def test_authenticate(self): request = self.dummy_request() session_info = self.get_fake_session_info() user = authenticate(request, session_info) # The user provide exists self.assertEqual([user['mail']], session_info['ava']['mail']) user = authenticate(request, self.get_fake_session_info('*****@*****.**')) # The user does not exist self.assertIsNone(user)
def test_login(self): session_info = self.get_fake_session_info() request = self.get_request_with_session() user = authenticate(request, session_info) headers = login(request, session_info, user) self.assertEqual(headers, True) self.assertNotEqual(headers, [])
def assertion_consumer_service(request): if 'SAMLResponse' not in request.POST: return HTTPBadRequest("Couldn't find 'SAMLResponse' in POST data.") xmlstr = request.POST['SAMLResponse'] client = Saml2Client(request.saml2_config, identity_cache=IdentityCache(request.session)) oq_cache = OutstandingQueriesCache(request.session) outstanding_queries = oq_cache.outstanding_queries() try: # process the authentication response response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST, outstanding_queries) except AssertionError: log.error('SAML response is not verified') return HTTPBadRequest( """SAML response is not verified. May be caused by the response was not issued at a reasonable time or the SAML status is not ok. Check the IDP datetime setup""") if response is None: log.error('SAML response is None') return HTTPBadRequest( "SAML response has errors. Please check the logs") session_id = response.session_id() oq_cache.delete(session_id) # authenticate the remote user session_info = response.session_info() log.debug('Trying to locate the user authenticated by the IdP') log.debug('Session info:\n{!s}\n\n'.format(pprint.pformat(session_info))) user = authenticate(request, session_info) if user is None: log.error('Could not find the user identified by the IdP') return HTTPUnauthorized("Access not authorized") headers = login(request, session_info, user) _set_name_id(request.session, session_info['name_id']) # redirect the user to the view where he came from relay_state = request.POST.get('RelayState', '/') log.debug('Redirecting to the RelayState: ' + relay_state) return HTTPFound(location=relay_state, headers=headers)
def assertion_consumer_service(request): ''' ''' action = get_action(request.session) if sanitize_post_key(request, 'SAMLResponse') is None: raise HTTPBadRequest("Couldn't find 'SAMLResponse' in POST data.") xmlstr = request.POST['SAMLResponse'] session_info = get_authn_response(request.registry.settings, request.session, xmlstr) log.debug('Trying to locate the user authenticated by the IdP') user = authenticate(request, session_info) if user is None: log.error('Could not find the user identified by the IdP') raise HTTPUnauthorized("Access not authorized") return action(request, session_info, user)