PEP-8 clean up .
This commit is contained in:
Roland Hedberg
@@ -221,7 +221,8 @@ def for_me(conditions, myself):
|
|||||||
|
|
||||||
|
|
||||||
def authn_response(conf, return_addrs, outstanding_queries=None, timeslack=0,
|
def authn_response(conf, return_addrs, outstanding_queries=None, timeslack=0,
|
||||||
asynchop=True, allow_unsolicited=False, want_assertions_signed=False):
|
asynchop=True, allow_unsolicited=False,
|
||||||
|
want_assertions_signed=False):
|
||||||
sec = security_context(conf)
|
sec = security_context(conf)
|
||||||
if not timeslack:
|
if not timeslack:
|
||||||
try:
|
try:
|
||||||
@@ -319,7 +320,8 @@ class StatusResponse(object):
|
|||||||
logger.debug("xmlstr: %s" % (self.xmlstr,))
|
logger.debug("xmlstr: %s" % (self.xmlstr,))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.response = self.signature_check(xmldata, origdoc=origxml, must=self.require_signature,
|
self.response = self.signature_check(xmldata, origdoc=origxml,
|
||||||
|
must=self.require_signature,
|
||||||
require_response_signature=self.require_response_signature)
|
require_response_signature=self.require_response_signature)
|
||||||
|
|
||||||
except TypeError:
|
except TypeError:
|
||||||
@@ -430,7 +432,8 @@ class NameIDMappingResponse(StatusResponse):
|
|||||||
request_id=0, asynchop=True):
|
request_id=0, asynchop=True):
|
||||||
StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
|
StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
|
||||||
request_id, asynchop)
|
request_id, asynchop)
|
||||||
self.signature_check = self.sec.correctly_signed_name_id_mapping_response
|
self.signature_check = self.sec\
|
||||||
|
.correctly_signed_name_id_mapping_response
|
||||||
|
|
||||||
|
|
||||||
class ManageNameIDResponse(StatusResponse):
|
class ManageNameIDResponse(StatusResponse):
|
||||||
@@ -455,7 +458,8 @@ class AuthnResponse(StatusResponse):
|
|||||||
return_addrs=None, outstanding_queries=None,
|
return_addrs=None, outstanding_queries=None,
|
||||||
timeslack=0, asynchop=True, allow_unsolicited=False,
|
timeslack=0, asynchop=True, allow_unsolicited=False,
|
||||||
test=False, allow_unknown_attributes=False,
|
test=False, allow_unknown_attributes=False,
|
||||||
want_assertions_signed=False, want_response_signed=False, **kwargs):
|
want_assertions_signed=False, want_response_signed=False,
|
||||||
|
**kwargs):
|
||||||
|
|
||||||
StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
|
StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
|
||||||
asynchop=asynchop)
|
asynchop=asynchop)
|
||||||
@@ -481,6 +485,16 @@ class AuthnResponse(StatusResponse):
|
|||||||
except KeyError:
|
except KeyError:
|
||||||
self.extension_schema = {}
|
self.extension_schema = {}
|
||||||
|
|
||||||
|
def check_subject_confirmation_in_response_to(self, irp):
|
||||||
|
for assertion in self.response.assertion:
|
||||||
|
for _sc in assertion.subject.subject_confirmation:
|
||||||
|
try:
|
||||||
|
assert _sc.subject_confirmation_data.in_response_to == irp
|
||||||
|
except AssertionError:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
def loads(self, xmldata, decode=True, origxml=None):
|
def loads(self, xmldata, decode=True, origxml=None):
|
||||||
self._loads(xmldata, decode, origxml)
|
self._loads(xmldata, decode, origxml)
|
||||||
|
|
||||||
@@ -488,11 +502,22 @@ class AuthnResponse(StatusResponse):
|
|||||||
if self.in_response_to in self.outstanding_queries:
|
if self.in_response_to in self.outstanding_queries:
|
||||||
self.came_from = self.outstanding_queries[self.in_response_to]
|
self.came_from = self.outstanding_queries[self.in_response_to]
|
||||||
del self.outstanding_queries[self.in_response_to]
|
del self.outstanding_queries[self.in_response_to]
|
||||||
|
try:
|
||||||
|
if not self.check_subject_confirmation_in_response_to(
|
||||||
|
self.in_response_to):
|
||||||
|
logger.exception(
|
||||||
|
"Unsolicited response %s" % self.in_response_to)
|
||||||
|
raise UnsolicitedResponse(
|
||||||
|
"Unsolicited response: %s" % self.in_response_to)
|
||||||
|
except AttributeError:
|
||||||
|
pass
|
||||||
elif self.allow_unsolicited:
|
elif self.allow_unsolicited:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
logger.exception("Unsolicited response %s" % self.in_response_to)
|
logger.exception(
|
||||||
raise UnsolicitedResponse("Unsolicited response: %s" % self.in_response_to)
|
"Unsolicited response %s" % self.in_response_to)
|
||||||
|
raise UnsolicitedResponse(
|
||||||
|
"Unsolicited response: %s" % self.in_response_to)
|
||||||
|
|
||||||
return self
|
return self
|
||||||
|
|
||||||
@@ -541,7 +566,8 @@ class AuthnResponse(StatusResponse):
|
|||||||
|
|
||||||
# if both are present NotBefore must be earlier than NotOnOrAfter
|
# if both are present NotBefore must be earlier than NotOnOrAfter
|
||||||
if conditions.not_before and conditions.not_on_or_after:
|
if conditions.not_before and conditions.not_on_or_after:
|
||||||
if not later_than(conditions.not_on_or_after, conditions.not_before):
|
if not later_than(conditions.not_on_or_after,
|
||||||
|
conditions.not_before):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
try:
|
try:
|
||||||
@@ -565,7 +591,8 @@ class AuthnResponse(StatusResponse):
|
|||||||
if conditions.condition: # extra conditions
|
if conditions.condition: # extra conditions
|
||||||
for cond in conditions.condition:
|
for cond in conditions.condition:
|
||||||
try:
|
try:
|
||||||
if cond.extension_attributes[XSI_TYPE] in self.extension_schema:
|
if cond.extension_attributes[
|
||||||
|
XSI_TYPE] in self.extension_schema:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
raise Exception("Unknown condition")
|
raise Exception("Unknown condition")
|
||||||
@@ -650,7 +677,8 @@ class AuthnResponse(StatusResponse):
|
|||||||
logger.info("outstanding queries: %s" % (
|
logger.info("outstanding queries: %s" % (
|
||||||
self.outstanding_queries.keys(),))
|
self.outstanding_queries.keys(),))
|
||||||
raise Exception(
|
raise Exception(
|
||||||
"Combination of session id and requestURI I don't recall")
|
"Combination of session id and requestURI I don't "
|
||||||
|
"recall")
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def _holder_of_key_confirmed(self, data):
|
def _holder_of_key_confirmed(self, data):
|
||||||
@@ -892,7 +920,6 @@ class AuthnQueryResponse(AuthnResponse):
|
|||||||
|
|
||||||
def __init__(self, sec_context, attribute_converters, entity_id,
|
def __init__(self, sec_context, attribute_converters, entity_id,
|
||||||
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
||||||
|
|
||||||
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
||||||
entity_id, return_addrs, timeslack=timeslack,
|
entity_id, return_addrs, timeslack=timeslack,
|
||||||
asynchop=asynchop, test=test)
|
asynchop=asynchop, test=test)
|
||||||
@@ -910,7 +937,6 @@ class AttributeResponse(AuthnResponse):
|
|||||||
|
|
||||||
def __init__(self, sec_context, attribute_converters, entity_id,
|
def __init__(self, sec_context, attribute_converters, entity_id,
|
||||||
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
||||||
|
|
||||||
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
||||||
entity_id, return_addrs, timeslack=timeslack,
|
entity_id, return_addrs, timeslack=timeslack,
|
||||||
asynchop=asynchop, test=test)
|
asynchop=asynchop, test=test)
|
||||||
@@ -941,7 +967,6 @@ class ArtifactResponse(AuthnResponse):
|
|||||||
|
|
||||||
def __init__(self, sec_context, attribute_converters, entity_id,
|
def __init__(self, sec_context, attribute_converters, entity_id,
|
||||||
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
||||||
|
|
||||||
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
||||||
entity_id, return_addrs, timeslack=timeslack,
|
entity_id, return_addrs, timeslack=timeslack,
|
||||||
asynchop=asynchop, test=test)
|
asynchop=asynchop, test=test)
|
||||||
@@ -953,7 +978,8 @@ class ArtifactResponse(AuthnResponse):
|
|||||||
|
|
||||||
def response_factory(xmlstr, conf, return_addrs=None, outstanding_queries=None,
|
def response_factory(xmlstr, conf, return_addrs=None, outstanding_queries=None,
|
||||||
timeslack=0, decode=True, request_id=0, origxml=None,
|
timeslack=0, decode=True, request_id=0, origxml=None,
|
||||||
asynchop=True, allow_unsolicited=False, want_assertions_signed=False):
|
asynchop=True, allow_unsolicited=False,
|
||||||
|
want_assertions_signed=False):
|
||||||
sec_context = security_context(conf)
|
sec_context = security_context(conf)
|
||||||
if not timeslack:
|
if not timeslack:
|
||||||
try:
|
try:
|
||||||
@@ -988,6 +1014,7 @@ def response_factory(xmlstr, conf, return_addrs=None, outstanding_queries=None,
|
|||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
# A class of it's own
|
# A class of it's own
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user