8088/token",
|
|
#"userinfo_endpoint":"http://localhost:8088/user_info",
|
|
#"check_id_endpoint":"http://localhost:8088/id_token",
|
|
#"registration_endpoint":"https://connect-op.heroku.com/connect/client",
|
|
#"scopes_supported":["openid","profile","email","address","PPID"],
|
|
"flows_supported": ["code", "token", "code token"],
|
|
#"identifiers_supported":["public","ppid"],
|
|
#"x509_url":"https://connect-op.heroku.com/cert.pem"
|
|
}
|
|
|
|
CDB = {
|
|
"a1b2c3": {
|
|
"password": "hemligt",
|
|
"client_secret": "drickyoughurt"
|
|
},
|
|
"client1": {
|
|
"client_secret": "hemlighet",
|
|
"redirect_uris": [("http://localhost:8087/authz", None)]
|
|
}
|
|
}
|
|
|
|
PASSWD = {"user": "password"}
|
|
|
|
ROOT = '../oc3/'
|
|
tl = TemplateLookup(directories=[ROOT + 'templates', ROOT + 'htdocs'],
|
|
module_directory=ROOT + 'modules',
|
|
input_encoding='utf-8', output_encoding='utf-8')
|
|
|
|
|
|
class DummyAuthn(UserAuthnMethod):
|
|
def __init__(self, srv, user):
|
|
UserAuthnMethod.__init__(self, srv)
|
|
self.user = user
|
|
|
|
def authenticated_as(self, cookie=None, **kwargs):
|
|
return {"uid": self.user}
|
|
|
|
AUTHN_BROKER = AuthnBroker()
|
|
AUTHN_BROKER.add("UNDEFINED", DummyAuthn(None, "username"))
|
|
|
|
# dealing with authorization
|
|
AUTHZ = Implicit()
|
|
|
|
|
|
def content_type(headers):
|
|
for key, val in headers:
|
|
if key == "Content-type":
|
|
if val == "application/json":
|
|
return "json"
|
|
|
|
|
|
def test_provider_init():
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ, verify_client)
|
|
|
|
assert provider
|
|
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ, verify_client,
|
|
urlmap={"client1": ["https://example.com/authz"]})
|
|
|
|
assert provider.urlmap["client1"] == ["https://example.com/authz"]
|
|
|
|
|
|
def test_provider_authorization_endpoint():
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ, verify_client)
|
|
|
|
bib = {"scope": ["openid"],
|
|
"state": "id-6da9ca0cc23959f5f33e8becd9b08cae",
|
|
"redirect_uri": "http://localhost:8087authz",
|
|
"response_type": ["code"],
|
|
"client_id": "a1b2c3"}
|
|
|
|
arq = AuthorizationRequest(**bib)
|
|
|
|
QUERY_STRING = arq.to_urlencoded()
|
|
|
|
resp = provider.authorization_endpoint(request=QUERY_STRING)
|
|
|
|
assert isinstance(resp, Response)
|
|
|
|
|
|
def test_provider_authenticated():
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16))
|
|
_session_db = {}
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
cons.debug = True
|
|
|
|
sid, location = cons.begin("http://localhost:8087",
|
|
"http://localhost:8088/authorization")
|
|
|
|
query_string = location.split("?")[1]
|
|
|
|
resp = provider.authorization_endpoint(query_string)
|
|
assert resp.status == "302 Found"
|
|
print resp.headers
|
|
print resp.message
|
|
if content_type(resp.headers) == "json":
|
|
resp = resp.message
|
|
else:
|
|
resp = resp.message.split("?")[1]
|
|
aresp = cons.handle_authorization_response(query=resp)
|
|
|
|
print aresp.keys()
|
|
assert aresp.type() == "AuthorizationResponse"
|
|
assert _eq(aresp.keys(), ['state', 'code'])
|
|
|
|
print cons.grant[sid].keys()
|
|
assert _eq(cons.grant[sid].keys(), ['tokens', 'code', 'exp_in',
|
|
'seed', 'id_token',
|
|
'grant_expiration_time'])
|
|
|
|
|
|
def test_provider_authenticated_token():
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16))
|
|
_session_db = {}
|
|
cons = Consumer(_session_db, client_config=CLIENT_CONFIG,
|
|
server_info=SERVER_INFO, **CONSUMER_CONFIG)
|
|
cons.debug = True
|
|
|
|
sid, location = cons.begin("http://localhost:8087",
|
|
"http://localhost:8088/authorization",
|
|
"token")
|
|
|
|
QUERY_STRING = location.split("?")[1]
|
|
resp = provider.authorization_endpoint(QUERY_STRING)
|
|
print resp.headers
|
|
print resp.message
|
|
txt = resp.message
|
|
assert "access_token=" in txt
|
|
assert "token_type=Bearer" in txt
|
|
|
|
|
|
|
|
def test_token_endpoint():
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16))
|
|
|
|
authreq = AuthorizationRequest(state="state",
|
|
redirect_uri="http://example.com/authz",
|
|
client_id="client1")
|
|
|
|
_sdb = provider.sdb
|
|
sid = _sdb.token.key(user="sub", areq=authreq)
|
|
access_grant = _sdb.token(sid=sid)
|
|
_sdb[sid] = {
|
|
"oauth_state": "authz",
|
|
"sub": "sub",
|
|
"authzreq": "",
|
|
"client_id": "client1",
|
|
"code": access_grant,
|
|
"code_used": False,
|
|
"redirect_uri": "http://example.com/authz"
|
|
}
|
|
|
|
# Construct Access token request
|
|
areq = AccessTokenRequest(code=access_grant,
|
|
redirect_uri="http://example.com/authz",
|
|
client_id="client1", client_secret="hemlighet",)
|
|
|
|
print areq.to_dict()
|
|
resp = provider.token_endpoint(request=areq.to_urlencoded())
|
|
print resp.message
|
|
atr = AccessTokenResponse().deserialize(resp.message, "json")
|
|
|
|
print atr.keys()
|
|
assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type',
|
|
'refresh_token'])
|
|
|
|
|
|
def test_token_endpoint_unauth():
|
|
provider = Provider("pyoicserv", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
|
|
AUTHN_BROKER, AUTHZ,
|
|
verify_client, symkey=rndstr(16))
|
|
|
|
authreq = AuthorizationRequest(state="state",
|
|
redirect_uri="http://example.com/authz",
|
|
client_id="client1")
|
|
|
|
_sdb = provider.sdb
|
|
sid = _sdb.token.key(user="sub", areq=authreq)
|
|
access_grant = _sdb.token(sid=sid)
|
|
_sdb[sid] = {
|
|
"oauth_state": "authz",
|
|
"sub": "sub",
|
|
"authzreq": "",
|
|
"client_id": "client1",
|
|
"code": access_grant,
|
|
"code_used": False,
|
|
"redirect_uri": "http://example.com/authz"
|
|
}
|
|
|
|
# Construct Access token request
|
|
areq = AccessTokenRequest(code=access_grant,
|
|
redirect_uri="http://example.com/authz",
|
|
client_id="client2", client_secret="hemlighet",)
|
|
|
|
print areq.to_dict()
|
|
resp = provider.token_endpoint(request=areq.to_urlencoded())
|
|
print resp.message
|
|
atr = TokenErrorResponse().deserialize(resp.message, "json")
|
|
print atr.keys()
|
|
assert _eq(atr.keys(), ['error_description', 'error'])
|
|
|
|
if __name__ == "__main__":
|
|
test_provider_authenticated() |