def test_is_valid_simple(self): encoded_response = base64.b64encode(test_response) fake_signature = 'foo signature' res = Response( response=encoded_response, signature='foo signature', ) def fake_clock(): return datetime(2004, 12, 05, 9, 18, 45, 462796) private_key_file = "/tmp/tes.txt" idp_cert_filename = "/tmp/junk.txt" fake_verifier = fudge.Fake( 'verifier', callable=True, ) fake_verifier.times_called(1) fake_verifier.with_args(res._document, fake_signature, idp_cert_filename, private_key_file) fake_verifier.returns((True, "<xml></xml>")) msg = res.is_valid( idp_cert_filename, private_key_file, _clock=fake_clock, _verifier=fake_verifier, ) eq(msg, True)
def do_POST(self): """Serve a POST request.""" if not self.path == self.saml_post_path: self._bad_request() return length = int(self.headers['Content-Length']) data = self.rfile.read(length) query = urlparse.parse_qs(data) res = Response( query['SAMLResponse'].pop(), self.settings['idp_cert_fingerprint'], ) valid = res.is_valid() name_id = res.name_id if valid: msg = 'The identity of {name_id} has been verified'.format( name_id=name_id, ) self._serve_msg(200, msg) else: msg = '{name_id} is not authorized to use this resource'.format( name_id=name_id, ) self._serve_msg(401, msg)
def logged_in(): # IDPorten redirects to this URL if all ok with login app.logger.info("User logged in via ID-porten: request.values=%s", request.values) SAMLResponse = request.values['SAMLResponse'] res = IdpResponse( SAMLResponse, "TODO: remove signature parameter" ) # Decrypt response from IDPorten with our private key, and make sure that the response is valid # (it was encrypted with same key) valid = res.is_valid(app.idporten_settings["idp_cert_file"], app.idporten_settings["private_key_file"]) if valid: national_id_number = res.get_decrypted_assertion_attribute_value("uid")[0] idporten_parameters = { "session_index": res.get_session_index(), "name_id": res.name_id } auth_user = authentication.login_idporten_user_by_private_id(national_id_number, idporten_parameters) login_user(auth_user, remember=True) # Force the user to fill in the profile if unregistered if not auth_user.is_registered(): app.logger.info("Logged in: %s Uregistrert bruker (%s)", datetime.now().isoformat(), national_id_number[:6]) response = make_response(redirect("/profile")) else: app.logger.info("Logged in: %s %s %s (%s)", datetime.now().isoformat(), auth_user.first_name, auth_user.last_name, national_id_number[:6]) # Check if the user wants to redirect to a specific page redirect_target = get_redirect_target_from_cookie(request) response = make_response(redirect(redirect_target or request.args.get('next') or '/')) invalidate_redirect_target_cookie(response) set_cookie(response, 'auth_token', make_auth_token(auth_user.user_id)) return response else: abort(404, 'Ugyldig innlogging.')
def logged_in(): app.logger.info("User logged in via ID-porten: request.values=%s", request.values) SAMLResponse = request.values['SAMLResponse'] res = IdpResponse( SAMLResponse, "TODO: remove signature parameter" ) valid = res.is_valid(settings["idp_cert_file"], settings["private_key_file"]) if valid: national_id_number = res.get_decrypted_assertion_attribute_value("uid")[0] idporten_parameters = { "session_index": res.get_session_index(), "name_id": res.name_id } auth_user = authentication.login_user_by_private_id(national_id_number, idporten_parameters) # Force the user to fill in the profile if unregistered if not auth_user.is_registered(): app.logger.info("Logged in: %s Uregistrert bruker (%s)", datetime.now().isoformat(), national_id_number[:6]) response = make_response(redirect("/profile")) else: app.logger.info("Logged in: %s %s %s (%s)", datetime.now().isoformat(), auth_user.first_name, auth_user.last_name, national_id_number[:6]) # Check if the user wants to redirect to a specific page redirect_target = request.cookies.get("redirect_target", None) if not redirect_target or not is_safe_url(redirect_target): redirect_target = None response = make_response( redirect(redirect_target or request.args.get('next') or '/')) # Invalidate the redirect cookie by giving it a past expiry date response.set_cookie("redirect_target", "", expires=0) set_cookie(response, 'auth_token', make_auth_token(auth_user.user_id)) return response else: abort(404, 'Ugyldig innlogging.')
def logged_in(): print "USER LOGGED IN VIA IDPORTEN" print request.values SAMLResponse = request.values['SAMLResponse'] res = Response(SAMLResponse, "TODO: remove signature parameter") valid = res.is_valid(settings["idp_cert_file"], settings["private_key_file"]) uid = res.get_decrypted_assertion_attribute_value("uid") name_id = res.name_id print "UID", uid print "NAME ID: ", name_id print "Session index: ", res.get_session_index() user_info["uid"] = uid user_info["name_id"] = name_id user_info["session_index"] = res.get_session_index() return render_template('home.html', decrypted=res.decrypted, uid=uid)
def logged_in(): print "USER LOGGED IN VIA IDPORTEN" print request.values SAMLResponse = request.values['SAMLResponse'] res = Response( SAMLResponse, "TODO: remove signature parameter" ) valid = res.is_valid(settings["idp_cert_file"], settings["private_key_file"]) uid = res.get_decrypted_assertion_attribute_value("uid") name_id = res.name_id print "UID", uid print "NAME ID: ", name_id print "Session index: ", res.get_session_index() user_info["uid"] = uid user_info["name_id"] = name_id user_info["session_index"] = res.get_session_index() return render_template('home.html', decrypted = res.decrypted, uid = uid)