def test_filter_values_req_opt_4(): r = [ Attribute( friendly_name="surName", name="urn:oid:2.5.4.4", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), Attribute( friendly_name="givenName", name="urn:oid:2.5.4.42", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")] o = [ Attribute( friendly_name="title", name="urn:oid:2.5.4.12", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")] acs = attribute_converter.ac_factory(full_path("attributemaps")) rava = attribute_converter.list_to_local(acs, r) oava = attribute_converter.list_to_local(acs, o) ava = {"sn": ["Hedberg"], "givenName": ["Roland"], "eduPersonAffiliation": ["staff"], "uid": ["rohe0002"]} ava = assertion.filter_on_demands(ava, rava, oava) print ava assert _eq(ava.keys(), ['givenName', 'sn']) assert ava == {'givenName': ['Roland'], 'sn': ['Hedberg']}
def test_filter_values_req_opt_4(): r = [ Attribute( friendly_name="surName", name="urn:oid:2.5.4.4", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), Attribute( friendly_name="givenName", name="urn:oid:2.5.4.42", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri") ] o = [ Attribute( friendly_name="title", name="urn:oid:2.5.4.12", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri") ] acs = attribute_converter.ac_factory(full_path("attributemaps")) rava = attribute_converter.list_to_local(acs, r) oava = attribute_converter.list_to_local(acs, o) ava = { "sn": ["Hedberg"], "givenName": ["Roland"], "eduPersonAffiliation": ["staff"], "uid": ["rohe0002"] } ava = assertion.filter_on_demands(ava, rava, oava) print(ava) assert _eq(sorted(list(ava.keys())), ['givenName', 'sn']) assert ava == {'givenName': ['Roland'], 'sn': ['Hedberg']}
def login(self): """ Login endpoint (verify user credentials) """ def from_session(key): return session[key] if key in session else None key = from_session('request_key') relay_state = from_session('relay_state') self.app.logger.debug('Request key: {}'.format(key)) if key and key in self.ticket: authn_request = self.ticket[key] message = authn_request.message sp_id = message.issuer.text destination = self.get_destination(authn_request, sp_id) authn_context = message.requested_authn_context spid_level = authn_context.authn_context_class_ref[0].text authn_info = self.authn_broker.pick(authn_context) callback, reference = authn_info[0] if request.method == 'GET': # inject extra data in form login based on spid level extra_challenge = callback(**{'key': key}) rendered_form = render_template( 'login.html', **{ 'action': url_for('login'), 'request_key': key, 'relay_state': relay_state, 'extra_challenge': extra_challenge }) return rendered_form, 200 if 'confirm' in request.form: # verify optional challenge based on spid level verified = callback(verify=True, **{ 'key': key, 'data': request.form }) if verified: # verify user credentials user_id, user = self.user_manager.get( request.form['username'], request.form['password'], sp_id) if user_id is not None: # setup response identity = user['attrs'].copy() AUTHN = { "class_ref": spid_level, "authn_auth": spid_level } self.app.logger.debug( 'Unfiltered data: {}'.format(identity)) atcs_idx = message.attribute_consuming_service_index self.app.logger.debug( 'attribute_consuming_service_index: {}'.format( atcs_idx)) if atcs_idx: attrs = self.server.wants(sp_id, atcs_idx) required = [ Attribute(name=el.get('name'), friendly_name=None, name_format=NAME_FORMAT_BASIC) for el in attrs.get('required') ] optional = [ Attribute(name=el.get('name'), friendly_name=None, name_format=NAME_FORMAT_BASIC) for el in attrs.get('optional') ] acs = ac_factory( './testenv/attributemaps', **{'override_types': self._all_attributes}) rava = list_to_local(acs, required) oava = list_to_local(acs, optional) else: rava = {} oava = {} self.app.logger.debug( 'Required attributes: {}'.format(rava)) self.app.logger.debug( 'Optional attributes: {}'.format(oava)) identity = filter_on_demands(identity, rava, oava) self.app.logger.debug( 'Filtered data: {}'.format(identity)) _data = dict(identity=identity, userid=user_id, in_response_to=message.id, destination=destination, sp_entity_id=sp_id, authn=AUTHN, issuer=self.server.config.entityid, sign_alg=SIGN_ALG, digest_alg=DIGEST_ALG, sign_assertion=True, release_policy=SpidPolicy(restrictions={ 'default': { 'name_form': NAME_FORMAT_BASIC, } }, index=atcs_idx)) response = self.server.create_authn_response(**_data) self.app.logger.debug( 'Response: \n{}'.format(response)) http_args = self.server.apply_binding( BINDING_HTTP_POST, response, destination, response=True, sign=True, relay_state=relay_state) # Setup confirmation page data self.responses[key] = http_args['data'] rendered_response = render_template( 'confirm.html', **{ 'destination_service': sp_id, 'lines': escape(prettify_xml(response)).splitlines(), 'attrs': identity.keys(), 'action': '/continue-response', 'request_key': key }) return rendered_response, 200 elif 'delete' in request.form: error_response = self.server.create_error_response( in_response_to=authn_request.message.id, destination=destination, info=get_spid_error(AUTH_NO_CONSENT)) self.app.logger.debug('Error response: \n{}'.format( prettify_xml(str(error_response)))) http_args = self.server.apply_binding(BINDING_HTTP_POST, error_response, destination, response=True, sign=True, relay_state=relay_state) del self.ticket[key] return http_args['data'], 200 return render_template('403.html'), 403