def test_parse_does_not_raise_exception_when_xml_metadata_does_not_have_display_names(
self, ):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
parsing_results = metadata_parser.parse(
fixtures.CORRECT_XML_WITH_ONE_IDP_METADATA_WITHOUT_DISPLAY_NAMES)
# Assert
assert 1 == len(parsing_results)
[parsing_result] = parsing_results
assert True == isinstance(parsing_result, SAMLMetadataParsingResult)
assert True == isinstance(parsing_result.provider,
SAMLIdentityProviderMetadata)
assert True == isinstance(parsing_result.xml_node,
onelogin.saml2.xmlparser.RestrictedElement)
assert (SAMLIdentityProviderMetadata(
entity_id=fixtures.IDP_1_ENTITY_ID,
ui_info=SAMLUIInfo(),
organization=SAMLOrganization(),
name_id_format=fixtures.NAME_ID_FORMAT_1,
sso_service=SAMLService(fixtures.IDP_1_SSO_URL,
fixtures.IDP_1_SSO_BINDING),
want_authn_requests_signed=False,
signing_certificates=[
fixtures.strip_certificate(fixtures.SIGNING_CERTIFICATE)
],
encryption_certificates=[
fixtures.strip_certificate(fixtures.ENCRYPTION_CERTIFICATE)
],
) == parsing_result.provider)
def test_get_service_provider_settings_returns_correct_result(
self, _, service_provider, expected_result):
# Arrange
configuration = create_autospec(spec=SAMLConfiguration)
configuration.get_service_provider = MagicMock(
return_value=service_provider)
onelogin_configuration = SAMLOneLoginConfiguration(configuration)
db = create_autospec(spec=sqlalchemy.orm.session.Session)
# Act
result = onelogin_configuration.get_service_provider_settings(db)
# Assert
result["sp"]["x509cert"] = fixtures.strip_certificate(
result["sp"]["x509cert"])
assert result == expected_result
configuration.get_service_provider.assert_called_once_with(db)
def test_parse_correctly_parses_one_idp_metadata(self):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
parsing_results = metadata_parser.parse(
fixtures.CORRECT_XML_WITH_IDP_1)
# Assert
assert 1 == len(parsing_results)
[parsing_result] = parsing_results
assert True == isinstance(parsing_result, SAMLMetadataParsingResult)
assert True == isinstance(parsing_result.provider,
SAMLIdentityProviderMetadata)
assert True == isinstance(parsing_result.xml_node,
onelogin.saml2.xmlparser.RestrictedElement)
assert (SAMLIdentityProviderMetadata(
entity_id=fixtures.IDP_1_ENTITY_ID,
ui_info=SAMLUIInfo(
[
SAMLLocalizedMetadataItem(
fixtures.IDP_1_UI_INFO_EN_DISPLAY_NAME, "en"),
SAMLLocalizedMetadataItem(
fixtures.IDP_1_UI_INFO_ES_DISPLAY_NAME, "es"),
],
[
SAMLLocalizedMetadataItem(
fixtures.IDP_1_UI_INFO_DESCRIPTION, "en")
],
[
SAMLLocalizedMetadataItem(
fixtures.IDP_1_UI_INFO_INFORMATION_URL, "en")
],
[
SAMLLocalizedMetadataItem(
fixtures.IDP_1_UI_INFO_PRIVACY_STATEMENT_URL, "en")
],
[
SAMLLocalizedMetadataItem(fixtures.IDP_1_UI_INFO_LOGO_URL,
"en")
],
),
organization=SAMLOrganization(
[
SAMLLocalizedMetadataItem(
fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_NAME,
"en"),
SAMLLocalizedMetadataItem(
fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_NAME,
"es"),
],
[
SAMLLocalizedMetadataItem(
fixtures.
IDP_1_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME,
"en",
),
SAMLLocalizedMetadataItem(
fixtures.
IDP_1_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME,
"es",
),
],
[
SAMLLocalizedMetadataItem(
fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_URL, "en"),
SAMLLocalizedMetadataItem(
fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_URL, "es"),
],
),
name_id_format=fixtures.NAME_ID_FORMAT_1,
sso_service=SAMLService(fixtures.IDP_1_SSO_URL,
fixtures.IDP_1_SSO_BINDING),
want_authn_requests_signed=False,
signing_certificates=[
fixtures.strip_certificate(fixtures.SIGNING_CERTIFICATE)
],
encryption_certificates=[
fixtures.strip_certificate(fixtures.ENCRYPTION_CERTIFICATE)
],
) == parsing_result.provider)
def test_parse_correctly_parses_one_sp_metadata(self):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
parsing_results = metadata_parser.parse(
fixtures.CORRECT_XML_WITH_ONE_SP)
# Assert
assert 1 == len(parsing_results)
[parsing_result] = parsing_results
assert True == isinstance(parsing_result, SAMLMetadataParsingResult)
assert True == isinstance(parsing_result.provider,
SAMLServiceProviderMetadata)
assert True == isinstance(parsing_result.xml_node,
onelogin.saml2.xmlparser.RestrictedElement)
assert (SAMLServiceProviderMetadata(
entity_id=fixtures.SP_ENTITY_ID,
ui_info=SAMLUIInfo(
[
SAMLLocalizedMetadataItem(
fixtures.SP_UI_INFO_EN_DISPLAY_NAME, "en"),
SAMLLocalizedMetadataItem(
fixtures.SP_UI_INFO_ES_DISPLAY_NAME, "es"),
],
[
SAMLLocalizedMetadataItem(fixtures.SP_UI_INFO_DESCRIPTION,
"en")
],
[
SAMLLocalizedMetadataItem(
fixtures.SP_UI_INFO_INFORMATION_URL, "en")
],
[
SAMLLocalizedMetadataItem(
fixtures.SP_UI_INFO_PRIVACY_STATEMENT_URL, "en")
],
[SAMLLocalizedMetadataItem(fixtures.SP_UI_INFO_LOGO_URL)],
),
organization=SAMLOrganization(
[
SAMLLocalizedMetadataItem(
fixtures.SP_ORGANIZATION_EN_ORGANIZATION_NAME, "en"),
SAMLLocalizedMetadataItem(
fixtures.SP_ORGANIZATION_ES_ORGANIZATION_NAME, "es"),
],
[
SAMLLocalizedMetadataItem(
fixtures.SP_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME,
"en"),
SAMLLocalizedMetadataItem(
fixtures.SP_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME,
"es"),
],
[
SAMLLocalizedMetadataItem(
fixtures.SP_ORGANIZATION_EN_ORGANIZATION_URL, "en"),
SAMLLocalizedMetadataItem(
fixtures.SP_ORGANIZATION_ES_ORGANIZATION_URL, "es"),
],
),
name_id_format=SAMLNameIDFormat.UNSPECIFIED.value,
acs_service=SAMLService(fixtures.SP_ACS_URL,
fixtures.SP_ACS_BINDING),
authn_requests_signed=False,
want_assertions_signed=False,
certificate=fixtures.strip_certificate(
fixtures.SIGNING_CERTIFICATE),
) == parsing_result.provider)
def test_get_settings_returns_correct_result(self):
# Arrange
debug = False
strict = False
service_provider_debug_mode_mock = PropertyMock(return_value=debug)
service_provider_strict_mode_mock = PropertyMock(return_value=strict)
configuration = create_autospec(spec=SAMLConfiguration)
type(configuration
).service_provider_debug_mode = service_provider_debug_mode_mock
type(configuration
).service_provider_strict_mode = service_provider_strict_mode_mock
configuration.get_service_provider = MagicMock(
return_value=SERVICE_PROVIDER_WITH_CERTIFICATE)
configuration.get_identity_providers = MagicMock(
return_value=IDENTITY_PROVIDERS)
onelogin_configuration = SAMLOneLoginConfiguration(configuration)
expected_result = {
"debug": debug,
"strict": strict,
"idp": {
"entityId": IDENTITY_PROVIDERS[0].entity_id,
"singleSignOnService": {
"url": IDENTITY_PROVIDERS[0].sso_service.url,
"binding": IDENTITY_PROVIDERS[0].sso_service.binding.value,
},
"singleLogoutService": {},
"x509cert": "",
"certFingerprint": "",
"certFingerprintAlgorithm": "sha1",
},
"sp": {
"entityId":
SERVICE_PROVIDER_WITH_CERTIFICATE.entity_id,
"assertionConsumerService": {
"url":
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.url,
"binding":
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.binding.
value,
},
"attributeConsumingService": {},
"singleLogoutService": {
"binding":
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"NameIDFormat":
SERVICE_PROVIDER_WITH_CERTIFICATE.name_id_format,
"x509cert":
fixtures.strip_certificate(
SERVICE_PROVIDER_WITH_CERTIFICATE.certificate),
"privateKey":
SERVICE_PROVIDER_WITH_CERTIFICATE.private_key,
},
"security": {
"failOnAuthnContextMismatch":
False,
"requestedAuthnContextComparison":
"exact",
"wantNameIdEncrypted":
False,
"authnRequestsSigned":
SERVICE_PROVIDER_WITH_CERTIFICATE.authn_requests_signed
or IDENTITY_PROVIDERS[0].want_authn_requests_signed,
"logoutResponseSigned":
False,
"wantMessagesSigned":
False,
"metadataCacheDuration":
None,
"requestedAuthnContext":
True,
"logoutRequestSigned":
False,
"wantAttributeStatement":
True,
"signMetadata":
False,
"digestAlgorithm":
"http://www.w3.org/2000/09/xmldsig#sha1",
"metadataValidUntil":
None,
"wantAssertionsSigned":
False,
"wantNameId":
True,
"wantAssertionsEncrypted":
False,
"nameIdEncrypted":
False,
"signatureAlgorithm":
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"allowRepeatAttributeName":
False,
},
}
db = create_autospec(spec=sqlalchemy.orm.session.Session)
# Act
result = onelogin_configuration.get_settings(
db, IDENTITY_PROVIDERS[0].entity_id)
# Assert
result["sp"]["x509cert"] = fixtures.strip_certificate(
result["sp"]["x509cert"])
assert result == expected_result
service_provider_debug_mode_mock.assert_called_with()
service_provider_strict_mode_mock.assert_called_with()
configuration.get_service_provider.assert_called_with(db)
configuration.get_identity_providers.assert_called_with(db)