def test_get_saml_client_failure_with_missing_metadata_url(settings: SettingsWrapper):
"""Test get_saml_client function to verify if it raises an exception given a missing non-mocked
metadata URL.
Args:
settings (SettingsWrapper): Fixture for django settings
"""
settings.SAML2_AUTH["TRIGGER"]["GET_METADATA_AUTO_CONF_URLS"] = GET_METADATA_AUTO_CONF_URLS
with pytest.raises(SAMLAuthError) as exc_info:
get_saml_client("example.com", acs, "*****@*****.**")
assert str(exc_info.value) == "Metadata URL/file is missing."
def test_get_saml_client_failure_with_invalid_file(settings: SettingsWrapper):
"""Test get_saml_client function to verify if it raises an exception given an invalid path to
metadata file.
Args:
settings (SettingsWrapper): Fixture for django settings
"""
settings.SAML2_AUTH["METADATA_LOCAL_FILE_PATH"] = "/invalid/metadata.xml"
settings.SAML2_AUTH["TRIGGER"]["GET_METADATA_AUTO_CONF_URLS"] = None
with pytest.raises(SAMLAuthError) as exc_info:
get_saml_client("example.com", acs)
assert str(exc_info.value) == "[Errno 2] No such file or directory: '/invalid/metadata.xml'"
assert isinstance(exc_info.value.extra["exc"], FileNotFoundError)
def signin(request: HttpRequest):
next_url = request.GET.get("next") or get_default_next_url()
try:
if "next=" in unquote(next_url):
parsed_next_url = urlparse.parse_qs(
urlparse.urlparse(unquote(next_url)).query)
next_url = dictor(parsed_next_url, "next.0")
except:
next_url = request.GET.get("next") or get_default_next_url()
# Only permit signin requests where the next_url is a safe URL
allowed_hosts = set(settings.SAML2_AUTH.get("ALLOWED_REDIRECT_HOSTS", []))
if parse_version(get_version()) >= parse_version("2.0"):
url_ok = is_safe_url(next_url, allowed_hosts)
else:
url_ok = is_safe_url(next_url)
if not url_ok:
return HttpResponseRedirect(
get_reverse([denied, "denied", "django_saml2_auth:denied"]))
request.session["login_next_url"] = next_url
saml_client = get_saml_client(get_assertion_url(request), acs)
_, info = saml_client.prepare_for_authenticate(relay_state=next_url)
redirect_url = None
if "Location" in info["headers"]:
redirect_url = info["headers"]["Location"]
return HttpResponseRedirect(redirect_url)
def test_get_saml_client_success(settings: SettingsWrapper):
"""Test get_saml_client function to verify if it is correctly instantiated with local metadata
file.
Args:
settings (SettingsWrapper): Fixture for django settings
"""
settings.SAML2_AUTH["METADATA_LOCAL_FILE_PATH"] = "django_saml2_auth/tests/metadata.xml"
result = get_saml_client("example.com", acs)
assert isinstance(result, Saml2Client)
def test_get_saml_client_success_with_user_id(settings: SettingsWrapper):
"""Test get_saml_client function to verify if it is correctly instantiated with remote metadata
URL and valid user_id.
Args:
settings (SettingsWrapper): Fixture for django settings
"""
settings.SAML2_AUTH["TRIGGER"]["GET_METADATA_AUTO_CONF_URLS"] = GET_METADATA_AUTO_CONF_URLS
responses.add(responses.GET, METADATA_URL1, body=METADATA1)
result = get_saml_client("example.com", acs, "*****@*****.**")
assert isinstance(result, Saml2Client)
def sp_initiated_login(request: HttpRequest) -> HttpResponseRedirect:
# User must be created first by the IdP-initiated SSO (acs)
if request.method == "GET":
if request.GET.get("token"):
user_id = decode_jwt_token(request.GET.get("token"))
saml_client = get_saml_client(get_assertion_url(request), acs,
user_id)
jwt_token = create_jwt_token(user_id)
_, info = saml_client.prepare_for_authenticate(
sign=False, relay_state=jwt_token)
redirect_url = dict(info["headers"]).get("Location", "")
if not redirect_url:
return HttpResponseRedirect(
get_reverse([denied, "denied",
"django_saml2_auth:denied"]))
return HttpResponseRedirect(redirect_url)
else:
raise SAMLAuthError("Request method is not supported.",
extra={
"exc_type": Exception,
"error_code": INVALID_REQUEST_METHOD,
"reason": "Request method is not supported.",
"status_code": 404
})