def test_saml(self):
bsn = fixtures.random_bsn()
verified_data = _get_verified_data(
fixtures.generate_saml_token_for_bsn(bsn), cert_and_key.server_crt)
saml_attributes = _get_saml_assertion_attributes(verified_data)
self.assertIn('uid', saml_attributes)
self.assertEqual(str(bsn), saml_attributes['uid'])
def test_check_operation_fails_invalid_bsn(self):
token = fixtures.generate_saml_token_for_bsn('987654321')
request = fixtures.Request({TMA_SAML_HEADER: token})
self.assertRaises(InvalidBSNException, get_user_type, request,
cert_and_key.server_crt)
self.assertRaises(InvalidBSNException, get_digi_d_bsn, request,
cert_and_key.server_crt)
def test_check_operation_fails_invalid_bsn():
client = application.test_client()
token = generate_saml_token_for_bsn('987654321')
headers = {'x-saml-attribute-token1': token}
response = client.get('/auth/check', headers=headers)
assert 'Ongeldige BSN' in response.get_data(as_text=True)
assert response.status_code == 400
def test_check_operation_burger(self):
token = fixtures.generate_saml_token_for_bsn('987654329')
request = fixtures.Request({TMA_SAML_HEADER: token})
user_type = get_user_type(request, cert_and_key.server_crt)
self.assertEqual(user_type, UserType.BURGER)
bsn = get_digi_d_bsn(request, cert_and_key.server_crt)
self.assertEqual(bsn, '987654329')
def test_validity_verification_future(self):
now = datetime.utcnow()
invalid_not_before = now + timedelta(weeks=52)
invalid_not_on_or_after = now + timedelta(weeks=51)
token = fixtures.generate_saml_token_for_bsn('987654321',
invalid_not_before,
invalid_not_on_or_after)
request = fixtures.Request({TMA_SAML_HEADER: token})
self.assertRaises(SamlExpiredException, get_user_type, request,
cert_and_key.server_crt)
def test_secondary_cert_get_bsn(self):
token = fixtures.generate_saml_token_for_bsn('987654329')
# fail without secondary cert being set
with self.assertRaises(InvalidSignature):
_get_verified_data(token, server_crt)
# set the environment to have the secondary tma cert
with patch.dict('os.environ',
{'TMA_CERTIFICATE_SECONDARY': secondary_server_crt}):
_get_verified_data(token, server_crt)
def test_get_session_valid_until(self):
now = datetime.utcnow()
now = now.replace(
microsecond=(now.microsecond // 1000) * 1000
) # decrease the resolution to match as it is saved in saml token
not_on_or_after_expected = now + timedelta(minutes=15)
bsn = fixtures.random_bsn()
token = fixtures.generate_saml_token_for_bsn(
bsn, not_on_or_after=not_on_or_after_expected)
request = fixtures.Request({TMA_SAML_HEADER: token})
not_on_or_after = get_session_valid_until(request, server_crt)
not_on_or_after = not_on_or_after.replace(
tzinfo=None) # returned date does have a timezone
self.assertEqual(not_on_or_after, not_on_or_after_expected)
def test_check_operation_burger():
client = application.test_client()
now = datetime.now(tz=timezone.utc)
valid_until = now + timedelta(minutes=15)
with freeze_time(now):
token = generate_saml_token_for_bsn('987654329')
headers = {'x-saml-attribute-token1': token}
response = client.get('/auth/check', headers=headers)
data = json.loads(response.get_data(as_text=True))
# decrease resolution
valid_until_timestamp_in_ms = floor(valid_until.timestamp() * 1000)
assert data == {
'isAuthenticated': True,
'userType': "BURGER",
"validUntil": floor(valid_until_timestamp_in_ms)
}
assert response.status_code == 200
def _get_digi_d_saml_token(self, bsn):
return generate_saml_token_for_bsn(bsn)