Distinguish between requested authn context and authn context in tests.
This commit is contained in:
parent
7e19adb496
commit
1f3dd5de31
|
@ -1,4 +1,5 @@
|
|||
from saml2.saml import AuthnContext, AuthnContextClassRef
|
||||
from saml2.samlp import RequestedAuthnContext
|
||||
|
||||
__author__ = 'rolandh'
|
||||
|
||||
|
@ -150,8 +151,8 @@ class AuthnBroker(object):
|
|||
Given the authentication context find zero or more places where
|
||||
the user could be sent next. Ordered according to security level.
|
||||
|
||||
:param req_authn_context: The requested context as an AuthnContext
|
||||
instance
|
||||
:param req_authn_context: The requested context as an
|
||||
RequestedAuthnContext instance
|
||||
:return: An URL
|
||||
"""
|
||||
|
||||
|
@ -164,17 +165,13 @@ class AuthnBroker(object):
|
|||
_cmp = "minimum"
|
||||
return self._pick_by_class_ref(
|
||||
req_authn_context.authn_context_class_ref.text, _cmp)
|
||||
elif req_authn_context.authn_context_decl:
|
||||
_decl = req_authn_context.authn_context_decl
|
||||
key = _decl.c_namespace
|
||||
_methods = []
|
||||
for _ref in self.db["key"][key]:
|
||||
_dic = self.db["info"][_ref]
|
||||
if self.match(_decl, _dic["decl"]):
|
||||
_val = (_dic["method"], _ref)
|
||||
if _val not in _methods:
|
||||
_methods.append(_val)
|
||||
return _methods
|
||||
elif req_authn_context.authn_context_decl_ref:
|
||||
if req_authn_context.comparison:
|
||||
_cmp = req_authn_context.comparison
|
||||
else:
|
||||
_cmp = "minimum"
|
||||
return self._pick_by_class_ref(
|
||||
req_authn_context.authn_context_decl_ref, _cmp)
|
||||
|
||||
def match(self, requested, provided):
|
||||
if requested == provided:
|
||||
|
@ -206,4 +203,10 @@ def authn_context_decl_from_extension_elements(extelems):
|
|||
|
||||
|
||||
def authn_context_class_ref(ref):
|
||||
return AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=ref))
|
||||
return AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=ref))
|
||||
|
||||
|
||||
def requested_authn_context(class_ref, comparison="minimum"):
|
||||
return RequestedAuthnContext(
|
||||
authn_context_class_ref=AuthnContextClassRef(text=class_ref),
|
||||
comparison=comparison)
|
|
@ -15,7 +15,11 @@ ex1 = """<AuthenticationContextDeclaration
|
|||
from saml2.saml import AuthnContext
|
||||
from saml2.saml import authn_context_from_string
|
||||
from saml2.saml import AuthnContextClassRef
|
||||
from saml2.samlp import RequestedAuthnContext
|
||||
from saml2.authn_context import pword
|
||||
from saml2.authn_context import ppt
|
||||
from saml2.authn_context import authn_context_class_ref
|
||||
from saml2.authn_context import requested_authn_context
|
||||
from saml2.authn_context import PASSWORDPROTECTEDTRANSPORT
|
||||
from saml2.authn_context import AL1
|
||||
from saml2.authn_context import AL2
|
||||
|
@ -32,7 +36,7 @@ authn_method = pword.AuthnMethod(authenticator=authenticator)
|
|||
ACD = pword.AuthenticationContextDeclaration(authn_method=authn_method)
|
||||
|
||||
AUTHNCTXT = AuthnContext(authn_context_decl=ACD)
|
||||
|
||||
REQAUTHNCTXT = RequestedAuthnContext(authn_context_decl_ref=ACD.c_namespace)
|
||||
|
||||
def test_passwd():
|
||||
inst = ACD
|
||||
|
@ -62,25 +66,27 @@ def test_authn_decl_in_authn_context():
|
|||
|
||||
|
||||
def test_authn_1():
|
||||
accr = AuthnContextClassRef(text=PASSWORDPROTECTEDTRANSPORT)
|
||||
ac = AuthnContext(authn_context_class_ref=accr)
|
||||
ac = authn_context_class_ref(PASSWORDPROTECTEDTRANSPORT)
|
||||
rac = requested_authn_context(PASSWORDPROTECTEDTRANSPORT)
|
||||
authn = AuthnBroker()
|
||||
target = "https://example.org/login"
|
||||
authn.add(ac, target,)
|
||||
authn.add(ac, target, 1, "http://www.example.com")
|
||||
|
||||
methods = authn.pick(ac)
|
||||
assert len(methods) == 1
|
||||
assert target == methods[0]
|
||||
result = authn.pick(rac)
|
||||
assert len(result) == 1
|
||||
method, reference = result[0]
|
||||
assert target == method
|
||||
|
||||
|
||||
def test_authn_2():
|
||||
authn = AuthnBroker()
|
||||
target = "https://example.org/login"
|
||||
authn.add(AUTHNCTXT, target)
|
||||
authn.add(AUTHNCTXT, target, 10, "https://example.org")
|
||||
|
||||
method = authn.pick(AUTHNCTXT)
|
||||
assert len(method) == 1
|
||||
assert target == method[0]
|
||||
result = authn.pick(REQAUTHNCTXT)
|
||||
assert len(result) == 1
|
||||
method, reference = result[0]
|
||||
assert target == method
|
||||
|
||||
|
||||
REF2METHOD = {
|
||||
|
@ -96,34 +102,38 @@ def test_authn_3():
|
|||
level = 0
|
||||
for ref in [AL1, AL2, AL3, AL4]:
|
||||
level += 4
|
||||
ac = AuthnContext(
|
||||
authn_context_class_ref=AuthnContextClassRef(text=ref))
|
||||
ac = authn_context_class_ref(ref)
|
||||
|
||||
authn.add(ac, REF2METHOD[ref], level)
|
||||
authn.add(ac, REF2METHOD[ref], level,
|
||||
"https://www.example.com/%s" % "al%d" % level)
|
||||
|
||||
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL1))
|
||||
rac = requested_authn_context(AL1, "minimum")
|
||||
|
||||
method = authn.pick(ac)
|
||||
assert len(method) == 4
|
||||
assert REF2METHOD[AL1] == method[0]
|
||||
info = authn.pick(rac)
|
||||
assert len(info) == 4
|
||||
method, ref = info[0]
|
||||
assert REF2METHOD[AL1] == method
|
||||
|
||||
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL2))
|
||||
rac = requested_authn_context(AL2, "minimum")
|
||||
|
||||
method = authn.pick(ac)
|
||||
assert len(method) == 3
|
||||
assert REF2METHOD[AL2] == method[0]
|
||||
info = authn.pick(rac)
|
||||
assert len(info) == 3
|
||||
method, ref = info[0]
|
||||
assert REF2METHOD[AL2] == method
|
||||
|
||||
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL3))
|
||||
rac = requested_authn_context(AL3, "minimum")
|
||||
|
||||
method = authn.pick(ac)
|
||||
assert len(method) == 2
|
||||
assert REF2METHOD[AL3] == method[0]
|
||||
info = authn.pick(rac)
|
||||
assert len(info) == 2
|
||||
method, ref = info[0]
|
||||
assert REF2METHOD[AL3] == method
|
||||
|
||||
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL4))
|
||||
rac = requested_authn_context(AL4, "minimum")
|
||||
|
||||
method = authn.pick(ac)
|
||||
assert len(method) == 1
|
||||
assert REF2METHOD[AL4] == method[0]
|
||||
info = authn.pick(rac)
|
||||
assert len(info) == 1
|
||||
method, ref = info[0]
|
||||
assert REF2METHOD[AL4] == method
|
||||
|
||||
if __name__ == "__main__":
|
||||
test_authn_3()
|
||||
test_authn_2()
|
Loading…
Reference in New Issue