Merge branch '0.3_configurable_client'

.gitignore

@@ -137,4 +137,5 @@ dmypy.json
 # Cython debug symbols
 cython_debug/
 
-.vscode/
+.vscode/
+.scannerwork

README.md

@@ -1,7 +1,7 @@
-[![Quality Gate Status](http://chris.testingenv.org/api/project_badges/measure?project=auth-tdd-client&metric=alert_status)](http://chris.testingenv.org/dashboard?id=auth-tdd-client)
+
 # Test-Auth-Client
 
-O app vai disponibilizar conteudo para usuarios logados pelo gluu que iniciaram o login pelo idp
+This client aims to be a reliable sclient build with BDD / TDD metologies to be used in auth testing.
 
 Flask based auth/identity app based on test-first, made to encourage and learn BDD and TDD.
 
@@ -40,11 +40,4 @@ App->App: Return protected-content\nOr unauthorized error
 - Coverage: minimum accepted: 80%
 
 
-### Versioning
-
-Using GIT FLOW development model. Which means that we have a develop and master branch. All development is done under feature branches, which are (when finished) merged into the development branch
 
-Feature branches? `feature/`
-Release branches? `release/`
-Hotfix branches? `hotfix/`
-Support branches? `support/`

clientapp/__init__.py

@@ -4,6 +4,12 @@
 from logging.config import dictConfig
 import logging
 import base64
+from flask_oidc import registration, discovery
+import json
+import sys
+from httplib2 import RelativeURIError
+from .client_handler import ClientHandler
+
 
 from .ressources.errors import MismatchingStateError, OAuthError
 import os
@@ -44,16 +50,71 @@
 
 })
 '''
+# recebe a url do op
+# descobre os dados do op com a url
+# registra o cliente (app) no op com os dados do discovery
+# atualiza client-id, client-secret e metadata-server
+
+
+# def register_client(op_data: dict, client_url: str) -> dict:
+#     """[register client and returns client information]
+
+#     :param op_data: [description]
+#     :type op_data: dict
+#     :param client_url: [description]
+#     :type client_url: str
+#     :return: [client information including client-id and secret]
+#     :rtype: dict
+#     """
+#     redirect_uri = '%s/oidc_callback' % client_url
+#     reg_info = registration.register_client(op_data, [redirect_uri])
+#     return reg_info
+
+# def discover(op_url: str, disc:discovery=discovery) -> dict :
+#     """Discover op information on .well-known/open-id-configuration
+#     :param op_url: [url from OP]
+#     :type op_url: str
+#     :param discovery: [flask_oidc.discovery injection], defaults to discovery
+#     :type discovery: discovery, optional
+#     :return: [data retrieved from OP url]
+#     :rtype: dict
+#     """
+#     op_data = {}
+#     try:
+#         op_data = disc.discover_OP_information(op_url)
+#         print(op_data)
+#         return op_data
+
+#     except json.JSONDecodeError as err:
+#         print('Error trying to decode JSON: %s' % err)
+
+#     except RelativeURIError as err:
+#         print(err)
+
+#     except Exception as e:
+#         print('An unexpected ocurred: %s' % e)
+
+#     return op_data
+
+
+
+
 
 
 def get_preselected_provider():
     provider_id_string = cfg.PRE_SELECTED_PROVIDER_ID
+    print('get_preselected_provider - provider_id_string = %s' % provider_id_string)
     provider_object = '{ "provider" : "%s" }' % provider_id_string
     provider_object_bytes = provider_object.encode()
     base64url_bytes = base64.urlsafe_b64encode(provider_object_bytes)
     base64url_value = base64url_bytes.decode()
-
-    return base64url_value
+    print('get_preselected_provider - base64url encoded: %s' % base64url_value)
+    if base64url_value.endswith('='):
+        base64url_value_unpad = base64url_value.replace('=','')
+        print('get_preselected_provider - base64url encoded unpad: %s' % base64url_value_unpad)
+        return base64url_value_unpad
+    else:
+        return base64url_value
 
 
 def ssl_verify(ssl_verify=cfg.SSL_VERIFY):
@@ -76,13 +137,13 @@ def create_app():
     app.config['OP_CLIENT_ID'] = cfg.CLIENT_ID
     app.config['OP_CLIENT_SECRET'] = cfg.CLIENT_SECRET
     oauth.init_app(app)
-    oauth.register('op',
-                   server_metadata_url=cfg.SERVER_META_URL,
-                   client_kwargs={
-                       'scope': 'openid profile email',
-                       'acr_value': 'passport-saml'
-                   },
-                   token_endpoint_auth_method='client_secret_post')
+    oauth.register(
+        'op',
+        server_metadata_url=cfg.SERVER_META_URL,
+        client_kwargs={
+                'scope': 'openid profile mail user_name',
+                'acr_value': cfg.ACR_VALUES
+                }, token_endpoint_auth_method='client_secret_post')
 
     # token_endpoint_auth_method = 'client_secret_post')
     # client_auth_methods = ['client_secret_post'])
@@ -101,6 +162,12 @@ def index():
         </html>
         '''
 
+    @app.route('/register', methods=['POST'])
+    def register():
+        client_handler = ClientHandler('https://t1.techno24x7.com','https://test.com')
+        content = request.json
+        return {},100
+
     @app.route('/protected-content', methods=['GET'])
     def protected_content():
         app.logger.debug('/protected-content - cookies = %s' % request.cookies)
@@ -160,13 +227,17 @@ def callback():
 
     @app.route("/configuration", methods=["POST"])
     def configuration():
+        '''Receives client configuration via API'''
+        app.logger.info('/configuration called')
         content = request.json
         app.logger.debug("content = %s" % content)
         if content is not None:
             if 'provider_id' in content:
                 cfg.PRE_SELECTED_PROVIDER_ID = content['provider_id']
                 cfg.PRE_SELECTED_PROVIDER = True
-                return jsonify({"provider_id": content['provider_id']}), 200
+                app.logger.debug('/configuration: provider_id = %s' % content['provider_id'])
+                return jsonify({ "provider_id" : content['provider_id'] }),200
+
 
         else:
             return {}, 400

clientapp/client_handler.py

@@ -0,0 +1,85 @@
+
+from flask_oidc import registration, discovery
+import json
+from httplib2 import RelativeURIError
+from typing import Optional
+
+
+class ClientHandler:
+    __client_url = None
+    __client_id = None
+    __client_secret = None
+    __metadata_url= None
+    __op_url = None
+    op_data = None
+
+    def __init__(self, op_url: str, client_url: str):
+        """[intializes]
+
+        :param op_url: [url from oidc provider starting with https]
+        :type op_url: str
+        :param client_url: [url from client starting with https]
+        :type client_url: str
+        """
+        self.__op_url = op_url
+        self.__client_url = client_url
+        self.__metadata_url = '%s/.well-known/openid-configuration' % op_url
+        self.op_data = self.discover(op_url)
+        self.reg_info = self.register_client(op_data=self.op_data,client_url=client_url)
+        print(self.reg_info)
+        self.__client_id = self.reg_info['web']['client_id']
+        self.__client_secret = self.reg_info['web']['client_secret']
+
+
+
+    def get_client_dict(self) -> dict:
+        r = {
+            'op_metadata_url' : self.__metadata_url,
+            'client_id' : self.__client_id,
+            'client_secret' : self.__client_secret
+        }
+
+        return r
+
+
+    def register_client(self, op_data: Optional[dict]=op_data, client_url: Optional[str]=__client_url) -> dict:
+        """[register client and returns client information]
+
+        :param op_data: [description]
+        :type op_data: dict
+        :param client_url: [description]
+        :type client_url: str
+        :return: [client information including client-id and secret]
+        :rtype: dict
+        """
+        redirect_uri = '%s/oidc_callback' % client_url
+        reg_info = registration.register_client(op_data, [redirect_uri])
+        return reg_info
+
+    def discover(self, op_url: Optional[str]=__op_url, disc:discovery=discovery) -> dict :
+        """Discover op information on .well-known/open-id-configuration
+        :param op_url: [description], defaults to __op_url
+        :type op_url: str, optional
+        :param discovery: [flask_oidc.discovery injection], defaults to discovery
+        :type discovery: discovery, optional
+        :return: [data retrieved from OP url]
+        :rtype: dict3
+        """
+
+        op_data = {}
+        try:
+            op_data = disc.discover_OP_information(op_url)
+            # print(op_data)
+            return op_data
+
+        except json.JSONDecodeError as err:
+            print('Error trying to decode JSON: %s' % err)
+
+        except RelativeURIError as err:
+            print(err)
+
+        except Exception as e:
+            print('An unexpected ocurred: %s' % e)
+
+        return op_data
+

clientapp/config.py

@@ -1,12 +1,14 @@
-CLIENT_ID = "c5993da4-0627-43f4-9fd3-6d9ef9cf63f8"
-CLIENT_SECRET = "e72a4406-6f54-404c-85f9-3c72c90f870d"
-CLIENT_AUTH_URI = "https://chris.gluuthree.org/oxauth/restv1/authorize"
-TOKEN_URI = "https://chris.gluuthree.org/oxauth/restv1/token"
-USERINFO_URI = "https://chris.gluuthree.org/oxauth/restv1/userinfo"
-REDIRECT_URIS = ['https://chris.testingenv.org/oidc_callback']
-ISSUER = "https://chris.gluuthree.org"
+CLIENT_ID = "6fffd04d-8cbb-4989-8e17-ece3d92ff7c5"
+CLIENT_SECRET = "92f7c172-6d51-4159-98a5-58d9ead7c9e1"
+CLIENT_AUTH_URI = "https://t1.techno24x7.com/oxauth/restv1/authorize"
+TOKEN_URI = "https://t1.techno24x7.com/oxauth/restv1/token"
+USERINFO_URI = "https://t1.techno24x7.com/oxauth/restv1/userinfo"
+REDIRECT_URIS = [
+    'https://chris.testingenv.org/oidc_callback'
+]
+ISSUER = "https://t1.techno24x7.com"
 
-SERVER_META_URL = "https://chris.gluuthree.org/.well-known/openid-configuration"
+SERVER_META_URL = "https://t1.techno24x7.com/.well-known/openid-configuration"
 
 # Token authentication method can be
 # client_secret_basic
@@ -16,9 +18,9 @@
 SERVER_TOKEN_AUTH_METHOD = "client_secret_post"
 
 # for gluu
-ACR_VALUES = ''
-PRE_SELECTED_PROVIDER = False
-PRE_SELECTED_PROVIDER_ID = ''
+ACR_VALUES = 'passport_saml'
+PRE_SELECTED_PROVIDER = True
+PRE_SELECTED_PROVIDER_ID = 'saml-default'
 
 # SYSTEM SETTINGS
 # use with caution, unsecure requests, for develpment environments