Merge 9560fd6 into 3749d7d

conwetlab · Jul 25, 2018 · bb321c8 · bb321c8
2 parents 3749d7d + 9560fd6
commit bb321c8
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 11 deletions.
diff --git a/bin/travis-build.bash b/bin/travis-build.bash
@@ -2,6 +2,25 @@
 
 set -e
 
+function test_connection {
+    echo "Testing $1 connection"
+
+    attempt_counter=0
+    max_attempts=50
+
+    until $(curl --output /dev/null --silent --head --fail --insecure $2); do
+        if [ ${attempt_counter} -eq ${max_attempts} ];then
+            echo "Max attempts reached"
+            exit 1
+        fi
+
+        attempt_counter=$(($attempt_counter+1))
+        sleep 5
+    done
+
+    echo "$1 connection, OK"
+}
+
 echo "This is travis-build.bash..."
 
 echo "Installing the packages that CKAN requires..."
@@ -58,7 +77,7 @@ if [ "$INTEGRATION_TEST" = "true" ]; then
     docker run -d -p 443:443 --network main -e DATABASE_HOST=mysql -v "${TRAVIS_BUILD_DIR}/ci/idm-config.js:/opt/fiware-idm/config.js:ro" -v /etc/ssl/self_signed.key:/opt/fiware-idm/certs/self_signed.key:ro -v /usr/local/share/ca-certificates/self_signed.crt:/opt/fiware-idm/certs/self_signed.crt:ro --name idm fiware/idm
 
     # Wait until idm is ready
-    sleep 30
+    test_connection 'KeyRock' https://localhost:443
 fi
 
 echo "travis-build.bash is done."
diff --git a/ci/idm-config.js b/ci/idm-config.js
@@ -38,10 +38,13 @@ config.api = {
 }
 
 // Enable authzforce
-config.authzforce = {
-	enabled: false,
-	host: '',
-	port: 8080
+config.authorization = {
+    level: 'basic',
+    authzforce: {
+        enabled: false,
+        host: '',
+        port: 8080
+    }
 }
 
 var database_host = (process.env.DATABASE_HOST) ? process.env.DATABASE_HOST : 'localhost'
@@ -86,4 +89,12 @@ config.site = {
     theme: 'default'
 };
 
+// Config eIDAs Authentication
+config.eidas = {
+    enabled: false,
+    gateway_host: 'localhost',
+    idp_host: 'https://se-eidas.redsara.es/EidasNode/ServiceProvider',
+    metadata_expiration: 60 * 60 * 24 * 365 // One year
+}
+
 module.exports = config;
diff --git a/ckanext/oauth2/oauth2.py b/ckanext/oauth2/oauth2.py
@@ -102,10 +102,14 @@ def get_token(self):
         headers = {
             'Accept': 'application/json',
             'Content-Type': 'application/x-www-form-urlencoded',
-            'Authorization': 'Basic %s' % base64.urlsafe_b64encode(
+        }
+
+        if self.legacy_idm:
+            # This is only required for Keyrock v6 and v5
+            headers['Authorization'] = 'Basic %s' % base64.urlsafe_b64encode(
                 '%s:%s' % (self.client_id, self.client_secret)
             )
-        }
+
         try:
             token = oauth.fetch_token(self.token_endpoint,
                                       headers=headers,

diff --git a/ckanext/oauth2/tests/test_oauth2.py b/ckanext/oauth2/tests/test_oauth2.py
@@ -20,7 +20,7 @@
 
 from __future__ import print_function, unicode_literals
 
-from base64 import b64encode
+from base64 import b64encode, urlsafe_b64encode
 import json
 import os
 import unittest
@@ -136,11 +136,12 @@ def test_get_token_with_no_credentials(self, oauth2_session_mock):
         with self.assertRaises(MissingCodeError):
             helper.get_token()
 
-    @httpretty.activate
-    def test_get_token(self):
+    @patch('ckanext.oauth2.oauth2.OAuth2Session')
+    @patch.dict(os.environ, {'OAUTHLIB_INSECURE_TRANSPORT': ''})
+    def test_get_token(self, OAuth2Session):
         helper = self._helper()
         token = OAUTH2TOKEN
-        httpretty.register_uri(httpretty.POST, helper.token_endpoint, body=json.dumps(token))
+        OAuth2Session().fetch_token.return_value = OAUTH2TOKEN
 
         state = b64encode(json.dumps({'came_from': 'initial-page'}))
         oauth2.toolkit.request = make_request(True, 'data.com', 'callback', {'state': state, 'code': 'code'})
@@ -150,6 +151,34 @@ def test_get_token(self):
             self.assertIn(key, retrieved_token)
             self.assertEquals(token[key], retrieved_token[key])
 
+    @patch('ckanext.oauth2.oauth2.OAuth2Session')
+    def test_get_token_legacy_idm(self, OAuth2Session):
+        helper = self._helper()
+        helper.legacy_idm = True
+        helper.verify_https = True
+        OAuth2Session().fetch_token.return_value = OAUTH2TOKEN
+
+        state = b64encode(json.dumps({'came_from': 'initial-page'}))
+        oauth2.toolkit.request = make_request(True, 'data.com', 'callback', {'state': state, 'code': 'code'})
+        retrieved_token = helper.get_token()
+
+        expected_headers = {
+            'Accept': 'application/json',
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'Authorization': 'Basic %s' % urlsafe_b64encode(
+                '%s:%s' % (helper.client_id, helper.client_secret)
+            )
+        }
+
+        OAuth2Session().fetch_token.assert_called_once_with(
+            helper.token_endpoint,
+            headers=expected_headers,
+            client_secret=helper.client_secret,
+            authorization_response=oauth2.toolkit.request.url,
+            verify=True
+        )
+        self.assertEqual(retrieved_token, OAUTH2TOKEN)
+
     @httpretty.activate
     @patch.dict(os.environ, {'OAUTHLIB_INSECURE_TRANSPORT': ''})
     def test_get_token_insecure(self):