def test_get_saml_client_failure_with_missing_metadata_url(settings: SettingsWrapper): """Test get_saml_client function to verify if it raises an exception given a missing non-mocked metadata URL. Args: settings (SettingsWrapper): Fixture for django settings """ settings.SAML2_AUTH["TRIGGER"]["GET_METADATA_AUTO_CONF_URLS"] = GET_METADATA_AUTO_CONF_URLS with pytest.raises(SAMLAuthError) as exc_info: get_saml_client("example.com", acs, "*****@*****.**") assert str(exc_info.value) == "Metadata URL/file is missing."
def test_get_saml_client_failure_with_invalid_file(settings: SettingsWrapper): """Test get_saml_client function to verify if it raises an exception given an invalid path to metadata file. Args: settings (SettingsWrapper): Fixture for django settings """ settings.SAML2_AUTH["METADATA_LOCAL_FILE_PATH"] = "/invalid/metadata.xml" settings.SAML2_AUTH["TRIGGER"]["GET_METADATA_AUTO_CONF_URLS"] = None with pytest.raises(SAMLAuthError) as exc_info: get_saml_client("example.com", acs) assert str(exc_info.value) == "[Errno 2] No such file or directory: '/invalid/metadata.xml'" assert isinstance(exc_info.value.extra["exc"], FileNotFoundError)
def signin(request: HttpRequest): next_url = request.GET.get("next") or get_default_next_url() try: if "next=" in unquote(next_url): parsed_next_url = urlparse.parse_qs( urlparse.urlparse(unquote(next_url)).query) next_url = dictor(parsed_next_url, "next.0") except: next_url = request.GET.get("next") or get_default_next_url() # Only permit signin requests where the next_url is a safe URL allowed_hosts = set(settings.SAML2_AUTH.get("ALLOWED_REDIRECT_HOSTS", [])) if parse_version(get_version()) >= parse_version("2.0"): url_ok = is_safe_url(next_url, allowed_hosts) else: url_ok = is_safe_url(next_url) if not url_ok: return HttpResponseRedirect( get_reverse([denied, "denied", "django_saml2_auth:denied"])) request.session["login_next_url"] = next_url saml_client = get_saml_client(get_assertion_url(request), acs) _, info = saml_client.prepare_for_authenticate(relay_state=next_url) redirect_url = None if "Location" in info["headers"]: redirect_url = info["headers"]["Location"] return HttpResponseRedirect(redirect_url)
def test_get_saml_client_success(settings: SettingsWrapper): """Test get_saml_client function to verify if it is correctly instantiated with local metadata file. Args: settings (SettingsWrapper): Fixture for django settings """ settings.SAML2_AUTH["METADATA_LOCAL_FILE_PATH"] = "django_saml2_auth/tests/metadata.xml" result = get_saml_client("example.com", acs) assert isinstance(result, Saml2Client)
def test_get_saml_client_success_with_user_id(settings: SettingsWrapper): """Test get_saml_client function to verify if it is correctly instantiated with remote metadata URL and valid user_id. Args: settings (SettingsWrapper): Fixture for django settings """ settings.SAML2_AUTH["TRIGGER"]["GET_METADATA_AUTO_CONF_URLS"] = GET_METADATA_AUTO_CONF_URLS responses.add(responses.GET, METADATA_URL1, body=METADATA1) result = get_saml_client("example.com", acs, "*****@*****.**") assert isinstance(result, Saml2Client)
def sp_initiated_login(request: HttpRequest) -> HttpResponseRedirect: # User must be created first by the IdP-initiated SSO (acs) if request.method == "GET": if request.GET.get("token"): user_id = decode_jwt_token(request.GET.get("token")) saml_client = get_saml_client(get_assertion_url(request), acs, user_id) jwt_token = create_jwt_token(user_id) _, info = saml_client.prepare_for_authenticate( sign=False, relay_state=jwt_token) redirect_url = dict(info["headers"]).get("Location", "") if not redirect_url: return HttpResponseRedirect( get_reverse([denied, "denied", "django_saml2_auth:denied"])) return HttpResponseRedirect(redirect_url) else: raise SAMLAuthError("Request method is not supported.", extra={ "exc_type": Exception, "error_code": INVALID_REQUEST_METHOD, "reason": "Request method is not supported.", "status_code": 404 })