Close #14 - Fix Typos. Cosmetics

Author: pitbulk

README.rst

@@ -85,13 +85,13 @@ in the form of URL string which we use to redirect the user to our identity
 provider--OneLogin::
 
         from BaseHTTPServer import BaseHTTPRequestHandler
-        from onelogin.saml import AuthnRequest
+        from onelogin.saml import AuthRequest
         ...
         class SampleAppHTTPRequestHandler(BaseHTTPRequestHandler):
           ...
           def do_GET(self):
             ...
-            url = AuthnRequest.create(**self.settings)
+            url = AuthRequest.create(**self.settings)
             self.send_response(301)
             self.send_header("Location", url)
             self.end_headers()

example.py

@@ -15,6 +15,7 @@
 
 log = logging.getLogger(__name__)
 
+
 class SampleAppHTTPRequestHandler(BaseHTTPRequestHandler):
     server_version = 'SampleAppHTTPRequestHandler/%s' % __version__
 
@@ -57,7 +58,7 @@ def do_GET(self):
             self._bad_request()
             return
 
-        url = AuthnRequest.create(**self.settings)
+        url = AuthRequest.create(**self.settings)
         self.send_response(301)
         self.send_header("Location", url)
         self.end_headers()
@@ -74,26 +75,27 @@ def do_POST(self):
         res = Response(
             query['SAMLResponse'].pop(),
             self.settings['idp_cert_fingerprint'],
-            )
+        )
         valid = res.is_valid()
         name_id = res.name_id
         if valid:
             msg = 'The identity of {name_id} has been verified'.format(
                 name_id=name_id,
-                )
+            )
             self._serve_msg(200, msg)
         else:
             msg = '{name_id} is not authorized to use this resource'.format(
                 name_id=name_id,
-                )
+            )
             self._serve_msg(401, msg)
 
+
 def main(config_file):
     logging.basicConfig(
         level=logging.INFO,
         format='%(asctime)s.%(msecs)03d example: %(levelname)s: %(message)s',
         datefmt='%Y-%m-%dT%H:%M:%S',
-        )
+    )
 
     config = ConfigParser.RawConfigParser()
     config_path = os.path.expanduser(config_file)
@@ -109,27 +111,27 @@ def main(config_file):
     settings['assertion_consumer_service_url'] = config.get(
         'saml',
         'assertion_consumer_service_url'
-        )
+    )
     settings['issuer'] = config.get(
         'saml',
         'issuer'
-        )
+    )
     settings['name_identifier_format'] = config.get(
         'saml',
         'name_identifier_format'
-        )
+    )
     settings['idp_sso_target_url'] = config.get(
         'saml',
         'idp_sso_target_url'
-        )
+    )
     settings['idp_cert_file'] = config.get(
         'saml',
         'idp_cert_file'
-        )
+    )
     settings['idp_cert_fingerprint'] = config.get(
         'saml',
         'idp_cert_fingerprint'
-        )
+    )
 
     cert_file = settings.pop('idp_cert_file', None)
 
@@ -148,32 +150,32 @@ def main(config_file):
     httpd = HTTPServer(
         (host, port),
         SampleAppHTTPRequestHandler,
-        )
+    )
 
     socket_name = httpd.socket.getsockname()
 
     log.info(
         'Serving HTTP on {host} port {port} ...'.format(
             host=socket_name[0],
             port=socket_name[1],
-            )
         )
+    )
 
     httpd.serve_forever()
 
 if __name__ == '__main__':
     parser = optparse.OptionParser(
         usage='%prog [OPTS]',
-        )
+    )
     parser.add_option(
         '--config-file',
         metavar='PATH',
         help='The configuration file containing the app and SAML settings',
-        )
+    )
 
     parser.set_defaults(
         config_file='example.cfg'
-        )
+    )
 
     options, args = parser.parse_args()
     if args:

onelogin/saml/AuthRequest.py

@@ -7,22 +7,29 @@
 from lxml import etree
 from lxml.builder import ElementMaker
 
-def create(
-    _clock=None,
-    _uuid=None,
-    _zlib=None,
-    _base64=None,
-    _urllib=None,
-    **kwargs
-    ):
-    """Create a URL string which can be used to redirect a samlp:AuthnRequest to the identity provider.
-    Return a URL string containing the idp_sso_target_url and a deflated, base64-encoded, url-encoded (in that order) samlp:AuthnRequest XML element as the value of the SAMLRequest parameter.
+
+def create(_clock=None, _uuid=None, _zlib=None, _base64=None,
+           _urllib=None, **kwargs):
+    """Create a URL string which can be used to redirect a samlp:AuthnRequest
+       to the identity provider. Return a URL string containing the
+       idp_sso_target_url and a deflated, base64-encoded, url-encoded
+       (in that order) samlp:AuthnRequest XML element as the value of the
+       SAMLRequest parameter.
 
     Keyword arguments:
-    assertion_consumer_service_url -- The URL at which the SAML assertion should be received.
-    issuer -- The name of your application. Some identity providers might need this to establish the identity of the service provider requesting the login.
-    name_identifier_format -- The format of the username required by this application. If you need the email address, use "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress". See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf section 8.3 for other options. Note that the identity provider might not support all options.
-    idp_sso_target_url -- The URL to which the authentication request should be sent. This would be on the identity
+    assertion_consumer_service_url -- The URL at which the SAML assertion
+                                      should be received.
+    issuer -- The name of your application. Some identity providers might need
+              this to establish the identity of the service provider requesting
+              the login.
+    name_identifier_format -- The format of the username required by this
+                              application. If you need the email address, use
+                              "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress".
+                              See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+                              section 8.3 for other options. Note that the
+                              identity provider might not support all options.
+    idp_sso_target_url -- The URL to which the authentication request should be
+                          sent. This would be on the identity
 """
     if _clock is None:
         _clock = datetime.utcnow
@@ -37,7 +44,7 @@ def create(
 
     assertion_consumer_service_url = kwargs.pop(
         'assertion_consumer_service_url',
-        )
+    )
     issuer = kwargs.pop('issuer')
     name_identifier_format = kwargs.pop('name_identifier_format')
     idp_sso_target_url = kwargs.pop('idp_sso_target_url')
@@ -55,19 +62,19 @@ def create(
     samlp_maker = ElementMaker(
         namespace='urn:oasis:names:tc:SAML:2.0:protocol',
         nsmap=dict(samlp='urn:oasis:names:tc:SAML:2.0:protocol'),
-        )
+    )
     saml_maker = ElementMaker(
         namespace='urn:oasis:names:tc:SAML:2.0:assertion',
         nsmap=dict(saml='urn:oasis:names:tc:SAML:2.0:assertion'),
-        )
+    )
 
     authn_request = samlp_maker.AuthnRequest(
         ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
         Version='2.0',
         IssueInstant=now_iso,
         ID=unique_id,
         AssertionConsumerServiceURL=assertion_consumer_service_url,
-        )
+    )
 
     saml_issuer = saml_maker.Issuer()
     saml_issuer.text = issuer
@@ -76,12 +83,12 @@ def create(
     name_id_policy = samlp_maker.NameIDPolicy(
         Format=name_identifier_format,
         AllowCreate='true',
-        )
+    )
     authn_request.append(name_id_policy)
 
     request_authn_context = samlp_maker.RequestedAuthnContext(
         Comparison='exact',
-        )
+    )
     authn_request.append(request_authn_context)
 
     authn_context_class_ref = saml_maker.AuthnContextClassRef()
@@ -96,9 +103,9 @@ def create(
     encoded_request = _base64.b64encode(deflated_request)
     urlencoded_request = _urllib.urlencode(
         [('SAMLRequest', encoded_request)],
-        )
+    )
 
     return '{url}?{query}'.format(
         url=idp_sso_target_url,
         query=urlencoded_request,
-        )
+    )

onelogin/saml/Response.py

@@ -5,10 +5,11 @@
 
 from onelogin.saml import SignatureVerifier
 
-namespaces=dict(
+namespaces = dict(
     samlp='urn:oasis:names:tc:SAML:2.0:protocol',
     saml='urn:oasis:names:tc:SAML:2.0:assertion',
-    )
+)
+
 
 class ResponseValidationError(Exception):
     """There was a problem validating the response"""
@@ -18,6 +19,7 @@ def __init__(self, msg):
     def __str__(self):
         return '%s: %s' % (self.__doc__, self._msg)
 
+
 class ResponseNameIDError(Exception):
     """There was a problem getting the name ID"""
     def __init__(self, msg):
@@ -26,6 +28,7 @@ def __init__(self, msg):
     def __str__(self):
         return '%s: %s' % (self.__doc__, self._msg)
 
+
 class ResponseConditionError(Exception):
     """There was a problem validating a condition"""
     def __init__(self, msg):
@@ -34,18 +37,13 @@ def __init__(self, msg):
     def __str__(self):
         return '%s: %s' % (self.__doc__, self._msg)
 
+
 class Response(object):
-    def __init__(
-        self,
-        response,
-        signature,
-        _base64=None,
-        _etree=None,
-        ):
+    def __init__(self, response, signature, _base64=None, _etree=None):
         """
         Extract information from an samlp:Response
         Arguments:
-        response -- The base64 encoded, XML string containing the samlp:Response
+        response -- The base64 encoded, XML string containing a samlp:Response
         signature -- The fingerprint to check the samlp:Response against
         """
         if _base64 is None:
@@ -67,16 +65,16 @@ def _get_name_id(self):
         result = self._document.xpath(
             '/samlp:Response/saml:Assertion/saml:Subject/saml:NameID',
             namespaces=namespaces,
-            )
+        )
         length = len(result)
         if length > 1:
             raise ResponseNameIDError(
                 'Found more than one name ID'
-                )
+            )
         if length == 0:
             raise ResponseNameIDError(
                 'Did not find a name ID'
-                )
+            )
 
         node = result.pop()
 
@@ -85,20 +83,16 @@ def _get_name_id(self):
     name_id = property(
         fget=_get_name_id,
         doc="The value requested in the name_identifier_format, e.g., the user's email address",
-        )
+    )
 
-    def get_assertion_attribute_value(self,attribute_name):
+    def get_assertion_attribute_value(self, attribute_name):
         """
         Get the value of an AssertionAttribute, located in an Assertion/AttributeStatement/Attribute[@Name=attribute_name/AttributeValue tag
         """
-        result = self._document.xpath('/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="%s"]/saml:AttributeValue'%attribute_name,namespaces=namespaces)
+        result = self._document.xpath('/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="%s"]/saml:AttributeValue' % attribute_name, namespaces=namespaces)
         return [n.text.strip() for n in result]
 
-    def is_valid(
-        self,
-        _clock=None,
-        _verifier=None,
-        ):
+    def is_valid(self, _clock=None, _verifier=None):
         """
         Verify that the samlp:Response is valid.
         Return True if valid, otherwise False.
@@ -111,7 +105,7 @@ def is_valid(
         conditions = self._document.xpath(
             '/samlp:Response/saml:Assertion/saml:Conditions',
             namespaces=namespaces,
-            )
+        )
 
         now = _clock()
 
@@ -123,7 +117,7 @@ def is_valid(
 
         if not_before is None:
             #notbefore condition is not mandatory. If it is not specified, use yesterday as not_before condition
-            not_before = (now-timedelta(1,0,0)).strftime('%Y-%m-%dT%H:%M:%SZ')
+            not_before = (now - timedelta(1, 0, 0)).strftime('%Y-%m-%dT%H:%M:%SZ')
         if not_on_or_after is None:
             raise ResponseConditionError('Did not find NotOnOrAfter condition')
 
@@ -133,13 +127,13 @@ def is_valid(
         if now < not_before:
             raise ResponseValidationError(
                 'Current time is earlier than NotBefore condition'
-                )
+            )
         if now >= not_on_or_after:
             raise ResponseValidationError(
                 'Current time is on or after NotOnOrAfter condition'
-                )
+            )
 
         return _verifier(
             self._document,
             self._signature,
-            )
+        )