#!/usr/bin/env python from saml2 import attribute_converter, saml from attribute_statement_data import * from pathutils import full_path from saml2.attribute_converter import AttributeConverterNOOP from saml2.attribute_converter import to_local def _eq(l1,l2): return set(l1) == set(l2) BASIC_NF = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic' URI_NF = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri' SAML1 = 'urn:mace:shibboleth:1.0:attributeNamespace:uri' def test_default(): acs = attribute_converter.ac_factory() assert acs class TestAC(): def setup_class(self): self.acs = attribute_converter.ac_factory(full_path("attributemaps")) def test_setup(self): print self.acs assert len(self.acs) == 3 assert _eq([a.name_format for a in self.acs],[BASIC_NF, URI_NF, SAML1] ) def test_ava_fro_1(self): ats = saml.attribute_statement_from_string(STATEMENT1) #print ats ava = None for ac in self.acs: try: ava = ac.fro(ats) break except attribute_converter.UnknownNameFormat: pass print ava.keys() assert _eq(ava.keys(), ['givenName', 'displayName', 'uid', 'eduPersonNickname', 'street', 'eduPersonScopedAffiliation', 'employeeType', 'eduPersonAffiliation', 'eduPersonPrincipalName', 'sn', 'postalCode', 'physicalDeliveryOfficeName', 'ou', 'eduPersonTargetedID', 'cn']) def test_ava_fro_2(self): ats = saml.attribute_statement_from_string(STATEMENT2) #print ats ava = {} for ac in self.acs: ava.update(ac.fro(ats)) print ava.keys() assert _eq(ava.keys(), ['eduPersonEntitlement', 'eduPersonAffiliation', 'uid', 'mail', 'givenName', 'sn']) def test_to_attrstat_1(self): ava = { "givenName": "Roland", "sn": "Hedberg" } statement = attribute_converter.from_local(self.acs, ava, BASIC_NF) assert statement is not None assert len(statement) == 2 a0 = statement[0] a1 = statement[1] if a0.friendly_name == 'sn': assert a0.name == 'urn:mace:dir:attribute-def:sn' assert a0.name_format == BASIC_NF assert a1.friendly_name == "givenName" assert a1.name == 'urn:mace:dir:attribute-def:givenName' assert a1.name_format == BASIC_NF elif a0.friendly_name == 'givenname': assert a0.name == 'urn:mace:dir:attribute-def:givenName' assert a0.name_format == BASIC_NF assert a1.friendly_name == "sn" assert a1.name == 'urn:mace:dir:attribute-def:sn' assert a1.name_format == BASIC_NF else: assert False def test_to_attrstat_2(self): ava = { "givenName": "Roland", "surname": "Hedberg" } statement = attribute_converter.from_local(self.acs, ava, URI_NF) assert len(statement) == 2 a0 = statement[0] a1 = statement[1] if a0.friendly_name == 'surname': assert a0.name == 'urn:oid:2.5.4.4' assert a0.name_format == URI_NF assert a1.friendly_name == "givenName" assert a1.name == 'urn:oid:2.5.4.42' assert a1.name_format == URI_NF elif a0.friendly_name == 'givenname': assert a0.name == 'urn:oid:2.5.4.42' assert a0.name_format == URI_NF assert a1.friendly_name == "surname" assert a1.name == 'urn:oid:2.5.4.4' assert a1.name_format == URI_NF else: assert False def test_to_local_name(self): attr = [ saml.Attribute( friendly_name="surName", name="urn:oid:2.5.4.4", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), saml.Attribute( friendly_name="efternamn", name="urn:oid:2.5.4.42", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), saml.Attribute( friendly_name="titel", name="urn:oid:2.5.4.12", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")] lan = [attribute_converter.to_local_name(self.acs, a) for a in attr] assert _eq(lan, ['sn', 'givenName', 'title']) # def test_ava_fro_1(self): # # attr = [saml.Attribute(friendly_name="surName", # name="urn:oid:2.5.4.4", # name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), # saml.Attribute(friendly_name="efternamn", # name="urn:oid:2.5.4.42", # name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), # saml.Attribute(friendly_name="titel", # name="urn:oid:2.5.4.12", # name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")] # # result = attribute_converter.ava_fro(self.acs, attr) # # print result # assert result == {'givenName': [], 'sn': [], 'title': []} def test_to_local_name_from_basic(self): attr = [saml.Attribute( name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN")] lan = [attribute_converter.to_local_name(self.acs, a) for a in attr] assert _eq(lan, ['eduPersonPrimaryOrgUnitDN']) def test_to_and_for(self): ava = { "givenName": "Roland", "surname": "Hedberg" } basic_ac = [a for a in self.acs if a.name_format == BASIC_NF][0] attr_state = saml.AttributeStatement(basic_ac.to_(ava)) oava = basic_ac.fro(attr_state) assert _eq(ava.keys(), oava.keys()) def test_unspecified_name_format(self): ats = saml.attribute_statement_from_string(STATEMENT4) ava = to_local(self.acs, ats) assert ava == {'user_id': ['bob'], 'NameID': ['bobsnameagain']} def test_mixed_attributes_1(self): ats = saml.attribute_statement_from_string(STATEMENT_MIXED) ava = to_local(self.acs, ats) assert ava == {'eduPersonAffiliation': ['staff'], 'givenName': ['Roland'], 'sn': ['Hedberg'], 'uid': ['demouser'], 'user_id': ['bob']} # Allow unknown ava = to_local(self.acs, ats, True) assert ava == {'eduPersonAffiliation': ['staff'], 'givenName': ['Roland'], 'sn': ['Hedberg'], 'swissEduPersonHomeOrganizationType': ['others'], 'uid': ['demouser'], 'urn:example:com:foo': ['Thing'], 'user_id': ['bob']} def test_noop_attribute_conversion(): ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg" } aconv = AttributeConverterNOOP(URI_NF) res = aconv.to_(ava) print res assert len(res) == 2 for attr in res: assert len(attr.attribute_value) == 1 if attr.name == "urn:oid:2.5.4.42": assert attr.name_format == URI_NF assert attr.attribute_value[0].text == "Hedberg" elif attr.name == "urn:oid:2.5.4.4": assert attr.name_format == URI_NF assert attr.attribute_value[0].text == "Roland" if __name__ == "__main__": t = TestAC() t.setup_class() t.test_mixed_attributes_1() #test_noop_attribute_conversion()