django-oidc-provider/oidc_provider/tests/app/utils.py

import random
import string
try:
    from urlparse import parse_qs, urlsplit
except ImportError:
    from urllib.parse import parse_qs, urlsplit

from django.utils import timezone
from django.contrib.auth.models import User

from oidc_provider.models import (
    Client,
    Code,
    Token)


FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'
FAKE_RANDOM_STRING = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(32))
FAKE_CODE_CHALLENGE = 'YlYXEqXuRm-Xgi2BOUiK50JW1KsGTX6F1TDnZSC8VTg'
FAKE_CODE_VERIFIER = 'SmxGa0XueyNh5bDgTcSrqzAh2_FmXEqU8kDT6CuXicw'


def create_fake_user():
    """
    Create a test user.

    Return a User object.
    """
    user = User()
    user.username = 'johndoe'
    user.email = 'johndoe@example.com'
    user.first_name = 'John'
    user.last_name = 'Doe'
    user.set_password('1234')

    user.save()

    return user


def create_fake_client(response_type, is_public=False, require_consent=True):
    """
    Create a test client, response_type argument MUST be:
    'code', 'id_token' or 'id_token token'.

    Return a Client object.
    """
    client = Client()
    client.name = 'Some Client'
    client.client_id = str(random.randint(1, 999999)).zfill(6)
    if is_public:
        client.client_type = 'public'
        client.client_secret = ''
    else:
        client.client_secret = str(random.randint(1, 999999)).zfill(6)
    client.response_type = response_type
    client.redirect_uris = ['http://example.com/']
    client.require_consent = require_consent

    client.save()

    return client


def create_fake_token(user, scopes, client):
    expires_at = timezone.now() + timezone.timedelta(seconds=60)
    token = Token(user=user, client=client, expires_at=expires_at)
    token.scope = scopes

    token.save()

    return token


def is_code_valid(url, user, client):
    """
    Check if the code inside the url is valid. Supporting both query string and fragment.
    """
    try:
        parsed = urlsplit(url)
        params = parse_qs(parsed.query or parsed.fragment)
        code = params['code'][0]
        code = Code.objects.get(code=code)
        is_code_ok = (code.client == client) and (code.user == user)
    except:
        is_code_ok = False

    return is_code_ok


def userinfo(claims, user):
    """
    Fake function for setting OIDC_USERINFO.
    """
    claims['given_name'] = 'John'
    claims['family_name'] = 'Doe'
    claims['name'] = '{0} {1}'.format(claims['given_name'], claims['family_name'])
    claims['email'] = user.email
    claims['address']['country'] = 'Argentina'
    return claims


def fake_sub_generator(user):
    """
    Fake function for setting OIDC_IDTOKEN_SUB_GENERATOR.
    """
    return user.email


def fake_idtoken_processing_hook(id_token, user):
    """
    Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK.
    """
    id_token['test_idtoken_processing_hook'] = FAKE_RANDOM_STRING
    id_token['test_idtoken_processing_hook_user_email'] = user.email
    return id_token


def fake_idtoken_processing_hook2(id_token, user):
    """
    Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
    """
    id_token['test_idtoken_processing_hook2'] = FAKE_RANDOM_STRING
    id_token['test_idtoken_processing_hook_user_email2'] = user.email
    return id_token
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00			`import random`
			`import string`
Add support for redirect_uris with query params Some clients might add extra parameters to the redirect_uri, for instance as extra verification if proper state parameter handling is not supported. This patch adds proper handling of redirect_uris with query parameters. 2015-07-10 10:22:25 +00:00			`try:`
			`from urlparse import parse_qs, urlsplit`
			`except ImportError:`
			`from urllib.parse import parse_qs, urlsplit`
Implementation of RSA Keys using Models. Also providing DOC. 2016-01-25 20:52:24 +00:00
Make Client available when using OIDC_EXTRA_SCOPE_CLAIMS Now it's passed the Token to the ScopeClaims constructor so that it can make Client avaialble to implementors 2016-10-12 19:23:57 +00:00			`from django.utils import timezone`
Implementation of RSA Keys using Models. Also providing DOC. 2016-01-25 20:52:24 +00:00			`from django.contrib.auth.models import User`

Fix global imports Global imports ("from X import *") are discouraged in Python. 2016-08-11 22:05:13 +00:00			`from oidc_provider.models import (`
			`Client,`
			`Code,`
Make Client available when using OIDC_EXTRA_SCOPE_CLAIMS Now it's passed the Token to the ScopeClaims constructor so that it can make Client avaialble to implementors 2016-10-12 19:23:57 +00:00			`Token)`
Add some tests. 2015-02-11 18:37:51 +00:00

Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00			`FAKE_NONCE = 'cb584e44c43ed6bd0bc2d9c7e242837d'`
			`FAKE_RANDOM_STRING = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(32))`
Remplace AES encryption with database. For saving PKCE parameters. 2016-04-07 19:18:47 +00:00			`FAKE_CODE_CHALLENGE = 'YlYXEqXuRm-Xgi2BOUiK50JW1KsGTX6F1TDnZSC8VTg'`
			`FAKE_CODE_VERIFIER = 'SmxGa0XueyNh5bDgTcSrqzAh2_FmXEqU8kDT6CuXicw'`
Fix tests for using nonce parameter. 2015-07-16 18:04:33 +00:00
Add tests for userinfo claims. 2015-08-11 18:59:57 +00:00
Add some tests. 2015-02-11 18:37:51 +00:00			`def create_fake_user():`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`"""`
			`Create a test user.`
Add some tests. 2015-02-11 18:37:51 +00:00
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`Return a User object.`
			`"""`
			`user = User()`
			`user.username = 'johndoe'`
			`user.email = 'johndoe@example.com'`
Fix scope handling of token endpoint (#193) The token endpoint handled the scope parameter incorrectly for all of the three handled grant types: 1. For "authorization_code" grant type the scope parameter in the token request should not be respected but the scope should be taken from the authorization code. It was not totally ignored, but rather the scope parameter of the token request was used for the generated ID token. This had two consequences: * Spec conforming implementations of authorization code flow didn't get correct ID tokens, since they usually don't pass scope parameter with the token request. * It's possible to get a broader scope for the ID token than what is authorized by the user in the original authorization code request. 2. For "refresh_token" grant type the scope parameter in the token request should only allow narrowing down the scope. It wasn't narrowed, but rather the original auth code scope was used for the access token and the passed in scope parameter was used for the ID token (again allowing unauthorized scopes in the ID token). 3. For "password" grant type the scope parameter in the token request should be respected. The problem with this was that it wasn't properly splitted when passed to ID token creation. Fixes #186 2017-07-10 15:48:12 +00:00			`user.first_name = 'John'`
			`user.last_name = 'Doe'`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`user.set_password('1234')`
Add some tests. 2015-02-11 18:37:51 +00:00
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`user.save()`
Add some tests. 2015-02-11 18:37:51 +00:00
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`return user`
Add some tests. 2015-02-11 18:37:51 +00:00
Add tests for userinfo claims. 2015-08-11 18:59:57 +00:00
Adds per-client consent customization 2017-03-31 16:34:03 +00:00			`def create_fake_client(response_type, is_public=False, require_consent=True):`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`"""`
			`Create a test client, response_type argument MUST be:`
			`'code', 'id_token' or 'id_token token'.`

			`Return a Client object.`
			`"""`
			`client = Client()`
			`client.name = 'Some Client'`
Refactoring tests. 2016-04-14 19:22:38 +00:00			`client.client_id = str(random.randint(1, 999999)).zfill(6)`
Not auto-approve requests for non-confidential clients. 2016-04-08 21:09:24 +00:00			`if is_public:`
			`client.client_type = 'public'`
			`client.client_secret = ''`
			`else:`
Refactoring tests. 2016-04-14 19:22:38 +00:00			`client.client_secret = str(random.randint(1, 999999)).zfill(6)`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`client.response_type = response_type`
			`client.redirect_uris = ['http://example.com/']`
Adds per-client consent customization 2017-03-31 16:34:03 +00:00			`client.require_consent = require_consent`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00
			`client.save()`

			`return client`

Add tests for userinfo claims. 2015-08-11 18:59:57 +00:00
Make Client available when using OIDC_EXTRA_SCOPE_CLAIMS Now it's passed the Token to the ScopeClaims constructor so that it can make Client avaialble to implementors 2016-10-12 19:23:57 +00:00			`def create_fake_token(user, scopes, client):`
			`expires_at = timezone.now() + timezone.timedelta(seconds=60)`
			`token = Token(user=user, client=client, expires_at=expires_at)`
			`token.scope = scopes`

			`token.save()`

			`return token`


Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`def is_code_valid(url, user, client):`
			`"""`
Add test for Hybrid flow. Plus refactoring. 2016-09-08 20:15:25 +00:00			`Check if the code inside the url is valid. Supporting both query string and fragment.`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`"""`
			`try:`
Add support for redirect_uris with query params Some clients might add extra parameters to the redirect_uri, for instance as extra verification if proper state parameter handling is not supported. This patch adds proper handling of redirect_uris with query parameters. 2015-07-10 10:22:25 +00:00			`parsed = urlsplit(url)`
Add test for Hybrid flow. Plus refactoring. 2016-09-08 20:15:25 +00:00			`params = parse_qs(parsed.query or parsed.fragment)`
Add support for redirect_uris with query params Some clients might add extra parameters to the redirect_uri, for instance as extra verification if proper state parameter handling is not supported. This patch adds proper handling of redirect_uris with query parameters. 2015-07-10 10:22:25 +00:00			`code = params['code'][0]`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`code = Code.objects.get(code=code)`
Add test for Hybrid flow. Plus refactoring. 2016-09-08 20:15:25 +00:00			`is_code_ok = (code.client == client) and (code.user == user)`
Add test for user consent skip feature. 2015-06-23 19:32:12 +00:00			`except:`
			`is_code_ok = False`

			`return is_code_ok`
Add tests for userinfo claims. 2015-08-11 18:59:57 +00:00

Change setting OIDC_USERINFO. 2016-07-07 15:50:27 +00:00			`def userinfo(claims, user):`
Make OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function. 2016-01-12 18:17:22 +00:00			`"""`
Change setting OIDC_USERINFO. 2016-07-07 15:50:27 +00:00			`Fake function for setting OIDC_USERINFO.`
Make OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function. 2016-01-12 18:17:22 +00:00			`"""`
Change setting OIDC_USERINFO. 2016-07-07 15:50:27 +00:00			`claims['given_name'] = 'John'`
			`claims['family_name'] = 'Doe'`
			`claims['name'] = '{0} {1}'.format(claims['given_name'], claims['family_name'])`
			`claims['email'] = user.email`
			`claims['address']['country'] = 'Argentina'`
			`return claims`
Make OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function. 2016-01-12 18:17:22 +00:00

			`def fake_sub_generator(user):`
			`"""`
			`Fake function for setting OIDC_IDTOKEN_SUB_GENERATOR.`
			`"""`
			`return user.email`
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00

added 'user' into default_idtoken_processing_hook 2016-02-17 22:28:08 +00:00			`def fake_idtoken_processing_hook(id_token, user):`
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00			`"""`
Rename setting. 2016-02-12 17:51:43 +00:00			`Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK.`
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00			`"""`
Rename setting. 2016-02-12 17:51:43 +00:00			`id_token['test_idtoken_processing_hook'] = FAKE_RANDOM_STRING`
added 'user' into default_idtoken_processing_hook 2016-02-17 22:28:08 +00:00			`id_token['test_idtoken_processing_hook_user_email'] = user.email`
Rename setting. 2016-02-12 17:51:43 +00:00			`return id_token`
str or list or tuple for OIDC_ID_TOKEN_PROCESSING_HOOK 2016-03-01 17:54:57 +00:00

			`def fake_idtoken_processing_hook2(id_token, user):`
			`"""`
			`Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param`
			`"""`
			`id_token['test_idtoken_processing_hook2'] = FAKE_RANDOM_STRING`
			`id_token['test_idtoken_processing_hook_user_email2'] = user.email`
			`return id_token`