openstack/deb-python-pysaml2
Code Issues Proposed changes

Made things easier (?), more tests.

Browse Source
This commit is contained in:
Roland Hedberg
2013-01-28 12:49:25 +01:00
parent 5fa3d301ce
commit 6c95d533b3
3 changed files with 79 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/saml2/client_base.py
View File

@@ -677,7 +677,7 @@ class Base(Entity):
:param returnIDParam: A parameter name used to return the unique :param returnIDParam: A parameter name used to return the unique
identifier of the selected identity provider to the original identifier of the selected identity provider to the original
requester. requester.
:param is_passive: A boolean value True/False that controls :param isPassive: A boolean value True/False that controls
whether the discovery service is allowed to visibly interact with whether the discovery service is allowed to visibly interact with
the user agent. the user agent.
:return: A URL :return: A URL
@@ -689,11 +689,11 @@ class Base(Entity):
except KeyError: except KeyError:
pass pass
if "is_passive" in kwargs: if "isPassive" in kwargs:
if kwargs["is_passive"]: if kwargs["isPassive"]:
args["is_passive"] = "true" args["isPassive"] = "true"
else: else:
args["is_passive"] = "false" args["isPassive"] = "false"
params = urlencode(args) params = urlencode(args)
return "%s?%s" % (url, params) return "%s?%s" % (url, params)

31
src/saml2/discovery.py
View File

@@ -22,13 +22,15 @@ class DiscoveryServer(Entity):
# verify # verify
for key in ["isPassive", "return_url", "returnIDParam", "policy"]:
try: try:
assert dsr["isPassive"] in ["true", "false"] assert len(dsr[key]) == 1
dsr[key] = dsr[key][0]
except KeyError: except KeyError:
pass pass
if "return" in dsr: if "return_url" in dsr:
part = urlparse(dsr["return"]) part = urlparse(dsr["return_url"])
if part.query: if part.query:
qp = parse_qs(part.query) qp = parse_qs(part.query)
if "returnIDParam" in dsr: if "returnIDParam" in dsr:
@@ -37,33 +39,42 @@ class DiscoveryServer(Entity):
assert "entityID" not in qp.keys() assert "entityID" not in qp.keys()
else: else:
# If metadata not used this is mandatory # If metadata not used this is mandatory
raise VerificationError("Missing mandatory parameter 'return'") raise VerificationError("Missing mandatory parameter 'return_url'")
if "policy" not in dsr: if "policy" not in dsr:
dsr["policy"] = IDPDISC_POLICY dsr["policy"] = IDPDISC_POLICY
try:
assert dsr["isPassive"] in ["true", "false"]
except KeyError:
pass
if "isPassive" in dsr and dsr["isPassive"] == "true": if "isPassive" in dsr and dsr["isPassive"] == "true":
dsr["isPassive"] = True dsr["isPassive"] = True
else: else:
dsr["isPassive"] = False dsr["isPassive"] = False
if not "returnIDParam" in dsr:
dsr["returnIDParam"] = "entityID"
return dsr return dsr
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
def create_discovery_service_response(self, url, IDparam="entityID", def create_discovery_service_response(self, return_url,
returnIDParam="entityID",
entity_id=None): entity_id=None):
if entity_id: if entity_id:
qp = urlencode({IDparam:entity_id}) qp = urlencode({returnIDParam:entity_id})
part = urlparse(url) part = urlparse(return_url)
if part.query: if part.query:
# Iff there is a query part add the new info at the end # Iff there is a query part add the new info at the end
url = "%s&%s" % (url, qp) return_url = "%s&%s" % (return_url, qp)
else: else:
url = "%s?%s" % (url, qp) return_url = "%s?%s" % (return_url, qp)
return url return return_url
def verify_sp_in_metadata(self, entity_id): def verify_sp_in_metadata(self, entity_id):
if self.metadata: if self.metadata:

50
tests/test_69_discovery.py
View File

@@ -1,9 +1,59 @@
from saml2.client import Saml2Client
from saml2.discovery import DiscoveryServer from saml2.discovery import DiscoveryServer
__author__ = 'rolandh' __author__ = 'rolandh'
def _eq(l1,l2):
return set(l1) == set(l2)
def test_verify(): def test_verify():
ds = DiscoveryServer(config_file="disco_conf") ds = DiscoveryServer(config_file="disco_conf")
assert ds assert ds
assert ds.verify_sp_in_metadata("urn:mace:example.com:saml:roland:sp") assert ds.verify_sp_in_metadata("urn:mace:example.com:saml:roland:sp")
def test_construct_0():
sp = Saml2Client(config_file="servera_conf")
url = sp.create_discovery_service_request("http://example.com/saml/disco",
"https://example.com/saml/sp.xml")
assert url == "http://example.com/saml/disco?entityID=https%3A%2F%2Fexample.com%2Fsaml%2Fsp.xml"
def test_construct_1():
sp = Saml2Client(config_file="servera_conf")
url = sp.create_discovery_service_request("http://example.com/saml/disco",
"https://example.com/saml/sp.xml")
assert url == "http://example.com/saml/disco?entityID=https%3A%2F%2Fexample.com%2Fsaml%2Fsp.xml"
def test_construct_deconstruct_request():
sp = Saml2Client(config_file="servera_conf")
url = sp.create_discovery_service_request("http://example.com/saml/disco",
"https://example.com/saml/sp.xml",
is_passive=True,
returnIDParam="foo",
return_url="https://example.com/saml/sp/disc")
print url
ds = DiscoveryServer(config_file="disco_conf")
dsr = ds.parse_discovery_service_request(url)
# policy is added by the parsing and verifying method
assert _eq(dsr.keys(),["return_url", "entityID", "returnIDParam",
"isPassive", "policy"])
def test_construct_deconstruct_response():
sp = Saml2Client(config_file="servera_conf")
url = sp.create_discovery_service_request("http://example.com/saml/disco",
"https://example.com/saml/sp.xml",
is_passive=True,
returnIDParam="foo",
return_url="https://example.com/saml/sp/disc")
ds = DiscoveryServer(config_file="disco_conf")
dsr = ds.parse_discovery_service_request(url)
args = dict([(key, dsr[key]) for key in ["returnIDParam", "return_url"]])
url = ds.create_discovery_service_response(
entity_id="https://example.com/saml/idp.xml",
**args)
idp_id = sp.parse_discovery_service_response(url, returnIDParam="foo")
assert idp_id == "https://example.com/saml/idp.xml"