From 3088cad3ded69b144b807bc4e43c85d80c591cee Mon Sep 17 00:00:00 2001 From: Zicchio Date: Mon, 16 Sep 2024 13:15:36 +0200 Subject: [PATCH 1/2] feat: response of request endpoint --- .../cross_device_integration_test.py | 2 +- example/satosa/integration_test/main.py | 6 ++-- pyeudiw/satosa/default/request_handler.py | 18 +++++------ pyeudiw/tests/satosa/test_backend.py | 30 ++++++++++++------- 4 files changed, 33 insertions(+), 23 deletions(-) diff --git a/example/satosa/integration_test/cross_device_integration_test.py b/example/satosa/integration_test/cross_device_integration_test.py index 89fd8b47..a48ecf91 100644 --- a/example/satosa/integration_test/cross_device_integration_test.py +++ b/example/satosa/integration_test/cross_device_integration_test.py @@ -84,7 +84,7 @@ def _extract_status_uri(bs: BeautifulSoup) -> str: verify=False, timeout=TIMEOUT_S) -request_object_claims = decode_jwt_payload(sign_request_obj.json()['response']) +request_object_claims = decode_jwt_payload(sign_request_obj.text) response_uri = request_object_claims['response_uri'] # Wallet obtained the Request Object; verify that status is 202 diff --git a/example/satosa/integration_test/main.py b/example/satosa/integration_test/main.py index d7476b76..82531477 100644 --- a/example/satosa/integration_test/main.py +++ b/example/satosa/integration_test/main.py @@ -104,9 +104,9 @@ request_uri, verify=False, timeout=TIMEOUT_S) -print(sign_request_obj.json()) +print(sign_request_obj.text) -response_uri = decode_jwt_payload(sign_request_obj.json()['response'])[ +response_uri = decode_jwt_payload(sign_request_obj.text)[ 'response_uri'] # create a SD-JWT signed by a trusted credential issuer @@ -179,7 +179,7 @@ ) ) -red_data = decode_jwt_payload(sign_request_obj.json()['response']) +red_data = decode_jwt_payload(sign_request_obj.text) req_nonce = red_data['nonce'] data = { diff --git a/pyeudiw/satosa/default/request_handler.py b/pyeudiw/satosa/default/request_handler.py index 898d6e80..05fc061b 100644 --- a/pyeudiw/satosa/default/request_handler.py +++ b/pyeudiw/satosa/default/request_handler.py @@ -6,16 +6,17 @@ from pyeudiw.satosa.exceptions import HTTPError from pyeudiw.satosa.interfaces.request_handler import RequestHandlerInterface from pyeudiw.satosa.utils.dpop import BackendDPoP -from pyeudiw.satosa.utils.response import JsonResponse +from pyeudiw.satosa.utils.response import Response from pyeudiw.satosa.utils.trust import BackendTrust from pyeudiw.tools.utils import exp_from_now, iat_now class RequestHandler(RequestHandlerInterface, BackendDPoP, BackendTrust): - def request_endpoint(self, context: Context, *args) -> JsonResponse: - self._log_function_debug("response_endpoint", context, "args", args) + _RESP_CONTENT_TYPE = "application/oauth-authz-req+jwt" + def request_endpoint(self, context: Context, *args) -> Response: + self._log_function_debug("response_endpoint", context, "args", args) try: state = context.qs_params["id"] @@ -54,13 +55,12 @@ def request_endpoint(self, context: Context, *args) -> JsonResponse: return self._handle_500(context, _msg, e) helper = JWSHelper(self.default_metadata_private_jwk) - - jwt = helper.sign( + request_object_jwt = helper.sign( data, protected={'trust_chain': self.get_backend_trust_chain()} ) - response = {"response": jwt} - return JsonResponse( - response, - status="200" + return Response( + message=request_object_jwt, + status="200", + content=RequestHandler._RESP_CONTENT_TYPE ) diff --git a/pyeudiw/tests/satosa/test_backend.py b/pyeudiw/tests/satosa/test_backend.py index 77501042..b3fdc5fe 100644 --- a/pyeudiw/tests/satosa/test_backend.py +++ b/pyeudiw/tests/satosa/test_backend.py @@ -445,8 +445,8 @@ def test_request_endpoint(self, context): state_endpoint_response = self.backend.status_endpoint(context) assert state_endpoint_response.status == "400" assert state_endpoint_response.message - msg = json.loads(state_endpoint_response.message) - assert msg["error"] + requeest_object_jwt = json.loads(state_endpoint_response.message) + assert requeest_object_jwt["error"] internal_data = InternalData() context.http_headers = dict( @@ -523,15 +523,25 @@ def test_request_endpoint(self, context): context.request_uri = request_uri req_resp = self.backend.request_endpoint(context) - + req_resp_str = f"Response(status={req_resp.status}, message={req_resp.message}, headers={req_resp.headers})" + obtained_content_types = list( + map( + lambda header_name_value_pair: header_name_value_pair[1], + filter( + lambda header_name_value_pair: header_name_value_pair[0].lower() == "content-type", + req_resp.headers + ) + ) + ) assert req_resp - assert req_resp.status == "200" - assert req_resp.message - msg = json.loads(req_resp.message) - assert msg["response"] - - header = decode_jwt_header(msg["response"]) - payload = decode_jwt_payload(msg["response"]) + assert req_resp.status == "200", f"invalid status in request object response {req_resp_str}" + assert len(obtained_content_types) > 0, f"missing Content-Type in request object response {req_resp_str}" + assert obtained_content_types[0] == "application/oauth-authz-req+jwt", f"invalid Content-Type in request object response {req_resp_str}" + assert req_resp.message, f"invalid message in request object response {req_resp_str}" + requeest_object_jwt = req_resp.message + + header = decode_jwt_header(requeest_object_jwt) + payload = decode_jwt_payload(requeest_object_jwt) assert header["alg"] assert header["kid"] assert payload["scope"] == " ".join(CONFIG["authorization"]["scopes"]) From 38413ba703db19c4133af5b7ada7202e01507775 Mon Sep 17 00:00:00 2001 From: Zicchio Date: Mon, 16 Sep 2024 13:28:54 +0200 Subject: [PATCH 2/2] chore: typo --- pyeudiw/tests/satosa/test_backend.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pyeudiw/tests/satosa/test_backend.py b/pyeudiw/tests/satosa/test_backend.py index b3fdc5fe..87704518 100644 --- a/pyeudiw/tests/satosa/test_backend.py +++ b/pyeudiw/tests/satosa/test_backend.py @@ -445,8 +445,8 @@ def test_request_endpoint(self, context): state_endpoint_response = self.backend.status_endpoint(context) assert state_endpoint_response.status == "400" assert state_endpoint_response.message - requeest_object_jwt = json.loads(state_endpoint_response.message) - assert requeest_object_jwt["error"] + request_object_jwt = json.loads(state_endpoint_response.message) + assert request_object_jwt["error"] internal_data = InternalData() context.http_headers = dict( @@ -538,10 +538,10 @@ def test_request_endpoint(self, context): assert len(obtained_content_types) > 0, f"missing Content-Type in request object response {req_resp_str}" assert obtained_content_types[0] == "application/oauth-authz-req+jwt", f"invalid Content-Type in request object response {req_resp_str}" assert req_resp.message, f"invalid message in request object response {req_resp_str}" - requeest_object_jwt = req_resp.message + request_object_jwt = req_resp.message - header = decode_jwt_header(requeest_object_jwt) - payload = decode_jwt_payload(requeest_object_jwt) + header = decode_jwt_header(request_object_jwt) + payload = decode_jwt_payload(request_object_jwt) assert header["alg"] assert header["kid"] assert payload["scope"] == " ".join(CONFIG["authorization"]["scopes"])