openstack/deb-python-pysaml2
Code Issues Proposed changes

Adding authn context support.. plus first test

Browse Source
This commit is contained in:
Roland Hedberg
2013-04-21 17:22:01 +02:00
parent 40041b642e
commit 6dec8bfc91
4 changed files with 65 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
setup.py
View File

@@ -73,7 +73,7 @@ setup(
packages=['saml2', 'xmldsig', 'xmlenc', 's2repoze', 's2repoze.plugins', packages=['saml2', 'xmldsig', 'xmlenc', 's2repoze', 's2repoze.plugins',
"saml2/profile", "saml2/schema", "saml2/extension", "saml2/profile", "saml2/schema", "saml2/extension",
"saml2/attributemaps"], "saml2/attributemaps", "saml2/authn_context"],
package_dir={'': 'src'}, package_dir={'': 'src'},
package_data={'': ['xml/*.xml']}, package_data={'': ['xml/*.xml']},

8
src/saml2/__init__.py
View File

@@ -670,12 +670,20 @@ class SamlBase(ExtensionContainer):
return self return self
def clear_text(self):
if self.text:
_text = self.text.strip()
if _text == "":
self.text = None
def __eq__(self, other): def __eq__(self, other):
try: try:
assert isinstance(other, SamlBase) assert isinstance(other, SamlBase)
except AssertionError: except AssertionError:
return False return False
self.clear_text()
other.clear_text()
if len(self.keyswv()) != len(other.keyswv()): if len(self.keyswv()) != len(other.keyswv()):
return False return False

29
src/saml2/authn_context/__init__.py
View File

@@ -34,10 +34,13 @@ class Authn(object):
if spec.authn_context_class_ref: if spec.authn_context_class_ref:
_endpspec[spec.authn_context_class_ref.text] = target _endpspec[spec.authn_context_class_ref.text] = target
elif spec.authn_context_decl: elif spec.authn_context_decl:
_endpspec[ key = spec.authn_context_decl.c_namespace
spec.authn_context_decl.c_namespace] = spec.authn_context_decl try:
_endpspec[key].append((spec.authn_context_decl, target))
except KeyError:
_endpspec[key] = [(spec.authn_context_decl, target)]
def pick(self, endpoint, authn_context): def pick(self, endpoint, req_authn_context):
""" """
Given which endpoint the request came in over and what Given which endpoint the request came in over and what
authentication context is defined find out where to send the user next. authentication context is defined find out where to send the user next.
@@ -46,3 +49,23 @@ class Authn(object):
:param authn_context: An AuthnContext instance :param authn_context: An AuthnContext instance
:return: An URL :return: An URL
""" """
try:
_endpspec = self.db[endpoint]
except KeyError:
self.db[endpoint] = {}
_endpspec = self.db[endpoint]
if req_authn_context.authn_context_class_ref:
return _endpspec[req_authn_context.authn_context_class_ref.text]
elif req_authn_context.authn_context_decl:
key = req_authn_context.authn_context_decl.c_namespace
for spec, target in _endpspec[key]:
if self.match(req_authn_context, spec):
return target
def match(self, requested, provided):
if requested == provided:
return True
else:
return False

29
tests/test_77_authn_context.py Normal file
View File

@@ -0,0 +1,29 @@
__author__ = 'rolandh'
ex1 = """<AuthenticationContextDeclaration
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password">
<AuthnMethod>
<Authenticator>
<RestrictedPassword>
<Length min="4"/>
</RestrictedPassword>
</Authenticator>
</AuthnMethod>
</AuthenticationContextDeclaration>"""
from saml2.authn_context import pword
def test_passwd():
length = pword.Length(min="4")
restricted_password = pword.RestrictedPassword(length=length)
authenticator = pword.Authenticator(restricted_password=restricted_password)
authn_method = pword.AuthnMethod(authenticator=authenticator)
inst = pword.AuthenticationContextDeclaration(authn_method=authn_method)
inst2 = pword.authentication_context_declaration_from_string(ex1)
assert inst == inst2
if __name__ == "__main__":
test_passwd()