tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

from unittest import mock

from oauthlib.oauth2 import InvalidRequestError
from oauthlib.oauth2.rfc6749.endpoints.authorization import \
    AuthorizationEndpoint
from oauthlib.oauth2.rfc6749.tokens import BearerToken
from oauthlib.openid.connect.core.grant_types import AuthorizationCodeGrant
from urllib.parse import urlencode

from tests.unittest import TestCase


class OpenIDConnectEndpointTest(TestCase):

    def setUp(self):
        self.mock_validator = mock.MagicMock()
        self.mock_validator.authenticate_client.side_effect = self.set_client
        grant = AuthorizationCodeGrant(request_validator=self.mock_validator)
        bearer = BearerToken(self.mock_validator)
        self.endpoint = AuthorizationEndpoint(grant, bearer,
                                              response_types={'code': grant})
        params = {
            'prompt': 'consent',
            'display': 'touch',
            'nonce': 'abcd',
            'state': 'abc',
            'redirect_uri': 'https://a.b/cb',
            'response_type': 'code',
            'client_id': 'abcdef',
            'scope': 'hello openid'
        }
        self.url = 'http://a.b/path?' + urlencode(params)

    def set_client(self, request):
        request.client = mock.MagicMock()
        request.client.client_id = 'mocked'
        return True

    @mock.patch('oauthlib.common.generate_token')
    def test_authorization_endpoint_handles_prompt(self, generate_token):
        generate_token.return_value = "MOCK_CODE"
        # In the GET view:
        scopes, creds = self.endpoint.validate_authorization_request(self.url)
        # In the POST view:
        creds['scopes'] = scopes
        h, b, s = self.endpoint.create_authorization_response(self.url,
                                                        credentials=creds)
        expected = 'https://a.b/cb?state=abc&code=MOCK_CODE'
        self.assertURLEqual(h['Location'], expected)
        self.assertIsNone(b)
        self.assertEqual(s, 302)

    def test_prompt_none_exclusiveness(self):
        """
        Test that prompt=none can't be used with another prompt value.
        """
        params = {
            'prompt': 'none consent',
            'state': 'abc',
            'redirect_uri': 'https://a.b/cb',
            'response_type': 'code',
            'client_id': 'abcdef',
            'scope': 'hello openid'
        }
        url = 'http://a.b/path?' + urlencode(params)
        with self.assertRaises(InvalidRequestError):
            self.endpoint.validate_authorization_request(url)

    def test_oidc_params_preservation(self):
        """
        Test that the nonce parameter is passed through.
        """
        scopes, creds = self.endpoint.validate_authorization_request(self.url)

        self.assertEqual(creds['prompt'], {'consent'})
        self.assertEqual(creds['nonce'], 'abcd')
        self.assertEqual(creds['display'], 'touch')