Don't use default global XML parser to parse response.

If the default global parser is set to remove blank text nodes (remove_blank_text=True),
signature validation will fail because the whitespace inside the <ds:Signature> element matters.

Instead of using the default parser, construct a new parser to parse the response.

Author: mtyaka

onelogin/saml/Response.py

@@ -52,7 +52,7 @@ def __init__(self, response, signature, _base64=None, _etree=None):
             _etree = etree
 
         decoded_response = _base64.b64decode(response)
-        self._document = _etree.fromstring(decoded_response)
+        self._document = _etree.fromstring(decoded_response, parser=_etree.XMLParser())
         self._signature = signature
 
     def _parse_datetime(self, dt):

onelogin/saml/test/TestResponse.py

@@ -81,8 +81,12 @@ def test__init__(self):
 
         fake_etree = fudge.Fake('etree')
         fake_etree.remember_order()
+        xmlparser = fake_etree.expects('XMLParser')
+        xmlparser.with_arg_count(0)
+        fake_xmlparser = fudge.Fake('etree.XMLParser')
+        xmlparser.returns(fake_xmlparser)
         from_string = fake_etree.expects('fromstring')
-        from_string.with_args('foo decoded response')
+        from_string.with_args('foo decoded response', parser=fake_xmlparser)
         from_string.returns('foo document')
 
         res = Response(