-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #364 from esune/fix/subject-identifier
Ensure user authentication sessions are independent
- Loading branch information
Showing
7 changed files
with
129 additions
and
87 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,6 @@ | |
from api.authSessions.models import AuthSession | ||
from api.core.oidc.issue_token_service import Token | ||
from api.core.oidc.tests.__mocks__ import auth_session, presentation, ver_config | ||
from api.test_utils import is_valid_uuid | ||
|
||
basic_valid_requested_attributes = { | ||
"req_attr_0": { | ||
|
@@ -25,7 +24,7 @@ | |
"raw": "[email protected]", | ||
"encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643", | ||
} | ||
} | ||
}, | ||
} | ||
} | ||
|
||
|
@@ -52,24 +51,28 @@ | |
"age_1": { | ||
"raw": "30", | ||
"encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915644", | ||
} | ||
} | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
|
||
@pytest.mark.asyncio | ||
async def test_valid_proof_presentation_with_one_attribute_returns_claims(): | ||
presentation['presentation_request']['requested_attributes'] = basic_valid_requested_attributes | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = basic_valid_revealed_attr_groups | ||
presentation["presentation_request"][ | ||
"requested_attributes" | ||
] = basic_valid_requested_attributes | ||
presentation["presentation"]["requested_proof"][ | ||
"revealed_attr_groups" | ||
] = basic_valid_revealed_attr_groups | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
claims = Token.get_claims(auth_session, ver_config) | ||
assert claims is not None | ||
|
||
|
||
@pytest.mark.asyncio | ||
async def test_valid_proof_presentation_with_multiple_attributes_returns_claims(): | ||
presentation['presentation_request']['requested_attributes'] = { | ||
presentation["presentation_request"]["requested_attributes"] = { | ||
"req_attr_0": { | ||
"names": ["email"], | ||
"restrictions": [ | ||
|
@@ -87,17 +90,17 @@ async def test_valid_proof_presentation_with_multiple_attributes_returns_claims( | |
"issuer_did": "MTYqmTBoLT7KLP5RNfgK3c", | ||
} | ||
], | ||
} | ||
}, | ||
} | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = { | ||
presentation["presentation"]["requested_proof"]["revealed_attr_groups"] = { | ||
"req_attr_0": { | ||
"sub_proof_index": 0, | ||
"values": { | ||
"email": { | ||
"raw": "[email protected]", | ||
"encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643", | ||
} | ||
} | ||
}, | ||
}, | ||
"req_attr_1": { | ||
"sub_proof_index": 0, | ||
|
@@ -106,8 +109,8 @@ async def test_valid_proof_presentation_with_multiple_attributes_returns_claims( | |
"raw": "30", | ||
"encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915644", | ||
} | ||
} | ||
} | ||
}, | ||
}, | ||
} | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
claims = Token.get_claims(auth_session, ver_config) | ||
|
@@ -116,52 +119,65 @@ async def test_valid_proof_presentation_with_multiple_attributes_returns_claims( | |
|
||
@pytest.mark.asyncio | ||
async def test_include_v1_attributes_false_does_not_add_the_named_attributes(): | ||
presentation['presentation_request']['requested_attributes'] = multiple_valid_requested_attributes | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = multiple_valid_revealed_attr_groups | ||
presentation["presentation_request"][ | ||
"requested_attributes" | ||
] = multiple_valid_requested_attributes | ||
presentation["presentation"]["requested_proof"][ | ||
"revealed_attr_groups" | ||
] = multiple_valid_revealed_attr_groups | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
ver_config.include_v1_attributes = False | ||
claims = Token.get_claims(auth_session, ver_config) | ||
vc_presented_attributes_obj = eval(claims["vc_presented_attributes"]) | ||
assert claims is not None | ||
assert vc_presented_attributes_obj["email_1"] == '[email protected]' | ||
assert vc_presented_attributes_obj["age_1"] == '30' | ||
assert vc_presented_attributes_obj["email_1"] == "[email protected]" | ||
assert vc_presented_attributes_obj["age_1"] == "30" | ||
assert "email_1" not in claims | ||
assert "age_1" not in claims | ||
|
||
|
||
@pytest.mark.asyncio | ||
async def test_include_v1_attributes_true_adds_the_named_attributes(): | ||
presentation['presentation_request']['requested_attributes'] = multiple_valid_requested_attributes | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = multiple_valid_revealed_attr_groups | ||
presentation["presentation_request"][ | ||
"requested_attributes" | ||
] = multiple_valid_requested_attributes | ||
presentation["presentation"]["requested_proof"][ | ||
"revealed_attr_groups" | ||
] = multiple_valid_revealed_attr_groups | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
ver_config.include_v1_attributes = True | ||
claims = Token.get_claims(auth_session, ver_config) | ||
vc_presented_attributes_obj = eval(claims["vc_presented_attributes"]) | ||
assert claims is not None | ||
assert vc_presented_attributes_obj["email_1"] == '[email protected]' | ||
assert vc_presented_attributes_obj["age_1"] == '30' | ||
assert claims["email_1"] == '[email protected]' | ||
assert claims["age_1"] == '30' | ||
assert vc_presented_attributes_obj["email_1"] == "[email protected]" | ||
assert vc_presented_attributes_obj["age_1"] == "30" | ||
assert claims["email_1"] == "[email protected]" | ||
assert claims["age_1"] == "30" | ||
|
||
|
||
@pytest.mark.asyncio | ||
async def test_include_v1_attributes_none_does_not_add_the_named_attributes(): | ||
presentation['presentation_request']['requested_attributes'] = multiple_valid_requested_attributes | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = multiple_valid_revealed_attr_groups | ||
presentation["presentation_request"][ | ||
"requested_attributes" | ||
] = multiple_valid_requested_attributes | ||
presentation["presentation"]["requested_proof"][ | ||
"revealed_attr_groups" | ||
] = multiple_valid_revealed_attr_groups | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
ver_config.include_v1_attributes = None | ||
print(ver_config.include_v1_attributes) | ||
claims = Token.get_claims(auth_session, ver_config) | ||
vc_presented_attributes_obj = eval(claims["vc_presented_attributes"]) | ||
assert claims is not None | ||
assert vc_presented_attributes_obj["email_1"] == '[email protected]' | ||
assert vc_presented_attributes_obj["age_1"] == '30' | ||
assert vc_presented_attributes_obj["email_1"] == "[email protected]" | ||
assert vc_presented_attributes_obj["age_1"] == "30" | ||
assert "email_1" not in claims | ||
assert "age_1" not in claims | ||
|
||
|
||
@pytest.mark.asyncio | ||
async def test_revealed_attrs_dont_match_requested_attributes_throws_exception(): | ||
presentation['presentation_request']['requested_attributes'] = { | ||
presentation["presentation_request"]["requested_attributes"] = { | ||
"req_attr_0": { | ||
"names": ["email"], | ||
"restrictions": [ | ||
|
@@ -172,15 +188,15 @@ async def test_revealed_attrs_dont_match_requested_attributes_throws_exception() | |
], | ||
} | ||
} | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = { | ||
presentation["presentation"]["requested_proof"]["revealed_attr_groups"] = { | ||
"req_attr_0": { | ||
"sub_proof_index": 0, | ||
"values": { | ||
"email-wrong": { | ||
"raw": "[email protected]", | ||
"encoded": "73814602767252868561268261832462872577293109184327908660400248444458427915643", | ||
} | ||
} | ||
}, | ||
} | ||
} | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
|
@@ -190,19 +206,27 @@ async def test_revealed_attrs_dont_match_requested_attributes_throws_exception() | |
|
||
@pytest.mark.asyncio | ||
async def test_valid_presentation_with_matching_subject_identifier_has_identifier_in_claims_sub(): | ||
presentation['presentation_request']['requested_attributes'] = basic_valid_requested_attributes | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = basic_valid_revealed_attr_groups | ||
presentation["presentation_request"][ | ||
"requested_attributes" | ||
] = basic_valid_requested_attributes | ||
presentation["presentation"]["requested_proof"][ | ||
"revealed_attr_groups" | ||
] = basic_valid_revealed_attr_groups | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
claims = Token.get_claims(auth_session, ver_config) | ||
print(claims) | ||
assert claims["sub"] == "[email protected]" | ||
|
||
|
||
@pytest.mark.asyncio | ||
async def test_valid_presentation_with_non_matching_subject_identifier_and_has_uuid_in_claims_sub(): | ||
presentation['presentation_request']['requested_attributes'] = basic_valid_requested_attributes | ||
presentation['presentation']['requested_proof']['revealed_attr_groups'] = basic_valid_revealed_attr_groups | ||
async def test_valid_presentation_with_non_matching_subject_identifier_and_has_no_sub(): | ||
presentation["presentation_request"][ | ||
"requested_attributes" | ||
] = basic_valid_requested_attributes | ||
presentation["presentation"]["requested_proof"][ | ||
"revealed_attr_groups" | ||
] = basic_valid_revealed_attr_groups | ||
with mock.patch.object(AuthSession, "presentation_exchange", presentation): | ||
ver_config.subject_identifier = "not-email" | ||
claims = Token.get_claims(auth_session, ver_config) | ||
assert is_valid_uuid(claims["sub"]) is True | ||
assert "sub" not in claims |
Oops, something went wrong.