Beispiel #1
0
    def test_authenticate(self):
        request = self.dummy_request()

        session_info = self.get_fake_session_info()

        user = authenticate(request, session_info)

        # The user provide exists
        self.assertEqual([user['mail']], session_info['ava']['mail'])

        user = authenticate(request, self.get_fake_session_info('*****@*****.**'))
        # The user does not exist
        self.assertIsNone(user)
Beispiel #2
0
    def test_login(self):
        session_info = self.get_fake_session_info()
        request = self.get_request_with_session()

        user = authenticate(request, session_info)

        headers = login(request, session_info, user)
        self.assertEqual(headers, True)
        self.assertNotEqual(headers, [])
Beispiel #3
0
def assertion_consumer_service(request):
    if 'SAMLResponse' not in request.POST:
        return HTTPBadRequest("Couldn't find 'SAMLResponse' in POST data.")
    xmlstr = request.POST['SAMLResponse']
    client = Saml2Client(request.saml2_config,
                         identity_cache=IdentityCache(request.session))

    oq_cache = OutstandingQueriesCache(request.session)
    outstanding_queries = oq_cache.outstanding_queries()

    try:
        # process the authentication response
        response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST,
                                                       outstanding_queries)
    except AssertionError:
        log.error('SAML response is not verified')
        return HTTPBadRequest(
            """SAML response is not verified. May be caused by the response
            was not issued at a reasonable time or the SAML status is not ok.
            Check the IDP datetime setup""")

    if response is None:
        log.error('SAML response is None')
        return HTTPBadRequest(
            "SAML response has errors. Please check the logs")

    session_id = response.session_id()
    oq_cache.delete(session_id)

    # authenticate the remote user
    session_info = response.session_info()

    log.debug('Trying to locate the user authenticated by the IdP')
    log.debug('Session info:\n{!s}\n\n'.format(pprint.pformat(session_info)))

    user = authenticate(request, session_info)
    if user is None:
        log.error('Could not find the user identified by the IdP')
        return HTTPUnauthorized("Access not authorized")

    headers = login(request, session_info, user)

    _set_name_id(request.session, session_info['name_id'])

    # redirect the user to the view where he came from
    relay_state = request.POST.get('RelayState', '/')
    log.debug('Redirecting to the RelayState: ' + relay_state)
    return HTTPFound(location=relay_state, headers=headers)
Beispiel #4
0
def assertion_consumer_service(request):
    ''' '''
    action = get_action(request.session)

    if sanitize_post_key(request, 'SAMLResponse') is None:
        raise HTTPBadRequest("Couldn't find 'SAMLResponse' in POST data.")
    xmlstr = request.POST['SAMLResponse']

    session_info = get_authn_response(request.registry.settings,
                                      request.session, xmlstr)

    log.debug('Trying to locate the user authenticated by the IdP')

    user = authenticate(request, session_info)
    if user is None:
        log.error('Could not find the user identified by the IdP')
        raise HTTPUnauthorized("Access not authorized")

    return action(request, session_info, user)