Skip to content

Commit 7f6b527

Browse files
pitbulkpitbulk
committed
Fix python syntax
1 parent 2575919 commit 7f6b527

File tree

6 files changed

+83
-71
lines changed

6 files changed

+83
-71
lines changed

README.rst

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,12 +125,15 @@ of the public certificate originally obtained from OneLogin::
125125

126126
def do_POST(self):
127127
...
128+
request_data = self.prepare_request()
128129
length = int(self.headers['Content-Length'])
129130
data = self.rfile.read(length)
130131
query = urlparse.parse_qs(data)
131132
res = Response(
133+
request_data,
132134
query['SAMLResponse'].pop(),
133135
self.settings['idp_cert_fingerprint'],
136+
issuer=self.settings['issuer']
134137
)
135138
valid = res.is_valid()
136139
name_id = res.name_id
@@ -145,6 +148,10 @@ of the public certificate originally obtained from OneLogin::
145148
)
146149
self._serve_msg(401, msg)
147150

151+
The request_data must be used to build the Response due is_valid method checks Destination, Recipient, etc
152+
and need to know info like SERVER_NAME, SERVER_PORT, PATH_INFO, SCRIPT_NAME, REQUEST_URI. If you using a
153+
python framework be sure to build a dict with those indexs and provide it to the Response constructor
154+
148155
Once again, the self.settings variable is populated from an entry in
149156
the configuration file. You can find the public certificate under Security->SAML
150157
after you login to OneLogin.

onelogin/saml/Response.py

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -174,8 +174,6 @@ def is_valid(self, _clock=None, _verifier=None):
174174
if not self.validate_num_assertions():
175175
raise ResponseFormatError('Only 1 Assertion in the SAMLResponse is supported')
176176

177-
178-
179177
if _clock is None:
180178
_clock = datetime.utcnow
181179
if _verifier is None:
@@ -189,10 +187,10 @@ def is_valid(self, _clock=None, _verifier=None):
189187
now = _clock()
190188

191189
for condition in conditions:
192-
190+
193191
not_before = condition.attrib.get('NotBefore', None)
194192
not_on_or_after = condition.attrib.get('NotOnOrAfter', None)
195-
193+
196194
if not_before is None:
197195
not_before = (now - timedelta(0, 5, 0)).strftime('%Y-%m-%dT%H:%M:%SZ')
198196
if not_on_or_after is None:
@@ -256,7 +254,6 @@ def is_valid(self, _clock=None, _verifier=None):
256254
if not any_subject_confirmation:
257255
raise ResponseSubjectConfirmationError('A valid SubjectConfirmation was not found on this Response')
258256

259-
260257
return _verifier(
261258
self._document,
262259
self._signature,

onelogin/saml/test/TestAuthRequest.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
from onelogin.saml import AuthRequest
77

8+
89
class TestAuthRequest(object):
910
def setUp(self):
1011
fudge.clear_expectations()
@@ -23,7 +24,6 @@ def fake_clock():
2324
fake_zlib = fudge.Fake('zlib')
2425
fake_zlib.remember_order()
2526
fake_compress = fake_zlib.expects('compress')
26-
uncompressed_req = """<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" IssueInstant="2011-07-09T19:24:52" ID="hex_uuid" AssertionConsumerServiceURL="http://foo.bar/consume"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">foo_issuer</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/><samlp:RequestedAuthnContext Comparison="exact"><saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>"""
2727
fake_compress.returns('HDfoo_compressedCHCK')
2828

2929
fake_base64 = fudge.Fake('base64')
@@ -37,7 +37,7 @@ def fake_clock():
3737
fake_urlencode = fake_urllib.expects('urlencode')
3838
fake_urlencode.with_args(
3939
[('SAMLRequest', 'foo_encoded')],
40-
)
40+
)
4141
fake_urlencode.returns('foo_urlencoded')
4242

4343
req = AuthRequest.create(
@@ -52,6 +52,6 @@ def fake_clock():
5252
+ 'emailAddress'
5353
),
5454
idp_sso_target_url='http://foo.idp.bar',
55-
)
55+
)
5656

5757
eq(req, 'http://foo.idp.bar?foo_urlencoded')

onelogin/saml/test/TestResponse.py

Lines changed: 46 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
ResponseValidationError,
1212
ResponseNameIDError,
1313
ResponseConditionError,
14-
)
14+
)
1515

1616
test_response = """<samlp:Response
1717
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@ -67,7 +67,9 @@
6767
</samlp:Response>
6868
"""
6969

70+
7071
class TestResponse(object):
72+
7173
def setUp(self):
7274
fudge.clear_expectations()
7375

@@ -89,12 +91,18 @@ def test__init__(self):
8991
from_string.with_args('foo decoded response', parser=fake_xmlparser)
9092
from_string.returns('foo document')
9193

94+
request_data = {
95+
'http_host': 'example.com',
96+
'script_name': 'index.html'
97+
}
98+
9299
res = Response(
100+
request_data=request_data,
93101
response='foo response',
94102
signature='foo signature',
95103
_base64=fake_base64,
96104
_etree=fake_etree,
97-
)
105+
)
98106

99107
eq(res._document, 'foo document')
100108
eq(res._signature, 'foo signature')
@@ -105,7 +113,7 @@ def test_get_name_id_simple(self):
105113
res = Response(
106114
response=encoded_response,
107115
signature=None,
108-
)
116+
)
109117
name_id = res.name_id
110118

111119
eq('3f7b3dcf-1674-4ecd-92c8-1544f346baf8', name_id)
@@ -173,18 +181,16 @@ def test_get_name_id_multiple(self):
173181
res = Response(
174182
response=encoded_response,
175183
signature=None,
176-
)
184+
)
177185
msg = assert_raises(
178186
ResponseNameIDError,
179187
res._get_name_id,
180-
)
188+
)
181189

182190
eq(
183-
str(msg),
184-
('There was a problem getting the name ID: Found more than one '
185-
+ 'name ID'
186-
),
187-
)
191+
str(msg), ('There was a problem getting the name ID:' +
192+
' Found more than one name ID'),
193+
)
188194

189195
@fudge.with_fakes
190196
def test_get_name_id_none(self):
@@ -241,18 +247,18 @@ def test_get_name_id_none(self):
241247
res = Response(
242248
response=encoded_response,
243249
signature=None,
244-
)
250+
)
245251
msg = assert_raises(
246252
ResponseNameIDError,
247253
res._get_name_id,
248-
)
254+
)
249255

250256
eq(
251257
str(msg),
252258
('There was a problem getting the name ID: Did not find a name '
253259
+ 'ID'
254260
),
255-
)
261+
)
256262

257263
@fudge.with_fakes
258264
def test_is_valid_not_before_missing(self):
@@ -312,20 +318,20 @@ def test_is_valid_not_before_missing(self):
312318
res = Response(
313319
response=encoded_response,
314320
signature='foo signature',
315-
)
321+
)
316322

317323
fake_verifier = fudge.Fake(
318324
'verifier',
319325
callable=True,
320-
)
326+
)
321327
fake_verifier.times_called(1)
322328
fake_verifier.with_args(res._document, 'foo signature')
323329

324330
fake_verifier.returns(True)
325331

326332
msg = res.is_valid(
327333
_verifier=fake_verifier,
328-
)
334+
)
329335

330336
eq(msg, True)
331337

@@ -387,77 +393,77 @@ def test_is_valid_not_on_or_after_missing(self):
387393
res = Response(
388394
response=encoded_response,
389395
signature=None,
390-
)
396+
)
391397
msg = assert_raises(
392398
ResponseConditionError,
393399
res.is_valid,
394-
)
400+
)
395401

396-
eq(str(msg),
397-
('There was a problem validating a condition: Did not find '
398-
+ 'NotOnOrAfter condition'
399-
),
400-
)
402+
eq(
403+
str(msg),
404+
('There was a problem validating a condition:' +
405+
' Did not find NotOnOrAfter condition'),
406+
)
401407

402408
@fudge.with_fakes
403409
def test_is_valid_current_time_earlier(self):
404410
encoded_response = base64.b64encode(test_response)
405411
res = Response(
406412
response=encoded_response,
407413
signature=None,
408-
)
414+
)
409415

410416
def fake_clock():
411417
return datetime(2004, 12, 05, 9, 16, 45, 462796)
412418
msg = assert_raises(
413419
ResponseValidationError,
414420
res.is_valid,
415421
_clock=fake_clock,
416-
)
422+
)
417423

418-
eq(str(msg),
419-
('There was a problem validating the response: Current time is '
420-
+ 'earlier than NotBefore condition'
421-
),
422-
)
424+
eq(
425+
str(msg),
426+
('There was a problem validating the response: Current time is ' +
427+
'earlier than NotBefore condition'),
428+
)
423429

424430
@fudge.with_fakes
425431
def test_is_valid_current_time_on_or_after(self):
426432
encoded_response = base64.b64encode(test_response)
427433
res = Response(
428434
response=encoded_response,
429435
signature=None,
430-
)
436+
)
431437

432438
def fake_clock():
433439
return datetime(2004, 12, 05, 9, 30, 45, 462796)
434440
msg = assert_raises(
435441
ResponseValidationError,
436442
res.is_valid,
437443
_clock=fake_clock,
438-
)
444+
)
439445

440-
eq(str(msg),
441-
('There was a problem validating the response: Current time is '
442-
+ 'on or after NotOnOrAfter condition'
443-
),
444-
)
446+
eq(
447+
str(msg),
448+
('There was a problem validating the response: Current time is ' +
449+
'on or after NotOnOrAfter condition'),
450+
)
445451

446452
@fudge.with_fakes
447453
def test_is_valid_simple(self):
448454
encoded_response = base64.b64encode(test_response)
449455
res = Response(
450456
response=encoded_response,
451457
signature='foo signature',
452-
)
458+
)
453459

454460
def fake_clock():
455461
return datetime(2004, 12, 05, 9, 18, 45, 462796)
456462

457463
fake_verifier = fudge.Fake(
458464
'verifier',
459465
callable=True,
460-
)
466+
)
461467
fake_verifier.times_called(1)
462468
fake_verifier.with_args(res._document, 'foo signature')
463469

@@ -466,6 +472,6 @@ def fake_clock():
466472
msg = res.is_valid(
467473
_clock=fake_clock,
468474
_verifier=fake_verifier,
469-
)
475+
)
470476

471477
eq(msg, True)

0 commit comments

Comments
 (0)