-
Notifications
You must be signed in to change notification settings - Fork 166
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #14 from johngian/oidc-step-1
OIDC authorization request and callback handler
- Loading branch information
Showing
5 changed files
with
271 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
from django.conf.urls import url | ||
|
||
from mozilla_django_oidc import views | ||
|
||
urlpatterns = [ | ||
url(r'^oidc/authorization_callback/$', views.OIDCAuthorizationCallbackView.as_view(), | ||
name='oidc_authorization_callback'), | ||
url(r'^oidc/authorization_init/$', views.OIDCAuthorizationRequestView.as_view(), | ||
name='oidc_authorization_init'), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
try: | ||
from urllib import urlencode | ||
except ImportError: | ||
from urllib.parse import urlencode | ||
|
||
from django.core.urlresolvers import reverse | ||
from django.contrib import auth | ||
from django.http import HttpResponseRedirect | ||
from django.views.generic import View | ||
|
||
from mozilla_django_oidc.utils import import_from_settings | ||
|
||
|
||
class OIDCAuthorizationCallbackView(View): | ||
"""OIDC client authentication callback HTTP endpoint""" | ||
|
||
http_method_names = ['post'] | ||
|
||
@property | ||
def failure_url(self): | ||
return import_from_settings('LOGIN_REDIRECT_URL_FAILURE', '/') | ||
|
||
@property | ||
def success_url(self): | ||
return import_from_settings('LOGIN_REDIRECT_URL', '/') | ||
|
||
def login_failure(self): | ||
return HttpResponseRedirect(self.failure_url) | ||
|
||
def login_success(self): | ||
auth.login(self.request, self.user) | ||
return HttpResponseRedirect(self.success_url) | ||
|
||
def post(self, request): | ||
"""Callback handler for OIDC authorization code flow""" | ||
|
||
if 'code' in request.POST and 'state' in request.POST: | ||
kwargs = { | ||
'code': request.POST['code'], | ||
'state': request.POST['state'] | ||
} | ||
self.user = auth.authenticate(**kwargs) | ||
|
||
if self.user and self.user.is_active: | ||
return self.login_success() | ||
return self.login_failure() | ||
|
||
|
||
class OIDCAuthorizationRequestView(View): | ||
"""OIDC client authentication HTTP endpoint""" | ||
|
||
http_method_names = ['get'] | ||
|
||
def __init__(self, *args, **kwargs): | ||
super(OIDCAuthorizationRequestView, self).__init__(*args, **kwargs) | ||
|
||
self.OIDC_OP_AUTH_ENDPOINT = import_from_settings('OIDC_OP_AUTHORIZATION_ENDPOINT') | ||
self.OIDC_OP_CLIENT_ID = import_from_settings('OIDC_OP_CLIENT_ID') | ||
|
||
def get(self, request): | ||
"""OIDC client authentication initialization HTTP endpoint""" | ||
params = { | ||
'response_type': 'code', | ||
'scope': 'openid', | ||
'client_id': self.OIDC_OP_CLIENT_ID, | ||
'redirect_uri': reverse('oidc_authorization_callback') | ||
} | ||
|
||
query = urlencode(params) | ||
redirect_url = '{url}?{query}'.format(url=self.OIDC_OP_AUTH_ENDPOINT, query=query) | ||
return HttpResponseRedirect(redirect_url) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
try: | ||
from urlparse import parse_qs, urlparse | ||
except ImportError: | ||
from urllib.parse import parse_qs, urlparse | ||
|
||
from mock import patch | ||
|
||
from django.contrib.auth import get_user_model | ||
from django.core.urlresolvers import reverse | ||
from django.test import RequestFactory, TestCase, override_settings | ||
|
||
from mozilla_django_oidc import views | ||
|
||
|
||
User = get_user_model() | ||
|
||
|
||
class OIDCAuthorizationCallbackViewTestCase(TestCase): | ||
def setUp(self): | ||
self.factory = RequestFactory() | ||
|
||
@override_settings(LOGIN_REDIRECT_URL='/success') | ||
def test_post_auth_success(self): | ||
user = User.objects.create_user('example_username') | ||
user.is_active = True | ||
user.save() | ||
|
||
post_data = { | ||
'code': 'example_code', | ||
'state': 'example_state' | ||
} | ||
url = reverse('oidc_authorization_callback') | ||
request = self.factory.post(url, post_data) | ||
callback_view = views.OIDCAuthorizationCallbackView.as_view() | ||
|
||
with patch('mozilla_django_oidc.views.auth.authenticate') as mock_auth: | ||
with patch('mozilla_django_oidc.views.auth.login') as mock_login: | ||
mock_auth.return_value = user | ||
response = callback_view(request) | ||
|
||
mock_auth.assert_called_once_with(code='example_code', state='example_state') | ||
mock_login.assert_called_once_with(request, user) | ||
|
||
self.assertEqual(response.status_code, 302) | ||
self.assertEqual(response.url, '/success') | ||
|
||
@override_settings(LOGIN_REDIRECT_URL_FAILURE='/failure') | ||
def test_post_auth_failure_nonexisting_user(self): | ||
post_data = { | ||
'code': 'example_code', | ||
'state': 'example_state' | ||
} | ||
|
||
url = reverse('oidc_authorization_callback') | ||
request = self.factory.post(url, post_data) | ||
callback_view = views.OIDCAuthorizationCallbackView.as_view() | ||
|
||
with patch('mozilla_django_oidc.views.auth.authenticate') as mock_auth: | ||
mock_auth.return_value = None | ||
response = callback_view(request) | ||
|
||
mock_auth.assert_called_once_with(code='example_code', state='example_state') | ||
|
||
self.assertEqual(response.status_code, 302) | ||
self.assertEqual(response.url, '/failure') | ||
|
||
@override_settings(LOGIN_REDIRECT_URL_FAILURE='/failure') | ||
def test_post_auth_failure_inactive_user(self): | ||
user = User.objects.create_user('example_username') | ||
user.is_active = False | ||
user.save() | ||
|
||
post_data = { | ||
'code': 'example_code', | ||
'state': 'example_state' | ||
} | ||
|
||
url = reverse('oidc_authorization_callback') | ||
request = self.factory.post(url, post_data) | ||
callback_view = views.OIDCAuthorizationCallbackView.as_view() | ||
|
||
with patch('mozilla_django_oidc.views.auth.authenticate') as mock_auth: | ||
mock_auth.return_value = user | ||
response = callback_view(request) | ||
|
||
mock_auth.assert_called_once_with(code='example_code', state='example_state') | ||
|
||
self.assertEqual(response.status_code, 302) | ||
self.assertEqual(response.url, '/failure') | ||
|
||
@override_settings(LOGIN_REDIRECT_URL_FAILURE='/failure') | ||
def test_post_auth_dirty_data(self): | ||
post_data = { | ||
'foo': 'bar', | ||
} | ||
|
||
url = reverse('oidc_authorization_callback') | ||
request = self.factory.post(url, post_data) | ||
callback_view = views.OIDCAuthorizationCallbackView.as_view() | ||
response = callback_view(request) | ||
self.assertEqual(response.status_code, 302) | ||
self.assertEqual(response.url, '/failure') | ||
|
||
|
||
class OIDCAuthorizationRequestViewTestCase(TestCase): | ||
def setUp(self): | ||
self.factory = RequestFactory() | ||
|
||
@override_settings(OIDC_OP_AUTHORIZATION_ENDPOINT='https://server.example.com/auth') | ||
@override_settings(OIDC_OP_CLIENT_ID='example_id') | ||
def test_get(self): | ||
url = reverse('oidc_authorization_init') | ||
request = self.factory.get(url) | ||
login_view = views.OIDCAuthorizationRequestView.as_view() | ||
response = login_view(request) | ||
self.assertEqual(response.status_code, 302) | ||
|
||
o = urlparse(response.url) | ||
expected_query = { | ||
'response_type': ['code'], | ||
'scope': ['openid'], | ||
'client_id': ['example_id'], | ||
'redirect_uri': ['/oidc/authorization_callback/'] | ||
} | ||
self.assertDictEqual(parse_qs(o.query), expected_query) | ||
self.assertEqual(o.hostname, 'server.example.com') | ||
self.assertEqual(o.path, '/auth') |