def testRedirect(self): """ Tests the redirect method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com' } # Check relative and absolute hostname = OneLogin_Saml2_Utils.get_self_host(request_data) url = 'http://%s/example' % hostname url2 = '/example' target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data) target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data) self.assertEqual(target_url, target_url2) # Check that accept http/https and reject other protocols url3 = 'https://%s/example?test=true' % hostname url4 = 'ftp://%s/example' % hostname target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data) self.assertIn('test=true', target_url3) try: target_url4 = OneLogin_Saml2_Utils.redirect(url4, {}, request_data) self.assertTrue(target_url4 == 42) except Exception as e: self.assertIn('Redirect to invalid URL', e.message) # Review parameter prefix parameters1 = { 'value1': 'a' } target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data) self.assertEqual('http://%s/example?value1=a' % hostname, target_url5) target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data) self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6) # Review parameters parameters2 = { 'alphavalue': 'a', 'numvaluelist': ['1', '2'], 'testing': None } target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data) self.assertEqual('http://%s/example?numvaluelist[]=1&numvaluelist[]=2&testing&alphavalue=a' % hostname, target_url7) parameters3 = { 'alphavalue': 'a', 'emptynumvaluelist': [], 'numvaluelist': [''], } target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data) self.assertEqual('http://%s/example?numvaluelist[]=&alphavalue=a' % hostname, target_url8)
def testRedirect(self): """ Tests the redirect method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com' } # Check relative and absolute hostname = OneLogin_Saml2_Utils.get_self_host(request_data) url = 'http://%s/example' % hostname url2 = '/example' target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data) target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data) self.assertEqual(target_url, target_url2) # Check that accept http/https and reject other protocols url3 = 'https://%s/example?test=true' % hostname url4 = 'ftp://%s/example' % hostname target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data) self.assertIn('test=true', target_url3) try: target_url4 = OneLogin_Saml2_Utils.redirect(url4, {}, request_data) self.assertTrue(target_url4 == 42) except Exception as e: self.assertIn('Redirect to invalid URL', e.message) # Review parameter prefix parameters1 = { 'value1': 'a' } target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data) self.assertEqual('http://%s/example?value1=a' % hostname, target_url5) target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data) self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6) # Review parameters parameters2 = { 'alphavalue': 'a', 'numvaluelist': ['1', '2'], 'testing': None } target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data) self.assertEqual('http://%s/example?numvaluelist[]=1&numvaluelist[]=2&testing&alphavalue=a' % hostname, target_url7) parameters3 = { 'alphavalue': 'a', 'emptynumvaluelist': [], 'numvaluelist': [''], } target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data) self.assertEqual('http://%s/example?numvaluelist[]=&alphavalue=a' % hostname, target_url8)
def testCreateEncSAMLRequest(self): """ Tests the OneLogin_Saml2_Authn_Request Constructor. The creation of a deflated SAML Request """ settings = self.loadSettingsJSON() settings['organization'] = { 'es': { 'name': 'sp_prueba', 'displayname': 'SP prueba', 'url': 'http://sp.example.com' } } settings['security']['wantNameIdEncrypted'] = True settings = OneLogin_Saml2_Settings(settings) authn_request = OneLogin_Saml2_Authn_Request(settings) parameters = { 'SAMLRequest': authn_request.get_request() } auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True) self.assertRegexpMatches(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=') exploded = urlparse(auth_url) exploded = parse_qs(exploded[4]) payload = exploded['SAMLRequest'][0] decoded = b64decode(payload) inflated = decompress(decoded, -15) self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest') self.assertRegexpMatches(inflated, 'AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php"') self.assertRegexpMatches(inflated, '<saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>') self.assertRegexpMatches(inflated, 'Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"') self.assertRegexpMatches(inflated, 'ProviderName="SP prueba"')
def testCreateEncSAMLRequest(self): """ Tests the OneLogin_Saml2_Authn_Request Constructor. The creation of a deflated SAML Request """ settings = self.loadSettingsJSON() settings['organization'] = { 'es': { 'name': 'sp_prueba', 'displayname': 'SP prueba', 'url': 'http://sp.example.com' } } settings['security']['wantNameIdEncrypted'] = True settings = OneLogin_Saml2_Settings(settings) authn_request = OneLogin_Saml2_Authn_Request(settings) parameters = { 'SAMLRequest': authn_request.get_request() } auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True) self.assertRegexpMatches(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=') exploded = urlparse(auth_url) exploded = parse_qs(exploded[4]) payload = exploded['SAMLRequest'][0] decoded = b64decode(payload) inflated = decompress(decoded, -15) self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest') self.assertRegexpMatches(inflated, 'AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php"') self.assertRegexpMatches(inflated, '<saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>') self.assertRegexpMatches(inflated, 'Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"') self.assertRegexpMatches(inflated, 'ProviderName="SP prueba"')
def testConstructorEncryptIdUsingX509certMulti(self): """ Tests the OneLogin_Saml2_LogoutRequest Constructor. Case: Able to generate encryptedID with MultiCert """ settings_info = self.loadSettingsJSON('settings8.json') settings_info['security']['nameIdEncrypted'] = True settings = OneLogin_Saml2_Settings(settings_info) logout_request = OneLogin_Saml2_Logout_Request(settings) parameters = {'SAMLRequest': logout_request.get_request()} logout_url = OneLogin_Saml2_Utils.redirect( 'http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegex( logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=' ) url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) payload = exploded['SAMLRequest'][0] inflated = compat.to_string( OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)) self.assertRegex(inflated, '^<samlp:LogoutRequest') self.assertRegex(inflated, '<saml:EncryptedID>')
def testRedirect(self): """ Tests the redirect method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com' } # Check relative and absolute hostname = OneLogin_Saml2_Utils.get_self_host(request_data) url = 'http://%s/example' % hostname url2 = '/example' target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data) target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data) self.assertEqual(target_url, target_url2) # Check that accept http/https and reject other protocols url3 = 'https://%s/example?test=true' % hostname url4 = 'ftp://%s/example' % hostname target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data) self.assertIn('test=true', target_url3) self.assertRaisesRegexp(Exception, 'Redirect to invalid URL', OneLogin_Saml2_Utils.redirect, url4, {}, request_data) # Review parameter prefix parameters1 = { 'value1': 'a' } target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data) self.assertEqual('http://%s/example?value1=a' % hostname, target_url5) target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data) self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6) # Review parameters parameters2 = { 'alphavalue': 'a', 'numvaluelist': ['1', '2'], 'testing': None } target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data) parameters2_decoded = {"alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]=1&numvaluelist[]=2", "testing": "testing"} parameters2_str = "&".join(parameters2_decoded[x] for x in parameters2) self.assertEqual('http://%s/example?%s' % (hostname, parameters2_str), target_url7) parameters3 = { 'alphavalue': 'a', 'emptynumvaluelist': [], 'numvaluelist': [''], } parameters3_decoded = {"alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]="} parameters3_str = "&".join((parameters3_decoded[x] for x in parameters3.keys() if x in parameters3_decoded)) target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data) self.assertEqual('http://%s/example?%s' % (hostname, parameters3_str), target_url8)
def redirect_to(self, url=None, parameters={}): """ Redirects the user to the url past by parameter or to the url that we defined in our SSO Request. :param url: The target URL to redirect the user :type url: string :param parameters: Extra parameters to be passed as part of the url :type parameters: dict :returns: Redirection url """ if url is None and 'RelayState' in self.__request_data['get_data']: url = self.__request_data['get_data']['RelayState'] return OneLogin_Saml2_Utils.redirect(url, parameters, request_data=self.__request_data)
def redirect_to(self, url=None, parameters={}): """ Redirects the user to the URL passed by parameter or to the URL that we defined in our SSO Request. :param url: The target URL to redirect the user :type url: string :param parameters: Extra parameters to be passed as part of the URL :type parameters: dict :returns: Redirection URL """ if url is None and 'RelayState' in self.__request_data['get_data']: url = self.__request_data['get_data']['RelayState'] return OneLogin_Saml2_Utils.redirect(url, parameters, request_data=self.__request_data)
def testCreateDeflatedSAMLRequestURLParameter(self): """ Tests the OneLogin_Saml2_Authn_Request Constructor. The creation of a deflated SAML Request """ authn_request = OneLogin_Saml2_Authn_Request(self.__settings) parameters = { 'SAMLRequest': authn_request.get_request() } auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True) self.assertRegex(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=') exploded = urlparse(auth_url) exploded = parse_qs(exploded[4]) payload = exploded['SAMLRequest'][0] inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)) self.assertRegex(inflated, '^<samlp:AuthnRequest')
def testCreateDeflatedSAMLLogoutRequestURLParameter(self): """ Tests the OneLogin_Saml2_LogoutRequest Constructor. The creation of a deflated SAML Logout Request """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings) parameters = {'SAMLRequest': logout_request.get_request()} logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegexpMatches(logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=') url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) payload = exploded['SAMLRequest'][0] inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(payload) self.assertRegexpMatches(inflated, '^<samlp:LogoutRequest')
def testCreateDeflatedSAMLRequestURLParameter(self): """ Tests the OneLogin_Saml2_Authn_Request Constructor. The creation of a deflated SAML Request """ authn_request = OneLogin_Saml2_Authn_Request(self.__settings) parameters = { 'SAMLRequest': authn_request.get_request() } auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True) self.assertRegexpMatches(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=') exploded = urlparse(auth_url) exploded = parse_qs(exploded[4]) payload = exploded['SAMLRequest'][0] inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)) self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest')
def testCreateDeflatedSAMLLogoutResponseURLParameter(self): """ Tests the OneLogin_Saml2_LogoutResponse Constructor. The creation of a deflated SAML Logout Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) in_response_to = 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e' response_builder = OneLogin_Saml2_Logout_Response(settings) response_builder.build(in_response_to) parameters = {'SAMLResponse': response_builder.get_response()} logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegexpMatches(logout_url, r'^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLResponse=') url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(exploded['SAMLResponse'][0]) self.assertRegexpMatches(inflated, '^<samlp:LogoutResponse')
def testCreateDeflatedSAMLLogoutResponseURLParameter(self): """ Tests the OneLogin_Saml2_LogoutResponse Constructor. The creation of a deflated SAML Logout Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) in_response_to = 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e' response_builder = OneLogin_Saml2_Logout_Response(settings) response_builder.build(in_response_to) parameters = {'SAMLResponse': response_builder.get_response()} logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegexpMatches(logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLResponse=') url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(exploded['SAMLResponse'][0]) self.assertRegexpMatches(inflated, '^<samlp:LogoutResponse')
def testConstructor(self): """ Tests the OneLogin_Saml2_LogoutRequest Constructor. """ settings_info = self.loadSettingsJSON() settings_info['security']['nameIdEncrypted'] = True settings = OneLogin_Saml2_Settings(settings_info) logout_request = OneLogin_Saml2_Logout_Request(settings) parameters = {'SAMLRequest': logout_request.get_request()} logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegexpMatches(logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=') url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) payload = exploded['SAMLRequest'][0] inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)) self.assertRegexpMatches(inflated, '^<samlp:LogoutRequest')
def testConstructorEncryptIdUsingX509certMulti(self): """ Tests the OneLogin_Saml2_LogoutRequest Constructor. Case: Able to generate encryptedID with MultiCert """ settings_info = self.loadSettingsJSON('settings8.json') settings_info['security']['nameIdEncrypted'] = True settings = OneLogin_Saml2_Settings(settings_info) logout_request = OneLogin_Saml2_Logout_Request(settings) parameters = {'SAMLRequest': logout_request.get_request()} logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegexpMatches(logout_url, r'^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=') url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) payload = exploded['SAMLRequest'][0] inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(payload) self.assertRegexpMatches(inflated, '^<samlp:LogoutRequest') self.assertRegexpMatches(inflated, '<saml:EncryptedID>')
def testRedirect(self): """ Tests the redirect method of the OneLogin_Saml2_Utils """ request_data = {'http_host': 'example.com'} # Check relative and absolute hostname = OneLogin_Saml2_Utils.get_self_host(request_data) url = 'http://%s/example' % hostname url2 = '/example' target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data) target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data) self.assertEqual(target_url, target_url2) # Check that accept http/https and reject other protocols url3 = 'https://%s/example?test=true' % hostname url4 = 'ftp://%s/example' % hostname target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data) self.assertIn('test=true', target_url3) self.assertRaisesRegexp(Exception, 'Redirect to invalid URL', OneLogin_Saml2_Utils.redirect, url4, {}, request_data) # Review parameter prefix parameters1 = {'value1': 'a'} target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data) self.assertEqual('http://%s/example?value1=a' % hostname, target_url5) target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data) self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6) # Review parameters parameters2 = { 'alphavalue': 'a', 'numvaluelist': ['1', '2'], 'testing': None } target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data) parameters2_decoded = { "alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]=1&numvaluelist[]=2", "testing": "testing" } parameters2_str = "&".join(parameters2_decoded[x] for x in parameters2) self.assertEqual('http://%s/example?%s' % (hostname, parameters2_str), target_url7) parameters3 = { 'alphavalue': 'a', 'emptynumvaluelist': [], 'numvaluelist': [''], } parameters3_decoded = { "alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]=" } parameters3_str = "&".join((parameters3_decoded[x] for x in parameters3.keys() if x in parameters3_decoded)) target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data) self.assertEqual('http://%s/example?%s' % (hostname, parameters3_str), target_url8)