def testRedirect(self):
"""
Tests the redirect method of the OneLogin_Saml2_Utils
"""
request_data = {
'http_host': 'example.com'
}
# Check relative and absolute
hostname = OneLogin_Saml2_Utils.get_self_host(request_data)
url = 'http://%s/example' % hostname
url2 = '/example'
target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data)
target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data)
self.assertEqual(target_url, target_url2)
# Check that accept http/https and reject other protocols
url3 = 'https://%s/example?test=true' % hostname
url4 = 'ftp://%s/example' % hostname
target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data)
self.assertIn('test=true', target_url3)
try:
target_url4 = OneLogin_Saml2_Utils.redirect(url4, {}, request_data)
self.assertTrue(target_url4 == 42)
except Exception as e:
self.assertIn('Redirect to invalid URL', e.message)
# Review parameter prefix
parameters1 = {
'value1': 'a'
}
target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data)
self.assertEqual('http://%s/example?value1=a' % hostname, target_url5)
target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data)
self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6)
# Review parameters
parameters2 = {
'alphavalue': 'a',
'numvaluelist': ['1', '2'],
'testing': None
}
target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data)
self.assertEqual('http://%s/example?numvaluelist[]=1&numvaluelist[]=2&testing&alphavalue=a' % hostname, target_url7)
parameters3 = {
'alphavalue': 'a',
'emptynumvaluelist': [],
'numvaluelist': [''],
}
target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data)
self.assertEqual('http://%s/example?numvaluelist[]=&alphavalue=a' % hostname, target_url8)
def testRedirect(self):
"""
Tests the redirect method of the OneLogin_Saml2_Utils
"""
request_data = {
'http_host': 'example.com'
}
# Check relative and absolute
hostname = OneLogin_Saml2_Utils.get_self_host(request_data)
url = 'http://%s/example' % hostname
url2 = '/example'
target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data)
target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data)
self.assertEqual(target_url, target_url2)
# Check that accept http/https and reject other protocols
url3 = 'https://%s/example?test=true' % hostname
url4 = 'ftp://%s/example' % hostname
target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data)
self.assertIn('test=true', target_url3)
try:
target_url4 = OneLogin_Saml2_Utils.redirect(url4, {}, request_data)
self.assertTrue(target_url4 == 42)
except Exception as e:
self.assertIn('Redirect to invalid URL', e.message)
# Review parameter prefix
parameters1 = {
'value1': 'a'
}
target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data)
self.assertEqual('http://%s/example?value1=a' % hostname, target_url5)
target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data)
self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6)
# Review parameters
parameters2 = {
'alphavalue': 'a',
'numvaluelist': ['1', '2'],
'testing': None
}
target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data)
self.assertEqual('http://%s/example?numvaluelist[]=1&numvaluelist[]=2&testing&alphavalue=a' % hostname, target_url7)
parameters3 = {
'alphavalue': 'a',
'emptynumvaluelist': [],
'numvaluelist': [''],
}
target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data)
self.assertEqual('http://%s/example?numvaluelist[]=&alphavalue=a' % hostname, target_url8)
def testCreateEncSAMLRequest(self):
"""
Tests the OneLogin_Saml2_Authn_Request Constructor.
The creation of a deflated SAML Request
"""
settings = self.loadSettingsJSON()
settings['organization'] = {
'es': {
'name': 'sp_prueba',
'displayname': 'SP prueba',
'url': 'http://sp.example.com'
}
}
settings['security']['wantNameIdEncrypted'] = True
settings = OneLogin_Saml2_Settings(settings)
authn_request = OneLogin_Saml2_Authn_Request(settings)
parameters = {
'SAMLRequest': authn_request.get_request()
}
auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True)
self.assertRegexpMatches(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=')
exploded = urlparse(auth_url)
exploded = parse_qs(exploded[4])
payload = exploded['SAMLRequest'][0]
decoded = b64decode(payload)
inflated = decompress(decoded, -15)
self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest')
self.assertRegexpMatches(inflated, 'AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php"')
self.assertRegexpMatches(inflated, '<saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>')
self.assertRegexpMatches(inflated, 'Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"')
self.assertRegexpMatches(inflated, 'ProviderName="SP prueba"')
def testCreateEncSAMLRequest(self):
"""
Tests the OneLogin_Saml2_Authn_Request Constructor.
The creation of a deflated SAML Request
"""
settings = self.loadSettingsJSON()
settings['organization'] = {
'es': {
'name': 'sp_prueba',
'displayname': 'SP prueba',
'url': 'http://sp.example.com'
}
}
settings['security']['wantNameIdEncrypted'] = True
settings = OneLogin_Saml2_Settings(settings)
authn_request = OneLogin_Saml2_Authn_Request(settings)
parameters = {
'SAMLRequest': authn_request.get_request()
}
auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True)
self.assertRegexpMatches(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=')
exploded = urlparse(auth_url)
exploded = parse_qs(exploded[4])
payload = exploded['SAMLRequest'][0]
decoded = b64decode(payload)
inflated = decompress(decoded, -15)
self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest')
self.assertRegexpMatches(inflated, 'AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php"')
self.assertRegexpMatches(inflated, '<saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>')
self.assertRegexpMatches(inflated, 'Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"')
self.assertRegexpMatches(inflated, 'ProviderName="SP prueba"')
def testConstructorEncryptIdUsingX509certMulti(self):
"""
Tests the OneLogin_Saml2_LogoutRequest Constructor.
Case: Able to generate encryptedID with MultiCert
"""
settings_info = self.loadSettingsJSON('settings8.json')
settings_info['security']['nameIdEncrypted'] = True
settings = OneLogin_Saml2_Settings(settings_info)
logout_request = OneLogin_Saml2_Logout_Request(settings)
parameters = {'SAMLRequest': logout_request.get_request()}
logout_url = OneLogin_Saml2_Utils.redirect(
'http://idp.example.com/SingleLogoutService.php', parameters, True)
self.assertRegex(
logout_url,
'^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest='
)
url_parts = urlparse(logout_url)
exploded = parse_qs(url_parts.query)
payload = exploded['SAMLRequest'][0]
inflated = compat.to_string(
OneLogin_Saml2_Utils.decode_base64_and_inflate(payload))
self.assertRegex(inflated, '^<samlp:LogoutRequest')
self.assertRegex(inflated, '<saml:EncryptedID>')
def testRedirect(self):
"""
Tests the redirect method of the OneLogin_Saml2_Utils
"""
request_data = {
'http_host': 'example.com'
}
# Check relative and absolute
hostname = OneLogin_Saml2_Utils.get_self_host(request_data)
url = 'http://%s/example' % hostname
url2 = '/example'
target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data)
target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data)
self.assertEqual(target_url, target_url2)
# Check that accept http/https and reject other protocols
url3 = 'https://%s/example?test=true' % hostname
url4 = 'ftp://%s/example' % hostname
target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data)
self.assertIn('test=true', target_url3)
self.assertRaisesRegexp(Exception, 'Redirect to invalid URL',
OneLogin_Saml2_Utils.redirect, url4, {}, request_data)
# Review parameter prefix
parameters1 = {
'value1': 'a'
}
target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data)
self.assertEqual('http://%s/example?value1=a' % hostname, target_url5)
target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data)
self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6)
# Review parameters
parameters2 = {
'alphavalue': 'a',
'numvaluelist': ['1', '2'],
'testing': None
}
target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data)
parameters2_decoded = {"alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]=1&numvaluelist[]=2", "testing": "testing"}
parameters2_str = "&".join(parameters2_decoded[x] for x in parameters2)
self.assertEqual('http://%s/example?%s' % (hostname, parameters2_str), target_url7)
parameters3 = {
'alphavalue': 'a',
'emptynumvaluelist': [],
'numvaluelist': [''],
}
parameters3_decoded = {"alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]="}
parameters3_str = "&".join((parameters3_decoded[x] for x in parameters3.keys() if x in parameters3_decoded))
target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data)
self.assertEqual('http://%s/example?%s' % (hostname, parameters3_str), target_url8)
def redirect_to(self, url=None, parameters={}):
"""
Redirects the user to the url past by parameter or to the url that we defined in our SSO Request.
:param url: The target URL to redirect the user
:type url: string
:param parameters: Extra parameters to be passed as part of the url
:type parameters: dict
:returns: Redirection url
"""
if url is None and 'RelayState' in self.__request_data['get_data']:
url = self.__request_data['get_data']['RelayState']
return OneLogin_Saml2_Utils.redirect(url, parameters, request_data=self.__request_data)
def redirect_to(self, url=None, parameters={}):
"""
Redirects the user to the URL passed by parameter or to the URL that we defined in our SSO Request.
:param url: The target URL to redirect the user
:type url: string
:param parameters: Extra parameters to be passed as part of the URL
:type parameters: dict
:returns: Redirection URL
"""
if url is None and 'RelayState' in self.__request_data['get_data']:
url = self.__request_data['get_data']['RelayState']
return OneLogin_Saml2_Utils.redirect(url, parameters, request_data=self.__request_data)
def testCreateDeflatedSAMLRequestURLParameter(self):
"""
Tests the OneLogin_Saml2_Authn_Request Constructor.
The creation of a deflated SAML Request
"""
authn_request = OneLogin_Saml2_Authn_Request(self.__settings)
parameters = {
'SAMLRequest': authn_request.get_request()
}
auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True)
self.assertRegex(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=')
exploded = urlparse(auth_url)
exploded = parse_qs(exploded[4])
payload = exploded['SAMLRequest'][0]
inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload))
self.assertRegex(inflated, '^<samlp:AuthnRequest')
def testCreateDeflatedSAMLLogoutRequestURLParameter(self):
"""
Tests the OneLogin_Saml2_LogoutRequest Constructor.
The creation of a deflated SAML Logout Request
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
logout_request = OneLogin_Saml2_Logout_Request(settings)
parameters = {'SAMLRequest': logout_request.get_request()}
logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True)
self.assertRegexpMatches(logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=')
url_parts = urlparse(logout_url)
exploded = parse_qs(url_parts.query)
payload = exploded['SAMLRequest'][0]
inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)
self.assertRegexpMatches(inflated, '^<samlp:LogoutRequest')
def testCreateDeflatedSAMLRequestURLParameter(self):
"""
Tests the OneLogin_Saml2_Authn_Request Constructor.
The creation of a deflated SAML Request
"""
authn_request = OneLogin_Saml2_Authn_Request(self.__settings)
parameters = {
'SAMLRequest': authn_request.get_request()
}
auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True)
self.assertRegexpMatches(auth_url, '^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=')
exploded = urlparse(auth_url)
exploded = parse_qs(exploded[4])
payload = exploded['SAMLRequest'][0]
inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload))
self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest')
def testCreateDeflatedSAMLLogoutResponseURLParameter(self):
"""
Tests the OneLogin_Saml2_LogoutResponse Constructor.
The creation of a deflated SAML Logout Response
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
in_response_to = 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e'
response_builder = OneLogin_Saml2_Logout_Response(settings)
response_builder.build(in_response_to)
parameters = {'SAMLResponse': response_builder.get_response()}
logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True)
self.assertRegexpMatches(logout_url, r'^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLResponse=')
url_parts = urlparse(logout_url)
exploded = parse_qs(url_parts.query)
inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(exploded['SAMLResponse'][0])
self.assertRegexpMatches(inflated, '^<samlp:LogoutResponse')
def testCreateDeflatedSAMLLogoutResponseURLParameter(self):
"""
Tests the OneLogin_Saml2_LogoutResponse Constructor.
The creation of a deflated SAML Logout Response
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
in_response_to = 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e'
response_builder = OneLogin_Saml2_Logout_Response(settings)
response_builder.build(in_response_to)
parameters = {'SAMLResponse': response_builder.get_response()}
logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True)
self.assertRegexpMatches(logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLResponse=')
url_parts = urlparse(logout_url)
exploded = parse_qs(url_parts.query)
inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(exploded['SAMLResponse'][0])
self.assertRegexpMatches(inflated, '^<samlp:LogoutResponse')
def testConstructor(self):
"""
Tests the OneLogin_Saml2_LogoutRequest Constructor.
"""
settings_info = self.loadSettingsJSON()
settings_info['security']['nameIdEncrypted'] = True
settings = OneLogin_Saml2_Settings(settings_info)
logout_request = OneLogin_Saml2_Logout_Request(settings)
parameters = {'SAMLRequest': logout_request.get_request()}
logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True)
self.assertRegexpMatches(logout_url, '^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=')
url_parts = urlparse(logout_url)
exploded = parse_qs(url_parts.query)
payload = exploded['SAMLRequest'][0]
inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload))
self.assertRegexpMatches(inflated, '^<samlp:LogoutRequest')
def testConstructorEncryptIdUsingX509certMulti(self):
"""
Tests the OneLogin_Saml2_LogoutRequest Constructor.
Case: Able to generate encryptedID with MultiCert
"""
settings_info = self.loadSettingsJSON('settings8.json')
settings_info['security']['nameIdEncrypted'] = True
settings = OneLogin_Saml2_Settings(settings_info)
logout_request = OneLogin_Saml2_Logout_Request(settings)
parameters = {'SAMLRequest': logout_request.get_request()}
logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True)
self.assertRegexpMatches(logout_url, r'^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=')
url_parts = urlparse(logout_url)
exploded = parse_qs(url_parts.query)
payload = exploded['SAMLRequest'][0]
inflated = OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)
self.assertRegexpMatches(inflated, '^<samlp:LogoutRequest')
self.assertRegexpMatches(inflated, '<saml:EncryptedID>')
def testRedirect(self):
"""
Tests the redirect method of the OneLogin_Saml2_Utils
"""
request_data = {'http_host': 'example.com'}
# Check relative and absolute
hostname = OneLogin_Saml2_Utils.get_self_host(request_data)
url = 'http://%s/example' % hostname
url2 = '/example'
target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data)
target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data)
self.assertEqual(target_url, target_url2)
# Check that accept http/https and reject other protocols
url3 = 'https://%s/example?test=true' % hostname
url4 = 'ftp://%s/example' % hostname
target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data)
self.assertIn('test=true', target_url3)
self.assertRaisesRegexp(Exception, 'Redirect to invalid URL',
OneLogin_Saml2_Utils.redirect, url4, {},
request_data)
# Review parameter prefix
parameters1 = {'value1': 'a'}
target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1,
request_data)
self.assertEqual('http://%s/example?value1=a' % hostname, target_url5)
target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1,
request_data)
self.assertEqual('https://%s/example?test=true&value1=a' % hostname,
target_url6)
# Review parameters
parameters2 = {
'alphavalue': 'a',
'numvaluelist': ['1', '2'],
'testing': None
}
target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2,
request_data)
parameters2_decoded = {
"alphavalue": "alphavalue=a",
"numvaluelist": "numvaluelist[]=1&numvaluelist[]=2",
"testing": "testing"
}
parameters2_str = "&".join(parameters2_decoded[x] for x in parameters2)
self.assertEqual('http://%s/example?%s' % (hostname, parameters2_str),
target_url7)
parameters3 = {
'alphavalue': 'a',
'emptynumvaluelist': [],
'numvaluelist': [''],
}
parameters3_decoded = {
"alphavalue": "alphavalue=a",
"numvaluelist": "numvaluelist[]="
}
parameters3_str = "&".join((parameters3_decoded[x]
for x in parameters3.keys()
if x in parameters3_decoded))
target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3,
request_data)
self.assertEqual('http://%s/example?%s' % (hostname, parameters3_str),
target_url8)
