Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_verify_redirect_uri_native_https(self):
areq = RegistrationRequest(
redirect_uris=["https://example.org/cb"], application_type="native"
)
try:
self.provider.verify_redirect_uris(areq)
except InvalidRedirectURIError:
assert True
def test_verify_sector_identifier_malformed(self):
rr = RegistrationRequest(
operation="register", sector_identifier_uri="https://example.com"
)
body = "This is not the JSON you are looking for"
with responses.RequestsMock() as rsps, LogCapture(
level=logging.DEBUG
) as logcap:
rsps.add(rsps.GET, "https://example.com", body=body)
with pytest.raises(
InvalidSectorIdentifier,
match="Error deserializing sector_identifier_uri content",
):
self.provider._verify_sector_identifier(rr)
assert len(logcap.records) == 1
assert logcap.records[0].msg == "sector_identifier_uri => %s"
assert logcap.records[0].args == (body,)
def test_verify_redirect_uri_native_loopback(self):
areq = RegistrationRequest(
redirect_uris=["http://127.0.0.1/cb"], application_type="native"
)
self.provider.verify_redirect_uris(areq)
"client_name#ja-Jpan-JP": "クライアント名",
"logo_uri": "https://client.example.org/logo.png",
"subject_type": "pairwise",
"sector_identifier_uri": "https://other.example.net/file_of_redirect_uris.json",
"token_endpoint_auth_method": "client_secret_basic",
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
"userinfo_encrypted_response_alg": "RSA1_5",
"userinfo_encrypted_response_enc": "A128CBC+HS256",
"contacts": ["ve7jtb@example.org", "mary@example.org"],
"request_uris": [
"https://client.example.org/rf.txt"
"#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA"
],
}
reg = RegistrationRequest().deserialize(json.dumps(msg), "json")
assert _eq(list(msg.keys()) + ["response_types"], reg.keys())
def test_verify_sector_identifier_error(self):
rr = RegistrationRequest(
operation="register", sector_identifier_uri="https://example.com"
)
error = ConnectionError("broken connection")
with responses.RequestsMock() as rsps, LogCapture(
level=logging.DEBUG
) as logcap:
rsps.add(rsps.GET, "https://example.com", body=error)
with pytest.raises(
InvalidSectorIdentifier, match="Couldn't open sector_identifier_uri"
):
self.provider._verify_sector_identifier(rr)
assert len(logcap.records) == 2
# First log record is from server...
assert logcap.records[1].msg == error
def test_verify_redirect_uris_with_non_https_redirect_uri_implicit_flow(self):
params = {
"application_type": "web",
"redirect_uris": ["http://example.com/authz"],
"response_types": ["id_token", "token"],
}
request = RegistrationRequest(**params)
with pytest.raises(InvalidRedirectURIError) as exc_info:
self.provider.verify_redirect_uris(request)
assert str(exc_info.value) == "None https redirect_uri not allowed"
def test_verify_redirect_uri_faulty_with_query(self, uri):
rr = RegistrationRequest(
operation="register",
redirect_uris=["http://example.org/cb?test=test"],
response_types=["code"],
)
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
cid = regresp["client_id"]
areq = AuthorizationRequest(
redirect_uri=uri, client_id=cid, response_type="code", scope="openid"
)
with pytest.raises(RedirectURIError):
self.provider._verify_redirect_uri(areq)
def test_registered_redirect_uri_correct_with_query_component(self):
rr = RegistrationRequest(
operation="register",
redirect_uris=["http://example.org/cb?foo=bar"],
response_types=["code"],
)
registration_req = rr.to_json()
resp = self.provider.registration_endpoint(request=registration_req)
regresp = RegistrationResponse().from_json(resp.message)
cid = regresp["client_id"]
areq = AuthorizationRequest(
redirect_uri="http://example.org/cb?foo=bar",
client_id=cid,
scope="openid",
response_type="code",
)
def test_verify_sector_identifier_ru_missing_in_si(self):
"""Redirect_uris is not present in the sector_identifier_uri content."""
rr = RegistrationRequest(
operation="register",
sector_identifier_uri="https://example.com",
redirect_uris=["http://example.com/missing"],
)
with responses.RequestsMock() as rsps, LogCapture(
level=logging.DEBUG
) as logcap:
rsps.add(
rsps.GET,
"https://example.com",
body=json.dumps(["http://example.com/present"]),
)
with pytest.raises(
InvalidSectorIdentifier,
match="redirect_uri missing from sector_identifiers",
):
def test_verify_redirect_uri_native_http_localhost(self):
areq = RegistrationRequest(
redirect_uris=["http://localhost/cb"], application_type="native"
)
self.provider.verify_redirect_uris(areq)