openstack/deb-python-pysaml2
Code Issues Proposed changes

Fixed conflicts -missed some, fixed now

Browse Source
This commit is contained in:
Roland Hedberg 2012-05-28 21:57:35 +02:00
parent 8632090948
commit c616d30da3
4 changed files with 5 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/saml2/attribute_resolver.py
View File

@ -67,8 +67,4 @@ class AttributeResolver(object):
log=log, real_id=real_id) log=log, real_id=real_id)
if session_info: if session_info:
result.append(session_info) result.append(session_info)
<<<<<<< HEAD
return result return result
=======
return result
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5

4
src/saml2/binding.py
View File

@ -249,8 +249,4 @@ def packager( identifier ):
try: try:
return PACKING[identifier] return PACKING[identifier]
except KeyError: except KeyError:
<<<<<<< HEAD
raise Exception("Unkown binding type: %s" % identifier) raise Exception("Unkown binding type: %s" % identifier)
=======
raise Exception("Unkown binding type: %s" % identifier)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5

185
src/saml2/client.py
View File

@ -82,20 +82,11 @@ class LogoutError(Exception):
class Saml2Client(object): class Saml2Client(object):
""" The basic pySAML2 service provider class """ """ The basic pySAML2 service provider class """
<<<<<<< HEAD
def __init__(self, config=None, def __init__(self, config=None,
=======
def __init__(self, config=None, debug=0,
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
identity_cache=None, state_cache=None, identity_cache=None, state_cache=None,
virtual_organization=None, config_file="", logger=None): virtual_organization=None, config_file="", logger=None):
""" """
:param config: A saml2.config.Config instance :param config: A saml2.config.Config instance
<<<<<<< HEAD
=======
:param debug: Whether debugging should be done even if the
configuration says otherwise
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
:param identity_cache: Where the class should store identity information :param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information :param state_cache: Where the class should keep state information
:param virtual_organization: Which if any virtual organization this :param virtual_organization: Which if any virtual organization this
@ -110,10 +101,6 @@ class Saml2Client(object):
else: else:
self.state = state_cache self.state = state_cache
<<<<<<< HEAD
=======
self.sec = None
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
if config: if config:
self.config = config self.config = config
elif config_file: elif config_file:
@ -128,17 +115,10 @@ class Saml2Client(object):
else: else:
self.logger = logger self.logger = logger
<<<<<<< HEAD
# we copy the config.debug variable in an internal # we copy the config.debug variable in an internal
# field for convenience and because we may need to # field for convenience and because we may need to
# change it during the tests # change it during the tests
self.debug = self.config.debug self.debug = self.config.debug
=======
if not debug and self.config:
self.debug = self.config.debug
else:
self.debug = debug
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
self.sec = security_context(self.config, log=self.logger, self.sec = security_context(self.config, log=self.logger,
debug=self.debug) debug=self.debug)
@ -163,12 +143,9 @@ class Saml2Client(object):
else: else:
self.logout_requests_signed_default = False self.logout_requests_signed_default = False
<<<<<<< HEAD
# #
# Private methods # Private methods
# #
=======
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
def _relay_state(self, session_id): def _relay_state(self, session_id):
vals = [session_id, str(int(time.time()))] vals = [session_id, str(int(time.time()))]
@ -178,7 +155,6 @@ class Saml2Client(object):
vals.append(signature(self.config.secret, vals)) vals.append(signature(self.config.secret, vals))
return "|".join(vals) return "|".join(vals)
<<<<<<< HEAD
def _issuer(self, entityid=None): def _issuer(self, entityid=None):
""" Return an Issuer instance """ """ Return an Issuer instance """
if entityid: if entityid:
@ -229,44 +205,6 @@ class Saml2Client(object):
else: else:
return None return None
=======
def _init_request(self, request, destination):
#request.id = sid()
request.version = VERSION
request.issue_instant = instant()
request.destination = destination
return request
# def idp_entry(self, name=None, location=None, provider_id=None):
# """ Create an IDP entry
#
# :param name: The name of the IdP
# :param location: The location of the IdP
# :param provider_id: The identifier of the provider
# :return: A IdPEntry instance
# """
# res = samlp.IDPEntry()
# if name:
# res.name = name
# if location:
# res.loc = location
# if provider_id:
# res.provider_id = provider_id
#
# return res
#
# def scoping_from_metadata(self, entityid, location=None):
# """ Set the scope of the assertion
#
# :param entityid: The EntityID of the server
# :param location: The location of the server
# :return: A samlp.Scoping instance
# """
# name = self.metadata.name(entityid)
# idp_ent = self.idp_entry(name, location)
# return samlp.Scoping(idp_list=samlp.IDPList(idp_entry=[idp_ent]))
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
def response(self, post, outstanding, log=None, decode=True, def response(self, post, outstanding, log=None, decode=True,
asynchop=True): asynchop=True):
""" Deal with an AuthnResponse or LogoutResponse """ Deal with an AuthnResponse or LogoutResponse
@ -309,34 +247,18 @@ class Saml2Client(object):
if log: if log:
log.error("%s" % exc) log.error("%s" % exc)
return None return None
<<<<<<< HEAD
if log: if log:
log.debug(">> %s", resp) log.debug(">> %s", resp)
=======
if self.debug:
if log:
log.info(">> %s", resp)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
resp = resp.verify() resp = resp.verify()
if isinstance(resp, AuthnResponse): if isinstance(resp, AuthnResponse):
self.users.add_information_about_person(resp.session_info()) self.users.add_information_about_person(resp.session_info())
if log: if log:
<<<<<<< HEAD
log.info("--- ADDED person info ----") log.info("--- ADDED person info ----")
elif isinstance(resp, LogoutResponse): elif isinstance(resp, LogoutResponse):
self.handle_logout_response(resp, log) self.handle_logout_response(resp, log)
elif log: elif log:
log.error("Response type not supported: %s" % saml2.class_name(resp)) log.error("Response type not supported: %s" % saml2.class_name(resp))
=======
log.error("--- ADDED person info ----")
elif isinstance(resp, LogoutResponse):
self.handle_logout_response(resp, log)
elif log:
log.error("Other response type: %s" % saml2.class_name(resp))
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
return resp return resp
def authn_request(self, query_id, destination, service_url, spentityid, def authn_request(self, query_id, destination, service_url, spentityid,
@ -397,11 +319,7 @@ class Saml2Client(object):
to_sign = [] to_sign = []
request.name_id_policy = name_id_policy request.name_id_policy = name_id_policy
<<<<<<< HEAD
request.issuer = self._issuer(spentityid) request.issuer = self._issuer(spentityid)
=======
request.issuer = self.issuer(spentityid)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
if log is None: if log is None:
log = self.logger log = self.logger
@ -410,58 +328,6 @@ class Saml2Client(object):
log.info("REQUEST: %s" % request) log.info("REQUEST: %s" % request)
return signed_instance_factory(request, self.sec, to_sign) return signed_instance_factory(request, self.sec, to_sign)
<<<<<<< HEAD
=======
def issuer(self, entityid=None):
""" Return an Issuer instance """
if entityid:
if isinstance(entityid, saml.Issuer):
return entityid
else:
return saml.Issuer(text=entityid,
format=saml.NAMEID_FORMAT_ENTITY)
else:
return saml.Issuer(text=self.config.entityid,
format=saml.NAMEID_FORMAT_ENTITY)
def _entityid(self):
return self.config.entityid
def _sso_location(self, entityid=None, binding=BINDING_HTTP_REDIRECT):
if entityid:
# verify that it's in the metadata
try:
return self.config.single_sign_on_services(entityid, binding)[0]
except IndexError:
if self.logger:
self.logger.info("_sso_location: %s, %s" % (entityid,
binding))
return IdpUnspecified("No IdP to send to given the premises")
# get the idp location from the configuration alternative the
# metadata. If there is more than one IdP in the configuration
# raise exception
eids = self.config.idps()
if len(eids) > 1:
raise IdpUnspecified("Too many IdPs to choose from: %s" % eids)
try:
loc = self.config.single_sign_on_services(eids.keys()[0],
binding)[0]
return loc
except IndexError:
return IdpUnspecified("No IdP to send to given the premises")
def service_url(self, binding=BINDING_HTTP_POST):
_res = self.config.endpoint("assertion_consumer_service", binding)
if _res:
return _res[0]
else:
return None
def _my_name(self):
return self.config.name
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
def authn(self, location, session_id, vorg="", scoping=None, log=None, def authn(self, location, session_id, vorg="", scoping=None, log=None,
sign=None, binding=saml2.BINDING_HTTP_POST, sign=None, binding=saml2.BINDING_HTTP_POST,
@ -478,11 +344,7 @@ class Saml2Client(object):
:param binding: The binding to use, default = HTTP POST :param binding: The binding to use, default = HTTP POST
:return: An AuthnRequest instance :return: An AuthnRequest instance
""" """
<<<<<<< HEAD
spentityid = self.config.entityid spentityid = self.config.entityid
=======
spentityid = self._entityid()
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
if service_url_binding is None: if service_url_binding is None:
service_url = self.service_url(binding) service_url = self.service_url(binding)
else: else:
@ -589,11 +451,7 @@ class Saml2Client(object):
version=VERSION, version=VERSION,
issue_instant=instant(), issue_instant=instant(),
destination=destination, destination=destination,
<<<<<<< HEAD
issuer=self._issuer(issuer_id), issuer=self._issuer(issuer_id),
=======
issuer=self.issuer(issuer_id),
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
subject=subject, subject=subject,
) )
@ -638,11 +496,7 @@ class Saml2Client(object):
log = self.logger log = self.logger
session_id = sid() session_id = sid()
<<<<<<< HEAD
issuer = self._issuer(issuer_id) issuer = self._issuer(issuer_id)
=======
issuer = self.issuer(issuer_id)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
request = self.create_attribute_query(session_id, subject_id, request = self.create_attribute_query(session_id, subject_id,
destination, issuer, attribute, sp_name_qualifier, destination, issuer, attribute, sp_name_qualifier,
@ -729,11 +583,7 @@ class Saml2Client(object):
version=VERSION, version=VERSION,
issue_instant=instant(), issue_instant=instant(),
destination=destination, destination=destination,
<<<<<<< HEAD
issuer=self._issuer(), issuer=self._issuer(),
=======
issuer=self.issuer(),
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
name_id = name_id name_id = name_id
) )
@ -945,12 +795,8 @@ class Saml2Client(object):
return None return None
try: try:
<<<<<<< HEAD response = LogoutResponse(self.sec, return_addr,
response = LogoutResponse(self.sec, return_addr, debug=self.debug, debug=self.debug, log=log)
=======
response = LogoutResponse(self.sec, return_addr, debug=True,
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
log=log)
except Exception, exc: except Exception, exc:
if log: if log:
log.info("%s" % exc) log.info("%s" % exc)
@ -961,13 +807,8 @@ class Saml2Client(object):
elif binding == BINDING_HTTP_POST: elif binding == BINDING_HTTP_POST:
xmlstr = base64.b64decode(xmlstr) xmlstr = base64.b64decode(xmlstr)
<<<<<<< HEAD
if log: if log:
log.debug("XMLSTR: %s" % xmlstr) log.debug("XMLSTR: %s" % xmlstr)
=======
if self.debug and log:
log.info("XMLSTR: %s" % xmlstr)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
response = response.loads(xmlstr, False) response = response.loads(xmlstr, False)
@ -977,13 +818,8 @@ class Saml2Client(object):
if not response: if not response:
return None return None
<<<<<<< HEAD
if log: if log:
log.debug(response) log.debug(response)
=======
if self.debug and log:
log.info(response)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
return self.handle_logout_response(response, log) return self.handle_logout_response(response, log)
@ -1012,13 +848,8 @@ class Saml2Client(object):
xml = decode_base64_and_inflate(saml_request) xml = decode_base64_and_inflate(saml_request)
request = samlp.logout_request_from_string(xml) request = samlp.logout_request_from_string(xml)
<<<<<<< HEAD
if log: if log:
log.debug(request) log.debug(request)
=======
if self.debug and log:
log.info(request)
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
if request.name_id.text == subject_id: if request.name_id.text == subject_id:
status = samlp.STATUS_SUCCESS status = samlp.STATUS_SUCCESS
@ -1082,11 +913,7 @@ class Saml2Client(object):
version=VERSION, version=VERSION,
issue_instant=instant(), issue_instant=instant(),
destination=destination, destination=destination,
<<<<<<< HEAD
issuer=self._issuer(), issuer=self._issuer(),
=======
issuer=self.issuer(),
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
in_response_to=request_id, in_response_to=request_id,
status=status, status=status,
) )
@ -1170,11 +997,7 @@ class Saml2Client(object):
:return: AuthzDecisionQuery instance :return: AuthzDecisionQuery instance
""" """
<<<<<<< HEAD
spentityid = self._issuer() spentityid = self._issuer()
=======
spentityid = self.issuer()
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
service_url = self.service_url() service_url = self.service_url()
my_name = self._my_name() my_name = self._my_name()
@ -1266,11 +1089,7 @@ class Saml2Client(object):
the user agent. the user agent.
:return: A URL :return: A URL
""" """
<<<<<<< HEAD
pdir = {"entityID": self.config.entityid} pdir = {"entityID": self.config.entityid}
=======
pdir = {"entityID": self._entityid()}
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5
if return_url: if return_url:
pdir["return"] = return_url pdir["return"] = return_url
if policy and policy != IDPDISC_POLICY: if policy and policy != IDPDISC_POLICY:

4
tests/attribute_statement_data.py
View File

@ -172,8 +172,4 @@ STATEMENT3 = """<?xml version='1.0' encoding='UTF-8'?>
<ns0:Attribute Name="givenname"> <ns0:Attribute Name="givenname">
<ns0:AttributeValue>Roland</ns0:AttributeValue> <ns0:AttributeValue>Roland</ns0:AttributeValue>
</ns0:Attribute> </ns0:Attribute>
<<<<<<< HEAD
</ns0:AttributeStatement>""" </ns0:AttributeStatement>"""
=======
</ns0:AttributeStatement>"""
>>>>>>> eb53c062d261de66e86d8a6e2bbdfd7c17a753d5