Made things easier (?), more tests.
This commit is contained in:
Roland Hedberg
parent
5fa3d301ce
commit
6c95d533b3
@ -677,7 +677,7 @@ class Base(Entity):
|
||||
:param returnIDParam: A parameter name used to return the unique
|
||||
identifier of the selected identity provider to the original
|
||||
requester.
|
||||
:param is_passive: A boolean value True/False that controls
|
||||
:param isPassive: A boolean value True/False that controls
|
||||
whether the discovery service is allowed to visibly interact with
|
||||
the user agent.
|
||||
:return: A URL
|
||||
@ -689,11 +689,11 @@ class Base(Entity):
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
if "is_passive" in kwargs:
|
||||
if kwargs["is_passive"]:
|
||||
args["is_passive"] = "true"
|
||||
if "isPassive" in kwargs:
|
||||
if kwargs["isPassive"]:
|
||||
args["isPassive"] = "true"
|
||||
else:
|
||||
args["is_passive"] = "false"
|
||||
args["isPassive"] = "false"
|
||||
|
||||
params = urlencode(args)
|
||||
return "%s?%s" % (url, params)
|
||||
|
||||
@ -22,13 +22,15 @@ class DiscoveryServer(Entity):
|
||||
|
||||
# verify
|
||||
|
||||
try:
|
||||
assert dsr["isPassive"] in ["true", "false"]
|
||||
except KeyError:
|
||||
pass
|
||||
for key in ["isPassive", "return_url", "returnIDParam", "policy"]:
|
||||
try:
|
||||
assert len(dsr[key]) == 1
|
||||
dsr[key] = dsr[key][0]
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
if "return" in dsr:
|
||||
part = urlparse(dsr["return"])
|
||||
if "return_url" in dsr:
|
||||
part = urlparse(dsr["return_url"])
|
||||
if part.query:
|
||||
qp = parse_qs(part.query)
|
||||
if "returnIDParam" in dsr:
|
||||
@ -37,33 +39,42 @@ class DiscoveryServer(Entity):
|
||||
assert "entityID" not in qp.keys()
|
||||
else:
|
||||
# If metadata not used this is mandatory
|
||||
raise VerificationError("Missing mandatory parameter 'return'")
|
||||
raise VerificationError("Missing mandatory parameter 'return_url'")
|
||||
|
||||
if "policy" not in dsr:
|
||||
dsr["policy"] = IDPDISC_POLICY
|
||||
|
||||
try:
|
||||
assert dsr["isPassive"] in ["true", "false"]
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
if "isPassive" in dsr and dsr["isPassive"] == "true":
|
||||
dsr["isPassive"] = True
|
||||
else:
|
||||
dsr["isPassive"] = False
|
||||
|
||||
if not "returnIDParam" in dsr:
|
||||
dsr["returnIDParam"] = "entityID"
|
||||
|
||||
return dsr
|
||||
|
||||
# -------------------------------------------------------------------------
|
||||
|
||||
def create_discovery_service_response(self, url, IDparam="entityID",
|
||||
def create_discovery_service_response(self, return_url,
|
||||
returnIDParam="entityID",
|
||||
entity_id=None):
|
||||
if entity_id:
|
||||
qp = urlencode({IDparam:entity_id})
|
||||
qp = urlencode({returnIDParam:entity_id})
|
||||
|
||||
part = urlparse(url)
|
||||
part = urlparse(return_url)
|
||||
if part.query:
|
||||
# Iff there is a query part add the new info at the end
|
||||
url = "%s&%s" % (url, qp)
|
||||
return_url = "%s&%s" % (return_url, qp)
|
||||
else:
|
||||
url = "%s?%s" % (url, qp)
|
||||
return_url = "%s?%s" % (return_url, qp)
|
||||
|
||||
return url
|
||||
return return_url
|
||||
|
||||
def verify_sp_in_metadata(self, entity_id):
|
||||
if self.metadata:
|
||||
|
||||
@ -1,9 +1,59 @@
|
||||
from saml2.client import Saml2Client
|
||||
from saml2.discovery import DiscoveryServer
|
||||
|
||||
__author__ = 'rolandh'
|
||||
|
||||
def _eq(l1,l2):
|
||||
return set(l1) == set(l2)
|
||||
|
||||
def test_verify():
|
||||
ds = DiscoveryServer(config_file="disco_conf")
|
||||
assert ds
|
||||
assert ds.verify_sp_in_metadata("urn:mace:example.com:saml:roland:sp")
|
||||
|
||||
def test_construct_0():
|
||||
sp = Saml2Client(config_file="servera_conf")
|
||||
url = sp.create_discovery_service_request("http://example.com/saml/disco",
|
||||
"https://example.com/saml/sp.xml")
|
||||
|
||||
assert url == "http://example.com/saml/disco?entityID=https%3A%2F%2Fexample.com%2Fsaml%2Fsp.xml"
|
||||
|
||||
def test_construct_1():
|
||||
sp = Saml2Client(config_file="servera_conf")
|
||||
url = sp.create_discovery_service_request("http://example.com/saml/disco",
|
||||
"https://example.com/saml/sp.xml")
|
||||
|
||||
assert url == "http://example.com/saml/disco?entityID=https%3A%2F%2Fexample.com%2Fsaml%2Fsp.xml"
|
||||
|
||||
def test_construct_deconstruct_request():
|
||||
sp = Saml2Client(config_file="servera_conf")
|
||||
url = sp.create_discovery_service_request("http://example.com/saml/disco",
|
||||
"https://example.com/saml/sp.xml",
|
||||
is_passive=True,
|
||||
returnIDParam="foo",
|
||||
return_url="https://example.com/saml/sp/disc")
|
||||
|
||||
print url
|
||||
|
||||
ds = DiscoveryServer(config_file="disco_conf")
|
||||
dsr = ds.parse_discovery_service_request(url)
|
||||
# policy is added by the parsing and verifying method
|
||||
assert _eq(dsr.keys(),["return_url", "entityID", "returnIDParam",
|
||||
"isPassive", "policy"])
|
||||
|
||||
def test_construct_deconstruct_response():
|
||||
sp = Saml2Client(config_file="servera_conf")
|
||||
url = sp.create_discovery_service_request("http://example.com/saml/disco",
|
||||
"https://example.com/saml/sp.xml",
|
||||
is_passive=True,
|
||||
returnIDParam="foo",
|
||||
return_url="https://example.com/saml/sp/disc")
|
||||
ds = DiscoveryServer(config_file="disco_conf")
|
||||
dsr = ds.parse_discovery_service_request(url)
|
||||
args = dict([(key, dsr[key]) for key in ["returnIDParam", "return_url"]])
|
||||
url = ds.create_discovery_service_response(
|
||||
entity_id="https://example.com/saml/idp.xml",
|
||||
**args)
|
||||
|
||||
idp_id = sp.parse_discovery_service_response(url, returnIDParam="foo")
|
||||
assert idp_id == "https://example.com/saml/idp.xml"
|
||||
Loading…
Reference in New Issue
Block a user