openstack
/
deb-python-pysaml2
Code Issues Proposed changes

Distinguish between requested authn context and authn context in tests.

This commit is contained in:
Roland Hedberg 2013-04-28 10:16:46 +02:00
parent 7e19adb496
commit 1f3dd5de31
2 changed files with 58 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/saml2/authn_context/__init__.py
View File

@ -1,4 +1,5 @@
from saml2.saml import AuthnContext, AuthnContextClassRef
from saml2.samlp import RequestedAuthnContext
__author__ = 'rolandh'
@ -150,8 +151,8 @@ class AuthnBroker(object):
Given the authentication context find zero or more places where
the user could be sent next. Ordered according to security level.
:param req_authn_context: The requested context as an AuthnContext
instance
:param req_authn_context: The requested context as an
RequestedAuthnContext instance
:return: An URL
"""
@ -164,17 +165,13 @@ class AuthnBroker(object):
_cmp = "minimum"
return self._pick_by_class_ref(
req_authn_context.authn_context_class_ref.text, _cmp)
elif req_authn_context.authn_context_decl:
_decl = req_authn_context.authn_context_decl
key = _decl.c_namespace
_methods = []
for _ref in self.db["key"][key]:
_dic = self.db["info"][_ref]
if self.match(_decl, _dic["decl"]):
_val = (_dic["method"], _ref)
if _val not in _methods:
_methods.append(_val)
return _methods
elif req_authn_context.authn_context_decl_ref:
if req_authn_context.comparison:
_cmp = req_authn_context.comparison
else:
_cmp = "minimum"
return self._pick_by_class_ref(
req_authn_context.authn_context_decl_ref, _cmp)
def match(self, requested, provided):
if requested == provided:
@ -206,4 +203,10 @@ def authn_context_decl_from_extension_elements(extelems):
def authn_context_class_ref(ref):
return AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=ref))
return AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=ref))
def requested_authn_context(class_ref, comparison="minimum"):
return RequestedAuthnContext(
authn_context_class_ref=AuthnContextClassRef(text=class_ref),
comparison=comparison)

72
tests/test_77_authn_context.py
View File

@ -15,7 +15,11 @@ ex1 = """<AuthenticationContextDeclaration
from saml2.saml import AuthnContext
from saml2.saml import authn_context_from_string
from saml2.saml import AuthnContextClassRef
from saml2.samlp import RequestedAuthnContext
from saml2.authn_context import pword
from saml2.authn_context import ppt
from saml2.authn_context import authn_context_class_ref
from saml2.authn_context import requested_authn_context
from saml2.authn_context import PASSWORDPROTECTEDTRANSPORT
from saml2.authn_context import AL1
from saml2.authn_context import AL2
@ -32,7 +36,7 @@ authn_method = pword.AuthnMethod(authenticator=authenticator)
ACD = pword.AuthenticationContextDeclaration(authn_method=authn_method)
AUTHNCTXT = AuthnContext(authn_context_decl=ACD)
REQAUTHNCTXT = RequestedAuthnContext(authn_context_decl_ref=ACD.c_namespace)
def test_passwd():
inst = ACD
@ -62,25 +66,27 @@ def test_authn_decl_in_authn_context():
def test_authn_1():
accr = AuthnContextClassRef(text=PASSWORDPROTECTEDTRANSPORT)
ac = AuthnContext(authn_context_class_ref=accr)
ac = authn_context_class_ref(PASSWORDPROTECTEDTRANSPORT)
rac = requested_authn_context(PASSWORDPROTECTEDTRANSPORT)
authn = AuthnBroker()
target = "https://example.org/login"
authn.add(ac, target,)
authn.add(ac, target, 1, "http://www.example.com")
methods = authn.pick(ac)
assert len(methods) == 1
assert target == methods[0]
result = authn.pick(rac)
assert len(result) == 1
method, reference = result[0]
assert target == method
def test_authn_2():
authn = AuthnBroker()
target = "https://example.org/login"
authn.add(AUTHNCTXT, target)
authn.add(AUTHNCTXT, target, 10, "https://example.org")
method = authn.pick(AUTHNCTXT)
assert len(method) == 1
assert target == method[0]
result = authn.pick(REQAUTHNCTXT)
assert len(result) == 1
method, reference = result[0]
assert target == method
REF2METHOD = {
@ -96,34 +102,38 @@ def test_authn_3():
level = 0
for ref in [AL1, AL2, AL3, AL4]:
level += 4
ac = AuthnContext(
authn_context_class_ref=AuthnContextClassRef(text=ref))
ac = authn_context_class_ref(ref)
authn.add(ac, REF2METHOD[ref], level)
authn.add(ac, REF2METHOD[ref], level,
"https://www.example.com/%s" % "al%d" % level)
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL1))
rac = requested_authn_context(AL1, "minimum")
method = authn.pick(ac)
assert len(method) == 4
assert REF2METHOD[AL1] == method[0]
info = authn.pick(rac)
assert len(info) == 4
method, ref = info[0]
assert REF2METHOD[AL1] == method
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL2))
rac = requested_authn_context(AL2, "minimum")
method = authn.pick(ac)
assert len(method) == 3
assert REF2METHOD[AL2] == method[0]
info = authn.pick(rac)
assert len(info) == 3
method, ref = info[0]
assert REF2METHOD[AL2] == method
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL3))
rac = requested_authn_context(AL3, "minimum")
method = authn.pick(ac)
assert len(method) == 2
assert REF2METHOD[AL3] == method[0]
info = authn.pick(rac)
assert len(info) == 2
method, ref = info[0]
assert REF2METHOD[AL3] == method
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL4))
rac = requested_authn_context(AL4, "minimum")
method = authn.pick(ac)
assert len(method) == 1
assert REF2METHOD[AL4] == method[0]
info = authn.pick(rac)
assert len(info) == 1
method, ref = info[0]
assert REF2METHOD[AL4] == method
if __name__ == "__main__":
test_authn_3()
test_authn_2()