Skip to content

Commit 75dd33c

Browse files
committed
Don't use default global XML parser to parse response.
If the default global parser is set to remove blank text nodes (remove_blank_text=True), signature validation will fail because the whitespace inside the <ds:Signature> element matters. Instead of using the default parser, construct a new parser to parse the response.
1 parent 3902ce3 commit 75dd33c

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

onelogin/saml/Response.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ def __init__(self, response, signature, _base64=None, _etree=None):
5252
_etree = etree
5353

5454
decoded_response = _base64.b64decode(response)
55-
self._document = _etree.fromstring(decoded_response)
55+
self._document = _etree.fromstring(decoded_response, parser=_etree.XMLParser())
5656
self._signature = signature
5757

5858
def _parse_datetime(self, dt):

onelogin/saml/test/TestResponse.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,8 +81,12 @@ def test__init__(self):
8181

8282
fake_etree = fudge.Fake('etree')
8383
fake_etree.remember_order()
84+
xmlparser = fake_etree.expects('XMLParser')
85+
xmlparser.with_arg_count(0)
86+
fake_xmlparser = fudge.Fake('etree.XMLParser')
87+
xmlparser.returns(fake_xmlparser)
8488
from_string = fake_etree.expects('fromstring')
85-
from_string.with_args('foo decoded response')
89+
from_string.with_args('foo decoded response', parser=fake_xmlparser)
8690
from_string.returns('foo document')
8791

8892
res = Response(

0 commit comments

Comments
 (0)