def test_logout_request_http_post_with_reason_attr(self): # https://github.com/italia/spid-testenv2/issues/159 config = FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') request = FakeRequest(sample_requests.logout_with_reason_attr % (sample_requests.fake_signature)) registry = FakeRegistry({ 'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')]) }) validator = SpidRequestValidator( 'logout', settings.BINDING_HTTP_POST, registry, config) validator.validate(request)
def test_logout_request_http_redirect_without_signature(self): # https://github.com/italia/spid-testenv2/issues/159 # https://github.com/italia/spid-testenv2/issues/165 config = FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') request = FakeRequest(sample_requests.logout_no_signature % ('')) registry = FakeRegistry({ 'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')]) }) validator = SpidRequestValidator( 'logout', settings.BINDING_HTTP_REDIRECT, registry, config) validator.validate(request)
def test_missing_issuer(self): # https://github.com/italia/spid-testenv2/issues/133 config = FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') registry = FakeRegistry({ 'http://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')]) }) for binding, val in list({settings.BINDING_HTTP_POST: sample_requests.fake_signature, settings.BINDING_HTTP_REDIRECT: ''}.items()): request = FakeRequest(sample_requests.missing_issuer) validator = SpidRequestValidator('login', binding, registry, config) with pytest.raises(UnknownEntityIDError) as excinfo: request.saml_request = request.saml_request % (val) validator.validate(request) exc = excinfo.value self.assertEqual( 'Issuer non presente nella AuthnRequest', str(exc))
def test_logout_request_http_post_without_signature(self): # https://github.com/italia/spid-testenv2/issues/159 # https://github.com/italia/spid-testenv2/issues/165 config = FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') request = FakeRequest(sample_requests.logout_no_signature % ('')) registry = FakeRegistry({ 'https://localhost:8088/': ServiceProviderMetadataFakeLoader( [], [(0, 'http://localhost:3000/spid-sso')]) }) validator = SpidRequestValidator('logout', settings.BINDING_HTTP_POST, registry, config) with pytest.raises(SPIDValidationError) as excinfo: validator.validate(request) exc = excinfo.value self.assertEqual('LogoutRequest/Signature', exc.details[0].path) self.assertEqual('required key not provided', exc.details[0].message)
def test_wrong_destination(self): # https://github.com/italia/spid-testenv2/issues/158 config = FakeConfig('http://localhost:9999/sso', 'http://localhost:9999/') registry = FakeRegistry({ 'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')]) }) for binding, val in list({ settings.BINDING_HTTP_POST: sample_requests.fake_signature, settings.BINDING_HTTP_REDIRECT: '' }.items()): validator = SpidRequestValidator('login', binding, registry, config) request = FakeRequest(sample_requests.wrong_destination) with pytest.raises(SPIDValidationError) as excinfo: request.saml_request = request.saml_request % (val) validator.validate(request) exc = excinfo.value self.assertEqual( 'Il valore dell\'elemento รจ diverso dal valore atteso (http://localhost:9999/):', exc.details[0].message)
def test_authn_request_http_redirect_with_signature(self): # https://github.com/italia/spid-testenv2/issues/159 # https://github.com/italia/spid-testenv2/issues/165 config = FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') request = FakeRequest(sample_requests.auth_no_signature % (sample_requests.fake_signature)) registry = FakeRegistry({ 'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')]) }) validator = SpidRequestValidator( 'login', settings.BINDING_HTTP_REDIRECT, registry, config) with pytest.raises(SPIDValidationError) as excinfo: validator.validate(request) exc = excinfo.value self.assertEqual( 'AuthnRequest/Signature', exc.details[0].path ) self.assertEqual('item not allowed', exc.details[0].message)