def test_create_light_response_failed_response(self):
self.maxDiff = None
with cast(BinaryIO,
(DATA_DIR / 'saml_response_failed.xml').open('rb')) as f:
response = SAMLResponse(parse_xml(f), 'relay123')
self.assertEqual(response.create_light_response(),
self.create_light_response(False))
def test_create_light_response_no_auth_statement(self):
root = Element(Q_NAMES['saml2p:Response'], nsmap=EIDAS_NAMESPACES)
SubElement(root, Q_NAMES['saml2:Assertion'])
saml = SAMLResponse(ElementTree(root))
response = saml.create_light_response()
self.assertIsNone(response.ip_address)
self.assertIsNone(response.level_of_assurance)
def test_create_light_response_not_encrypted(self):
self.maxDiff = None
with cast(BinaryIO, (DATA_DIR / 'saml_response.xml').open('rb')) as f:
saml_response = SAMLResponse(parse_xml(f), 'relay123')
light_response = saml_response.create_light_response()
self.assertEqual(light_response, self.create_light_response(True))
def test_create_light_response_with_unsupported_sub_status(self):
with cast(BinaryIO,
(DATA_DIR / 'saml_response_failed_unsupported_sub_status.xml'
).open('rb')) as f:
response = SAMLResponse(parse_xml(f), 'relay123')
expected = self.create_light_response(False)
expected.status.sub_status_code = None
self.assertEqual(response.create_light_response(), expected)
def test_create_light_response_with_status_version_mismatch(self):
with cast(
BinaryIO,
(DATA_DIR /
'saml_response_failed_version_mismatch.xml').open('rb')) as f:
response = SAMLResponse(parse_xml(f), 'relay123')
expected = self.create_light_response(False)
expected.status.status_code = StatusCode.REQUESTER
expected.status.sub_status_code = SubStatusCode.VERSION_MISMATCH
self.assertEqual(response.create_light_response(), expected)
def test_create_light_response_decrypted(self):
self.maxDiff = None
with cast(BinaryIO,
(DATA_DIR / 'saml_response_decrypted.xml').open('rb')) as f:
response = SAMLResponse(parse_xml(f), 'relay123')
light_response = self.create_light_response(
True,
level_of_assurance=LevelOfAssurance.SUBSTANTIAL,
ip_address='217.31.205.1',
id='_751e557772344aa59e9e3f35d2c9f6d6',
in_response_to_id='e399fb9b-9454-4284-831f-4aa33d83757e',
issuer='urn:microsoft:cgg2010:fpsts')
self.assertEqual(response.create_light_response(), light_response)
def test_create_light_response_with_extra_elements(self):
self.maxDiff = None
with cast(BinaryIO, (DATA_DIR / 'saml_response.xml').open('rb')) as f:
response = SAMLResponse(parse_xml(f), 'relay123')
SubElement(
response.document.find(".//{}".format(
Q_NAMES['saml2p:StatusCode'])), 'something')
SubElement(
response.document.find(".//{}".format(
Q_NAMES['saml2:AuthnStatement'])), 'something')
SubElement(
response.document.find(".//{}".format(
Q_NAMES['saml2:AuthnContext'])), 'something')
self.assertEqual(response.create_light_response(),
self.create_light_response(True))
def test_create_light_response_unrecognized_auth_context_class(self):
root = Element(Q_NAMES['saml2p:Response'], {
'ID': 'id',
'InResponseTo': 'id0'
},
nsmap=EIDAS_NAMESPACES)
context_class = SubElement(
SubElement(
SubElement(SubElement(root, Q_NAMES['saml2:Assertion']),
Q_NAMES['saml2:AuthnStatement']),
Q_NAMES['saml2:AuthnContext']),
Q_NAMES['saml2:AuthnContextClassRef'])
context_class.text = 'saml2:AuthnContextClassRef:unrecognized'
saml = SAMLResponse(ElementTree(root))
response = saml.create_light_response()
self.assertEqual(response.id, 'id')
self.assertEqual(response.in_response_to_id, 'id0')
self.assertTrue(response.status.failure)
self.assertEqual(response.status.status_code, StatusCode.RESPONDER)
self.assertIn('saml2:AuthnContextClassRef:unrecognized',
response.status.status_message)
self.assertIsNone(response.level_of_assurance)
def test_create_light_response_auth_context_class_alias_not_used(self):
root = Element(Q_NAMES['saml2p:Response'], {
'ID': 'id',
'InResponseTo': 'id0'
},
nsmap=EIDAS_NAMESPACES)
context_class = SubElement(
SubElement(
SubElement(SubElement(root, Q_NAMES['saml2:Assertion']),
Q_NAMES['saml2:AuthnStatement']),
Q_NAMES['saml2:AuthnContext']),
Q_NAMES['saml2:AuthnContextClassRef'])
context_class.text = LevelOfAssurance.HIGH.value
saml = SAMLResponse(ElementTree(root))
response = saml.create_light_response(
{context_class.text: LevelOfAssurance.LOW})
self.assertEqual(response.id, 'id')
self.assertEqual(response.in_response_to_id, 'id0')
self.assertFalse(response.status.failure)
self.assertIsNone(response.status.status_code)
self.assertEqual(response.level_of_assurance,
LevelOfAssurance.HIGH) # Not overridden
def test_create_light_response_missing_decrypted_assertion(self):
root = Element(Q_NAMES['saml2p:Response'], nsmap=EIDAS_NAMESPACES)
SubElement(root, Q_NAMES['saml2:EncryptedAssertion'])
saml_response = SAMLResponse(ElementTree(root))
self.assertEqual(saml_response.create_light_response().attributes, {})
def test_create_light_response_not_decrypted(self):
with cast(BinaryIO,
(DATA_DIR / 'saml_response_encrypted.xml').open('rb')) as f:
response = SAMLResponse(parse_xml(f))
self.assertEqual(response.create_light_response().attributes, {})
