Commit aa272684 authored by jackie / Andrea Ida Malkah Klaura's avatar jackie / Andrea Ida Malkah Klaura
Browse files

add verbosity with info & debug outputs

parent 3542c957
......@@ -18,7 +18,7 @@ get_steering_implicit () {
handle_login_form
if [ $VERBOSITY -ge 1 ]; then
echo "Stage 4: processing the callback redirect URL"
echo "Stage 5: processing the callback redirect URL"
fi
CALLBACK=$(echo -e "${OUTPUT}" | grep '< Location: ' | cut -f 3 -d " ")
TOKEN=$(echo "${CALLBACK}" | grep -o "access_token=.*&id_token" | \
......
......@@ -13,7 +13,7 @@
# setting the $LOGIN_FORM variable.
initiate_flow () {
if [ $VERBOSITY -ge 1 ]; then
echo "Stage 1: accessing the authorize endpoint"
echo "## Stage 1: accessing the authorize endpoint"
fi
INIT_URL="${BASE_URL}${AUTHORIZE_ENDPOINT}?client_id=${CLIENT_ID}"
INIT_URL+="&redirect_uri=${REDIRECT_URI}&response_type=${RESPONSE_TYPE}"
......@@ -25,6 +25,6 @@ initiate_flow () {
LOGIN_FORM=$(echo -e "${OUTPUT}" | grep "< Location:" | cut -f 3 -d " " | \
tr -d '\r')
if [ $VERBOSITY -ge 2 ]; then
echo "login from URL: ${LOGIN_FORM}"
echo "login form URL: ${LOGIN_FORM}"
fi
}
......@@ -7,7 +7,7 @@
# the callback URL with all the required info in the $OUTPUT variable
handle_login_form () {
if [ $VERBOSITY -ge 1 ]; then
echo "stage 2: accessing the login form"
echo "## Stage 2: accessing the login form"
fi
OUTPUT=$(curl -s -v "${BASE_URL}${LOGIN_FORM}" 2>&1)
CSRF_TOKEN=$(echo -e "${OUTPUT}" | grep "< Set-Cookie:" | cut -f 4 -d " " | \
......@@ -29,7 +29,7 @@ handle_login_form () {
fi
if [ $VERBOSITY -ge 1 ]; then
echo "stage 3: submitting login data"
echo "## Stage 3: submitting login data"
fi
OUTPUT=$(curl -s -v --cookie ${CSRF_TOKEN} \
-F "username=${USERNAME}" -F "password=${PASSWORD}" \
......@@ -48,7 +48,7 @@ handle_login_form () {
fi
if [ $VERBOSITY -ge 1 ]; then
echo "stage 4: get token in final callback location"
echo "## Stage 4: get token in final callback location"
fi
OUTPUT=$(curl -s -v --cookie "${CSRF_TOKEN}; ${SESSION_ID}" \
--referer "${BASE_URL}${SUBMIT_URL}" \
......
#!/usr/bin/python3
import argparse
from config import config as cfg
from steering import implicit
parser = argparse.ArgumentParser(
description="Demo for the OIDC client functions/stubs for AURA.")
parser.add_argument("-v", "--verbosity", action="count",
help="Activate verbose output. Use several times to increase")
args = parser.parse_args()
if args.verbosity:
cfg["verbosity"] = args.verbosity
else:
cfg["verbosity"] = 0
parameters = {
"response_type": "id_token token",
}
oidc = implicit.get_token(cfg, parameters)
print(oidc)
if cfg["verbosity"] == 0:
print(oidc)
import requests
import sys
import re
......@@ -6,6 +7,8 @@ def initiate_flow (cfg, parameters):
"""
Initiates an OIDC flow and returns the URL to the login form
"""
if cfg["verbosity"] >= 1:
print("## Stage 1: accessing the authorize endpoint")
headers = {"User-Agent": cfg["user_agent"]}
payload = {
"client_id": cfg["client_id"],
......@@ -17,10 +20,16 @@ def initiate_flow (cfg, parameters):
}
url = cfg["base_url"] + cfg["authorize_endpoint"]
try:
if cfg["verbosity"] >= 2:
print("Initiating flow at:", url)
response = requests.get(url, headers=headers, params=payload, allow_redirects=False)
except Error as e:
print(e)
except:
e = sys.exc_info()
print(e[0].__name__, ':', e[1])
sys.exit(1)
if cfg["verbosity"] >= 2:
print("login form URL:", response.headers["Location"])
return response.headers["Location"]
......@@ -30,12 +39,16 @@ def handle_login_form (cfg, parameters):
post to confirm consent if required by the auth backend. After success the
final callback redirect URL is returned
"""
if cfg["verbosity"] >= 1:
print("## Stage 2: accessing the login form")
headers = {"User-Agent": cfg["user_agent"]}
url = cfg["base_url"] + parameters["location"]
try:
response = requests.get(url, headers=headers, allow_redirects=False)
except Error as e:
print(e)
e = sys.exc_info()
print(e[0].__name__, ':', e[1])
sys.exit(1)
# save cookies (including csrf token and session id), and extract form data
jar = response.cookies
......@@ -54,27 +67,49 @@ def handle_login_form (cfg, parameters):
"csrfmiddlewaretoken": csrf_mw_token,
"next": next_field,
}
if cfg["verbosity"] >= 2:
print("CSRF cookie:", jar.get("csrftoken"))
print("CSRF middleware token:", csrf_mw_token)
print("next field:", next_field)
print("submit URL:", submit_url)
try:
if cfg["verbosity"] >= 1:
print("## Stage 3: submitting login data")
response = requests.post(url, headers=headers, cookies=jar, data=payload, allow_redirects=False)
except Error as e:
print(e)
e = sys.exc_info()
print(e[0].__name__, ':', e[1])
sys.exit(1)
if cfg["verbosity"] >= 2:
print("CSRF cookie:", jar.get("csrftoken"))
print("session cookie:", jar.get("sessionid"))
# attempt to retrieve final callback redirect
jar = response.cookies
url = cfg["base_url"] + next_field
try:
if cfg["verbosity"] >= 1:
print("## Stage 4: get token in final callback location")
response = requests.get(url, headers=headers, cookies=jar, allow_redirects=False)
except Error as e:
print(e)
e = sys.exc_info()
print(e[0].__name__, ':', e[1])
sys.exit(1)
# if explicit consent is required, we will not be redirected but get a
# consent form which we have to submit, before the final redirect can happen
if response.status_code != 302:
if cfg["verbosity"] >= 1:
print("steering requires explicit consent")
# extract form data (cookies from last request have to be reused)
m = re.search('<form method="post" action="([^"]*)"', response.text)
submit_url = m.groups()[0]
m = re.search("<input type='hidden' name='csrfmiddlewaretoken' value='([^']*)'", response.text)
csrf_mw_token = m.groups()[0]
if cfg["verbosity"] >= 2:
print("CSRF cookie:", jar.get("csrftoken"))
print("CSRF middleware token:", csrf_mw_token)
print("submit URL:", submit_url)
# submit consent form
url = cfg["base_url"] + submit_url
......@@ -89,18 +124,26 @@ def handle_login_form (cfg, parameters):
"allow": "Authorize",
}
try:
if cfg["verbosity"] >= 1:
print("submitting consent form")
response = requests.post(url, headers=headers, cookies=jar, data=payload, allow_redirects=False)
except Error as e:
print(e)
e = sys.exc_info()
print(e[0].__name__, ':', e[1])
sys.exit(1)
# return callback location
return response.headers["Location"]
def get_token_from_callback (url):
def get_token_from_callback (cfg, url):
"""
Extract any relevant information from a callback redirect URL
"""
if cfg["verbosity"] >= 1:
print("Stage 5: processing the callback redirect URL")
if cfg["verbosity"] >= 2:
print("callback URL:", url)
# TODO: this is tailored towards an implicit flow! make generic and only
# set those pieces that are available
oidc = {}
......@@ -110,4 +153,6 @@ def get_token_from_callback (url):
m = re.search('id_token=([^&]*)', url)
if m:
oidc["id_token"] = m.groups()[0]
if cfg["verbosity"] >= 1:
print("Successfully retrieved access codes/tokens:", oidc)
return oidc
......@@ -10,4 +10,4 @@ def get_token (cfg, parameters):
# submit the login form and retrieve the callback URL
parameters["callback"] = flow_stages.handle_login_form(cfg, parameters)
# return the token information extracted from the callback
return flow_stages.get_token_from_callback(parameters["callback"])
return flow_stages.get_token_from_callback(cfg, parameters["callback"])
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment