PEP-8 clean up .
This commit is contained in:
Roland Hedberg
@@ -221,7 +221,8 @@ def for_me(conditions, myself):
|
||||
|
||||
|
||||
def authn_response(conf, return_addrs, outstanding_queries=None, timeslack=0,
|
||||
asynchop=True, allow_unsolicited=False, want_assertions_signed=False):
|
||||
asynchop=True, allow_unsolicited=False,
|
||||
want_assertions_signed=False):
|
||||
sec = security_context(conf)
|
||||
if not timeslack:
|
||||
try:
|
||||
@@ -319,7 +320,8 @@ class StatusResponse(object):
|
||||
logger.debug("xmlstr: %s" % (self.xmlstr,))
|
||||
|
||||
try:
|
||||
self.response = self.signature_check(xmldata, origdoc=origxml, must=self.require_signature,
|
||||
self.response = self.signature_check(xmldata, origdoc=origxml,
|
||||
must=self.require_signature,
|
||||
require_response_signature=self.require_response_signature)
|
||||
|
||||
except TypeError:
|
||||
@@ -430,7 +432,8 @@ class NameIDMappingResponse(StatusResponse):
|
||||
request_id=0, asynchop=True):
|
||||
StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
|
||||
request_id, asynchop)
|
||||
self.signature_check = self.sec.correctly_signed_name_id_mapping_response
|
||||
self.signature_check = self.sec\
|
||||
.correctly_signed_name_id_mapping_response
|
||||
|
||||
|
||||
class ManageNameIDResponse(StatusResponse):
|
||||
@@ -455,7 +458,8 @@ class AuthnResponse(StatusResponse):
|
||||
return_addrs=None, outstanding_queries=None,
|
||||
timeslack=0, asynchop=True, allow_unsolicited=False,
|
||||
test=False, allow_unknown_attributes=False,
|
||||
want_assertions_signed=False, want_response_signed=False, **kwargs):
|
||||
want_assertions_signed=False, want_response_signed=False,
|
||||
**kwargs):
|
||||
|
||||
StatusResponse.__init__(self, sec_context, return_addrs, timeslack,
|
||||
asynchop=asynchop)
|
||||
@@ -481,6 +485,16 @@ class AuthnResponse(StatusResponse):
|
||||
except KeyError:
|
||||
self.extension_schema = {}
|
||||
|
||||
def check_subject_confirmation_in_response_to(self, irp):
|
||||
for assertion in self.response.assertion:
|
||||
for _sc in assertion.subject.subject_confirmation:
|
||||
try:
|
||||
assert _sc.subject_confirmation_data.in_response_to == irp
|
||||
except AssertionError:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def loads(self, xmldata, decode=True, origxml=None):
|
||||
self._loads(xmldata, decode, origxml)
|
||||
|
||||
@@ -488,11 +502,22 @@ class AuthnResponse(StatusResponse):
|
||||
if self.in_response_to in self.outstanding_queries:
|
||||
self.came_from = self.outstanding_queries[self.in_response_to]
|
||||
del self.outstanding_queries[self.in_response_to]
|
||||
try:
|
||||
if not self.check_subject_confirmation_in_response_to(
|
||||
self.in_response_to):
|
||||
logger.exception(
|
||||
"Unsolicited response %s" % self.in_response_to)
|
||||
raise UnsolicitedResponse(
|
||||
"Unsolicited response: %s" % self.in_response_to)
|
||||
except AttributeError:
|
||||
pass
|
||||
elif self.allow_unsolicited:
|
||||
pass
|
||||
else:
|
||||
logger.exception("Unsolicited response %s" % self.in_response_to)
|
||||
raise UnsolicitedResponse("Unsolicited response: %s" % self.in_response_to)
|
||||
logger.exception(
|
||||
"Unsolicited response %s" % self.in_response_to)
|
||||
raise UnsolicitedResponse(
|
||||
"Unsolicited response: %s" % self.in_response_to)
|
||||
|
||||
return self
|
||||
|
||||
@@ -541,7 +566,8 @@ class AuthnResponse(StatusResponse):
|
||||
|
||||
# if both are present NotBefore must be earlier than NotOnOrAfter
|
||||
if conditions.not_before and conditions.not_on_or_after:
|
||||
if not later_than(conditions.not_on_or_after, conditions.not_before):
|
||||
if not later_than(conditions.not_on_or_after,
|
||||
conditions.not_before):
|
||||
return False
|
||||
|
||||
try:
|
||||
@@ -565,7 +591,8 @@ class AuthnResponse(StatusResponse):
|
||||
if conditions.condition: # extra conditions
|
||||
for cond in conditions.condition:
|
||||
try:
|
||||
if cond.extension_attributes[XSI_TYPE] in self.extension_schema:
|
||||
if cond.extension_attributes[
|
||||
XSI_TYPE] in self.extension_schema:
|
||||
pass
|
||||
else:
|
||||
raise Exception("Unknown condition")
|
||||
@@ -582,9 +609,9 @@ class AuthnResponse(StatusResponse):
|
||||
:param attribute_statement: A SAML.AttributeStatement which might
|
||||
contain both encrypted attributes and attributes.
|
||||
"""
|
||||
# _node_name = [
|
||||
# "urn:oasis:names:tc:SAML:2.0:assertion:EncryptedData",
|
||||
# "urn:oasis:names:tc:SAML:2.0:assertion:EncryptedAttribute"]
|
||||
# _node_name = [
|
||||
# "urn:oasis:names:tc:SAML:2.0:assertion:EncryptedData",
|
||||
# "urn:oasis:names:tc:SAML:2.0:assertion:EncryptedAttribute"]
|
||||
|
||||
for encattr in attribute_statement.encrypted_attribute:
|
||||
if not encattr.encrypted_key:
|
||||
@@ -650,7 +677,8 @@ class AuthnResponse(StatusResponse):
|
||||
logger.info("outstanding queries: %s" % (
|
||||
self.outstanding_queries.keys(),))
|
||||
raise Exception(
|
||||
"Combination of session id and requestURI I don't recall")
|
||||
"Combination of session id and requestURI I don't "
|
||||
"recall")
|
||||
return True
|
||||
|
||||
def _holder_of_key_confirmed(self, data):
|
||||
@@ -720,8 +748,8 @@ class AuthnResponse(StatusResponse):
|
||||
#if self.context == "AuthnReq" or self.context == "AttrQuery":
|
||||
if self.context == "AuthnReq":
|
||||
self.authn_statement_ok()
|
||||
# elif self.context == "AttrQuery":
|
||||
# self.authn_statement_ok(True)
|
||||
# elif self.context == "AttrQuery":
|
||||
# self.authn_statement_ok(True)
|
||||
|
||||
if not self.condition_ok():
|
||||
raise VerificationError("Condition not OK")
|
||||
@@ -892,7 +920,6 @@ class AuthnQueryResponse(AuthnResponse):
|
||||
|
||||
def __init__(self, sec_context, attribute_converters, entity_id,
|
||||
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
||||
|
||||
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
||||
entity_id, return_addrs, timeslack=timeslack,
|
||||
asynchop=asynchop, test=test)
|
||||
@@ -910,7 +937,6 @@ class AttributeResponse(AuthnResponse):
|
||||
|
||||
def __init__(self, sec_context, attribute_converters, entity_id,
|
||||
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
||||
|
||||
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
||||
entity_id, return_addrs, timeslack=timeslack,
|
||||
asynchop=asynchop, test=test)
|
||||
@@ -941,7 +967,6 @@ class ArtifactResponse(AuthnResponse):
|
||||
|
||||
def __init__(self, sec_context, attribute_converters, entity_id,
|
||||
return_addrs=None, timeslack=0, asynchop=False, test=False):
|
||||
|
||||
AuthnResponse.__init__(self, sec_context, attribute_converters,
|
||||
entity_id, return_addrs, timeslack=timeslack,
|
||||
asynchop=asynchop, test=test)
|
||||
@@ -953,7 +978,8 @@ class ArtifactResponse(AuthnResponse):
|
||||
|
||||
def response_factory(xmlstr, conf, return_addrs=None, outstanding_queries=None,
|
||||
timeslack=0, decode=True, request_id=0, origxml=None,
|
||||
asynchop=True, allow_unsolicited=False, want_assertions_signed=False):
|
||||
asynchop=True, allow_unsolicited=False,
|
||||
want_assertions_signed=False):
|
||||
sec_context = security_context(conf)
|
||||
if not timeslack:
|
||||
try:
|
||||
@@ -988,6 +1014,7 @@ def response_factory(xmlstr, conf, return_addrs=None, outstanding_queries=None,
|
||||
|
||||
return response
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# A class of it's own
|
||||
|
||||
|
||||
Reference in New Issue
Block a user