def test_from_light_request_invalid_id(self):
self.maxDiff = None
with cast(BinaryIO,
(DATA_DIR / 'light_request_minimal.xml').open('rb')) as f:
request = LightRequest.load_xml(parse_xml(f))
request.id = '0day'
with self.assert_validation_error(
'id', "Light request id is not a valid XML id: '0day'"):
SAMLRequest.from_light_request(
request, 'test/destination',
datetime(2017, 12, 11, 14, 12, 5, 148000))
def create_saml_request(
self, issuer: str,
signature_options: Optional[Dict[str, str]]) -> SAMLRequest:
"""
Create a SAML request from a light request.
:param issuer: Issuer of the SAML request.
:param signature_options: Optional options to create a signed request: `key_file`, `cert_file`.
`signature_method`, abd `digest_method`.
:return: A SAML request.
"""
# Replace the original issuer with our issuer registered at the Identity Provider.
self.light_request.issuer = issuer
destination = self.request.build_absolute_uri(
reverse('identity-provider-response'))
saml_request = SAMLRequest.from_light_request(self.light_request,
destination,
datetime.utcnow())
LOGGER.info('[#%r] Created SAML request: id=%r, issuer=%r',
self.log_id, saml_request.id, saml_request.issuer)
if signature_options and signature_options.get(
'key_file') and signature_options.get('cert_file'):
saml_request.sign_request(**signature_options)
return saml_request
def post(self, request: HttpRequest) -> HttpResponse:
"""Handle a HTTP POST request."""
try:
preset = PRESETS[int(request.POST.get('Request', ''))]
except (ValueError, KeyError):
return HttpResponseBadRequest()
light_request = LightRequest(
id=create_xml_uuid(),
issuer=CONNECTOR_SETTINGS.service_provider['request_issuer'],
level_of_assurance=LevelOfAssurance.LOW,
provider_name="Demo Service Provider",
sp_type=ServiceProviderType.PUBLIC,
relay_state=request.POST.get('RelayState') or None,
origin_country_code='EU',
citizen_country_code=request.POST.get('Country'),
name_id_format=preset.id_format,
requested_attributes={name: [] for name in preset.attributes}
)
if not light_request.citizen_country_code:
# Use a placeholder to get through light request validation.
light_request.citizen_country_code = COUNTRY_PLACEHOLDER
self.saml_request = SAMLRequest.from_light_request(light_request, '/dest', datetime.utcnow())
signature_options = CONNECTOR_SETTINGS.service_provider['response_signature']
if signature_options and signature_options.get('key_file') and signature_options.get('cert_file'):
self.saml_request.sign_request(**signature_options)
return self.get(request)
def test_from_light_request(self):
self.maxDiff = None
saml_request = SAMLRequest.from_light_request(
LightRequest(**LIGHT_REQUEST_DICT), 'test/destination',
datetime(2017, 12, 11, 14, 12, 5, 148000))
with cast(TextIO, (DATA_DIR / 'saml_request.xml').open('r')) as f2:
data = f2.read()
self.assertXMLEqual(
dump_xml(saml_request.document).decode('utf-8'), data)
self.assertEqual(saml_request.relay_state, 'relay123')
self.assertEqual(saml_request.citizen_country_code, 'CA')
def test_from_light_request_minimal(self):
self.maxDiff = None
with cast(BinaryIO,
(DATA_DIR / 'light_request_minimal.xml').open('rb')) as f:
request = LightRequest.load_xml(parse_xml(f))
request.id = 'test-saml-request-id'
saml_request = SAMLRequest.from_light_request(
request, 'test/destination',
datetime(2017, 12, 11, 14, 12, 5, 148000))
with cast(TextIO,
(DATA_DIR / 'saml_request_minimal.xml').open('r')) as f2:
data = f2.read()
self.assertXMLEqual(
dump_xml(saml_request.document).decode('utf-8'), data)
self.assertEqual(saml_request.relay_state, None)
self.assertEqual(saml_request.citizen_country_code, 'CA')