Python oauth2.Server类代码示例

def test_server_parse_token_request():
    atr = AccessTokenRequest(
        grant_type="authorization_code",
        code="SplxlOBeZQQYbYS6WxSbIA",
        redirect_uri="https://client.example.com/cb",
        extra="foo",
    )

    uenc = atr.to_urlencoded()

    srv = Server()
    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(), ["code", "redirect_uri", "grant_type", "extra"])

    assert tr["grant_type"] == "authorization_code"
    assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"

    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(), ["code", "grant_type", "redirect_uri", "extra"])

    assert tr["extra"] == "foo"

def test_server_parse_parse_authorization_request():
    srv = Server()
    ar = AuthorizationRequest(response_type=["code"],
                              client_id="foobar",
                              redirect_uri="http://foobar.example.com/oaclient",
                              state="cold")

    uencq = ar.to_urlencoded()

    areq = srv.parse_authorization_request(query=uencq)

    assert areq.type() == "AuthorizationRequest"
    assert areq["response_type"] == ["code"]
    assert areq["client_id"] == "foobar"
    assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert areq["state"] == "cold"

    urluenc = "%s?%s" % ("https://example.com/authz", uencq)

    areq = srv.parse_authorization_request(url=urluenc)

    assert areq.type() == "AuthorizationRequest"
    assert areq["response_type"] == ["code"]
    assert areq["client_id"] == "foobar"
    assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert areq["state"] == "cold"

 def __init__(self, jwt_keys=None, name=""):
     Server.__init__(self, jwt_keys=jwt_keys)
     self.sdb = SessionDB()
     self.name = name
     self.client = {}
     self.registration_expires_in = 3600
     self.host = ""

def test_server_parse_refresh_token_request():
    ratr = RefreshAccessTokenRequest(refresh_token="ababababab", client_id="Client_id")

    uenc = ratr.to_urlencoded()

    srv = Server()
    tr = srv.parse_refresh_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "RefreshAccessTokenRequest"
    assert tr["refresh_token"] == "ababababab"
    assert tr["client_id"] == "Client_id"

def test_server_parse_jwt_request():
    srv = Server()
    ar = AuthorizationRequest(
        response_type=["code"], client_id="foobar", redirect_uri="http://foobar.example.com/oaclient", state="cold"
    )

    srv.keyjar["foobar"] = KeyBundle({"hmac": "A1B2C3D4"}, usage=["ver", "sig"])
    srv.keyjar[""] = KeyBundle({"hmac": "A1B2C3D4"}, usage=["ver", "sig"])

    keys = srv.keyjar.get_signing_key(owner="foobar")
    _jwt = ar.to_jwt(key=keys, algorithm="HS256")

    req = srv.parse_jwt_request(txt=_jwt)

    assert req.type() == "AuthorizationRequest"
    assert req["response_type"] == ["code"]
    assert req["client_id"] == "foobar"
    assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert req["state"] == "cold"

def test_server_parse_jwt_request():
    srv = Server()
    ar = AuthorizationRequest(response_type=["code"],
                 client_id="foobar",
                 redirect_uri="http://foobar.example.com/oaclient",
                 state="cold")

    srv.keystore.set_verify_key("A1B2C3D4", owner="foobar")
    srv.keystore.set_sign_key("A1B2C3D4", owner="foobar")

    keys = srv.keystore.get_sign_key(owner="foobar")
    _jwt = ar.to_jwt(key=keys, algorithm="HS256")

    req = srv.parse_jwt_request(txt=_jwt)

    assert req.type() == "AuthorizationRequest"
    assert req["response_type"] == ["code"]
    assert req["client_id"] == "foobar"
    assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert req["state"] == "cold"

    def __init__(self, name, sdb, cdb, authn_broker, authz, client_authn,
                 symkey="", urlmap=None, iv=0, default_scope="",
                 ca_bundle=None, verify_ssl=True, default_acr="",
                 baseurl=''):
        self.name = name
        self.sdb = sdb
        self.cdb = cdb
        self.server = Server(ca_certs=ca_bundle, verify_ssl=verify_ssl)

        self.authn_broker = authn_broker
        if authn_broker is None:
            # default cookie function
            self.cookie_func = CookieDealer(srv=self).create_cookie
        else:
            self.cookie_func = self.authn_broker[0][0].create_cookie
            for item in self.authn_broker:
                item.srv = self

        self.authz = authz
        self.client_authn = client_authn
        self.symkey = symkey
        self.seed = rndstr().encode("utf-8")
        self.iv = iv or os.urandom(16)
        self.cookie_name = "pyoidc"
        self.default_scope = default_scope
        self.sso_ttl = 0
        self.default_acr = default_acr

        if urlmap is None:
            self.urlmap = {}
        else:
            self.urlmap = urlmap

        self.response_type_map = {
            "code": code_response,
            "token": token_response,
            "none": none_response,
        }

        self.session_cookie_name = "pyoic_session"
        self.baseurl = baseurl
        self.keyjar = None
        self.trace = None
        self.events = None

 def create_server(self):
     self.srv = Server()  # pylint: disable=attribute-defined-outside-init

class TestServer(object):
    @pytest.fixture(autouse=True)
    def create_server(self):
        self.srv = Server()  # pylint: disable=attribute-defined-outside-init

    def test_parse_authz_req(self):
        ar = AuthorizationRequest(
            response_type=["code"], client_id="foobar", redirect_uri="http://foobar.example.com/oaclient", state="cold"
        )

        uencq = ar.to_urlencoded()

        areq = self.srv.parse_authorization_request(query=uencq)

        assert isinstance(areq, AuthorizationRequest)
        assert areq["response_type"] == ["code"]
        assert areq["client_id"] == "foobar"
        assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
        assert areq["state"] == "cold"

        urluenc = "%s?%s" % ("https://example.com/authz", uencq)
        areq = self.srv.parse_authorization_request(url=urluenc)

        assert isinstance(areq, AuthorizationRequest)
        assert areq["response_type"] == ["code"]
        assert areq["client_id"] == "foobar"
        assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
        assert areq["state"] == "cold"

    def test_parse_jwt_request(self):
        ar = AuthorizationRequest(
            response_type=["code"], client_id="foobar", redirect_uri="http://foobar.example.com/oaclient", state="cold"
        )

        self.srv.keyjar["foobar"] = KeyBundle(
            [
                {"kty": "oct", "key": "A1B2C3D4".encode("utf-8"), "use": "ver"},
                {"kty": "oct", "key": "A1B2C3D4".encode("utf-8"), "use": "sig"},
            ]
        )
        self.srv.keyjar[""] = KeyBundle(
            [
                {"kty": "oct", "key": "A1B2C3D4".encode("utf-8"), "use": "ver"},
                {"kty": "oct", "key": "A1B2C3D4".encode("utf-8"), "use": "sig"},
            ]
        )

        keys = self.srv.keyjar.get_signing_key(owner="foobar")
        _jwt = ar.to_jwt(key=keys, algorithm="HS256")

        req = self.srv.parse_jwt_request(txt=_jwt)

        assert isinstance(req, AuthorizationRequest)
        assert req["response_type"] == ["code"]
        assert req["client_id"] == "foobar"
        assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
        assert req["state"] == "cold"

    def test_server_parse_token_request(self):
        atr = AccessTokenRequest(
            grant_type="authorization_code",
            code="SplxlOBeZQQYbYS6WxSbIA",
            redirect_uri="https://client.example.com/cb",
            extra="foo",
        )
        uenc = atr.to_urlencoded()

        tr = self.srv.parse_token_request(body=uenc)

        assert isinstance(tr, AccessTokenRequest)
        assert _eq(tr.keys(), ["code", "redirect_uri", "grant_type", "extra"])

        assert tr["grant_type"] == "authorization_code"
        assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"

        tr = self.srv.parse_token_request(body=uenc)

        assert isinstance(tr, AccessTokenRequest)
        assert _eq(tr.keys(), ["code", "grant_type", "redirect_uri", "extra"])

        assert tr["extra"] == "foo"

    def test_server_parse_refresh_token_request(self):
        ratr = RefreshAccessTokenRequest(refresh_token="ababababab", client_id="Client_id")
        uenc = ratr.to_urlencoded()

        tr = self.srv.parse_refresh_token_request(body=uenc)

        assert isinstance(tr, RefreshAccessTokenRequest)
        assert tr["refresh_token"] == "ababababab"
        assert tr["client_id"] == "Client_id"

class Provider(object):
    endp = [AuthorizationEndpoint, TokenEndpoint]

    def __init__(self, name, sdb, cdb, authn_broker, authz, client_authn,
                 symkey="", urlmap=None, iv=0, default_scope="",
                 ca_bundle=None, verify_ssl=True, default_acr="",
                 baseurl=''):
        self.name = name
        self.sdb = sdb
        self.cdb = cdb
        self.server = Server(ca_certs=ca_bundle, verify_ssl=verify_ssl)

        self.authn_broker = authn_broker
        if authn_broker is None:
            # default cookie function
            self.cookie_func = CookieDealer(srv=self).create_cookie
        else:
            self.cookie_func = self.authn_broker[0][0].create_cookie
            for item in self.authn_broker:
                item.srv = self

        self.authz = authz
        self.client_authn = client_authn
        self.symkey = symkey
        self.seed = rndstr().encode("utf-8")
        self.iv = iv or os.urandom(16)
        self.cookie_name = "pyoidc"
        self.default_scope = default_scope
        self.sso_ttl = 0
        self.default_acr = default_acr

        if urlmap is None:
            self.urlmap = {}
        else:
            self.urlmap = urlmap

        self.response_type_map = {
            "code": code_response,
            "token": token_response,
            "none": none_response,
        }

        self.session_cookie_name = "pyoic_session"
        self.baseurl = baseurl
        self.keyjar = None
        self.trace = None

    @staticmethod
    def input(query="", post=None):
        # Support GET and POST
        if query:
            return query
        elif post:
            return post
        else:
            raise MissingParameter("No input")

    @staticmethod
    def _error_response(error, descr=None):
        logger.error("%s" % error)
        response = ErrorResponse(error=error, error_description=descr)
        return Response(response.to_json(), content="application/json",
                        status="400 Bad Request")

    @staticmethod
    def _error(error, descr=None):
        response = ErrorResponse(error=error, error_description=descr)
        return Response(response.to_json(), content="application/json",
                        status="400 Bad Request")

    @staticmethod
    def _authz_error(error, descr=None):

        response = AuthorizationErrorResponse(error=error)
        if descr:
            response["error_description"] = descr

        return Response(response.to_json(), content="application/json",
                        status="400 Bad Request")

    @staticmethod
    def _redirect_authz_error(error, redirect_uri, descr=None, state="",
                              return_type=None):
        err = AuthorizationErrorResponse(error=error)
        if descr:
            err["error_description"] = descr
        if state:
            err["state"] = state
        if return_type is None or return_type == ["code"]:
            location = err.request(redirect_uri)
        else:
            location = err.request(redirect_uri, True)
        return SeeOther(location)

    def _verify_redirect_uri(self, areq):
        """
        MUST NOT contain a fragment
        MAY contain query component

        :return: An error response if the redirect URI is faulty otherwise
#.........这里部分代码省略.........

class Provider(object):
    endp = [AuthorizationEndpoint, TokenEndpoint]

    def __init__(self, name, sdb, cdb, authn_broker, authz, client_authn,
                 symkey="", urlmap=None, iv=0, default_scope="",
                 ca_bundle=None, verify_ssl=True, default_acr=""):
        self.name = name
        self.sdb = sdb
        self.cdb = cdb
        self.server = Server(ca_certs=ca_bundle, verify_ssl=verify_ssl)

        self.authn_broker = authn_broker
        if authn_broker is None:
            # default cookie function
            self.cookie_func = CookieDealer(srv=self).create_cookie
        else:
            self.cookie_func = self.authn_broker[0][0].create_cookie
            for item in self.authn_broker:
                item.srv = self

        self.authz = authz
        self.client_authn = client_authn
        self.symkey = symkey
        self.seed = rndstr()
        self.iv = iv or os.urandom(16)
        self.cookie_name = "pyoidc"
        self.default_scope = default_scope
        self.sso_ttl = 0
        self.default_acr = default_acr

        if urlmap is None:
            self.urlmap = {}
        else:
            self.urlmap = urlmap

        self.response_type_map = {
            "code": code_response,
            "token": token_response,
            "none": none_response,
        }

        self.session_cookie_name = "pyoic_session"

    def endpoints(self):
        for endp in self.endp:
            yield endp(None).name

    # def authn_reply(self, areq, aresp, bsid, **kwargs):
    #     """
    #
    #     :param areq: Authorization Request
    #     :param aresp: Authorization Response
    #     :param bsid: Session id
    #     :param kwargs: Additional keyword args
    #     :return:
    #     """
    #     if "redirect_uri" in areq:
    #         # TODO verify that the uri is reasonable
    #         redirect_uri = areq["redirect_uri"]
    #     else:
    #         redirect_uri = self.urlmap[areq["client_id"]]
    #
    #     location = location_url(areq["response_type"], redirect_uri,
    #                             aresp.to_urlencoded())
    #
    #     LOG_DEBUG("Redirected to: '%s' (%s)" % (location, type(location)))
    #
    #     # set cookie containing session ID
    #
    #     cookie = make_cookie(self.cookie_name, bsid, self.seed)
    #
    #     return Redirect(str(location), headers=[cookie])
    #
    # def authn_response(self, areq, **kwargs):
    #     """
    #
    #     :param areq: Authorization request
    #     :param kwargs: Extra keyword arguments
    #     :return:
    #     """
    #     scode = kwargs["code"]
    #     areq["response_type"].sort()
    #     _rtype = " ".join(areq["response_type"])
    #     return self.response_type_map[_rtype](areq=areq, scode=scode,
    #                                           sdb=self.sdb)

    @staticmethod
    def input(query="", post=None):
        # Support GET and POST
        if query:
            return query
        elif post:
            return post
        else:
            raise MissingParameter("No input")

    @staticmethod
    def _error_response(error, descr=None):
        logger.error("%s" % error)
        response = ErrorResponse(error=error, error_description=descr)
#.........这里部分代码省略.........

    def __init__(self, name, sdb, cdb, authn, authz, client_authn,
                 symkey="", urlmap=None, iv=0, default_scope=""):
        self.name = name
        self.sdb = sdb
        self.cdb = cdb
        self.srvmethod = SrvMethod()
        self.authn = authn
        if authn:
            self.authn.srv = self
        self.authz = authz
        self.client_authn = client_authn
        self.symkey = symkey
        self.seed = rndstr()
        self.iv = iv or os.urandom(16)
        self.cookie_name = "pyoidc"
        self.default_scope = default_scope

        if urlmap is None:
            self.urlmap = {}
        else:
            self.urlmap = urlmap

        self.response_type_map = {
            "code": code_response,
            "token": token_response,
            "none": none_response,
        }

class Provider(object):
    def __init__(self, name, sdb, cdb, authn, authz, client_authn,
                 symkey="", urlmap=None, iv=0, default_scope=""):
        self.name = name
        self.sdb = sdb
        self.cdb = cdb
        self.srvmethod = SrvMethod()
        self.authn = authn
        if authn:
            self.authn.srv = self
        self.authz = authz
        self.client_authn = client_authn
        self.symkey = symkey
        self.seed = rndstr()
        self.iv = iv or os.urandom(16)
        self.cookie_name = "pyoidc"
        self.default_scope = default_scope

        if urlmap is None:
            self.urlmap = {}
        else:
            self.urlmap = urlmap

        self.response_type_map = {
            "code": code_response,
            "token": token_response,
            "none": none_response,
        }

    def subset(self, li1, li2):
        """
        Verify that all items in li1 appears in li2

        :param li1: List 1
        :param li2: List 2
        :return: True if all items in li1 appears in li2
        """
        for item in li1:
            try:
                assert item in li2
            except AssertionError:
                return False
        return True

    def get_client_id(self, req, authn):
        """
        Verify the client and return the client id

        :param req: The request
        :param authn: Authentication information from the HTTP header
        :return:
        """

        logger.debug("REQ: %s" % req.to_dict())
        if authn:
            if authn.startswith("Basic "):
                logger.debug("Basic auth")
                (_id, _secret) = base64.b64decode(authn[6:]).split(":")
                if _id not in self.cdb:
                    logger.debug("Unknown client_id")
                    raise FailedAuthentication("Unknown client_id")
                else:
                    try:
                        assert _secret == self.cdb[_id]["client_secret"]
                    except AssertionError:
                        logger.debug("Incorrect secret")
                        raise FailedAuthentication("Incorrect secret")
            else:
                try:
                    assert authn[:6].lower() == "bearer"
                    logger.debug("Bearer auth")
                    _token = authn[7:]
                except AssertionError:
                    raise FailedAuthentication("AuthZ type I don't know")

                try:
                    _id = self.cdb[_token]
                except KeyError:
                    logger.debug("Unknown access token")
                    raise FailedAuthentication("Unknown access token")
        else:
            try:
                _id = req["client_id"]
                if _id not in self.cdb:
                    logger.debug("Unknown client_id")
                    raise FailedAuthentication("Unknown client_id")
            except KeyError:
                raise FailedAuthentication("Missing client_id")

        return _id

    def authn_reply(self, areq, aresp, bsid, **kwargs):

        if "redirect_uri" in areq:
            # TODO verify that the uri is reasonable
            redirect_uri = areq["redirect_uri"]
        else:
            redirect_uri = self.urlmap[areq["client_id"]]

        location = location_url(areq["response_type"], redirect_uri,
#.........这里部分代码省略.........