NotBefore condition in the Assertion Conditions is not mandatory. If it is not specified, use yesterday as not_before condition

dolfandringa · dolfandringa · commit f974cdc6467a · 2012-03-20T15:43:27.000+01:00
diff --git a/onelogin/saml/Response.py b/onelogin/saml/Response.py
@@ -1,7 +1,7 @@
 import base64
 
 from lxml import etree
-from datetime import datetime
+from datetime import datetime, timedelta
 
 from onelogin.saml import SignatureVerifier
 
@@ -103,22 +103,23 @@ def is_valid(
             namespaces=namespaces,
             )
 
+        now = _clock()
+
         not_before = None
         not_on_or_after = None
         for condition in conditions:
             not_on_or_after = condition.attrib.get('NotOnOrAfter', None)
             not_before = condition.attrib.get('NotBefore', None)
 
         if not_before is None:
-            raise ResponseConditionError('Did not find NotBefore condition')
+            #notbefore condition is not mandatory. If it is not specified, use yesterday as not_before condition
+            not_before = (now-timedelta(1,0,0)).strftime('%Y-%m-%dT%H:%M:%SZ')
         if not_on_or_after is None:
             raise ResponseConditionError('Did not find NotOnOrAfter condition')
 
         not_before = self._parse_datetime(not_before)
         not_on_or_after = self._parse_datetime(not_on_or_after)
 
-        now = _clock()
-
         if now < not_before:
             raise ResponseValidationError(
                 'Current time is earlier than NotBefore condition'
