def test_standard_workflow_302_redirect(self):
        text = uuid.uuid4().hex

        self.requests_mock.get(self.TEST_SP_URL, response_list=[
            dict(headers=PAOS_HEADER,
                 content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
            dict(text=text)
        ])

        authm = self.requests_mock.post(self.TEST_IDP_URL,
                                        content=saml2_fixtures.SAML2_ASSERTION)

        self.requests_mock.post(
            self.TEST_CONSUMER_URL,
            status_code=302,
            headers={'Location': self.TEST_SP_URL})

        resp = requests.get(self.TEST_SP_URL, auth=self.get_plugin())
        self.assertEqual(200, resp.status_code)
        self.assertEqual(text, resp.text)

        self.assertEqual(self.calls, [self.TEST_SP_URL,
                                      self.TEST_IDP_URL,
                                      self.TEST_CONSUMER_URL,
                                      self.TEST_SP_URL])

        self.assertEqual(self.basic_header(),
                         authm.last_request.headers['Authorization'])

        authn_request = self.requests_mock.request_history[1].text
        self.assertThat(saml2_fixtures.AUTHN_REQUEST,
                        matchers.XMLEquals(authn_request))
    def test_standard_workflow_302_redirect(self):
        text = uuid.uuid4().hex

        self.requests_mock.get(self.TEST_SP_URL, response_list=[
            dict(headers=CONTENT_TYPE_PAOS_HEADER,
                 content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
            dict(text=text)
        ])

        authm = self.requests_mock.post(self.TEST_IDP_URL,
                                        content=saml2_fixtures.SAML2_ASSERTION)

        self.requests_mock.post(
            self.TEST_CONSUMER_URL,
            status_code=302,
            headers={'Location': self.TEST_SP_URL})

        resp = requests.get(self.TEST_SP_URL, auth=self.get_plugin())
        self.assertEqual(200, resp.status_code)
        self.assertEqual(text, resp.text)

        self.assertEqual(self.calls, [self.TEST_SP_URL,
                                      self.TEST_IDP_URL,
                                      self.TEST_CONSUMER_URL,
                                      self.TEST_SP_URL])

        self.assertEqual(self.basic_header(),
                         authm.last_request.headers['Authorization'])

        authn_request = self.requests_mock.request_history[1].text
        self.assertThat(saml2_fixtures.AUTHN_REQUEST,
                        matchers.XMLEquals(authn_request))
    def test_workflow(self):
        token_id = uuid.uuid4().hex
        token = ksa_fixtures.V3Token()

        self.requests_mock.get(self.default_sp_url, response_list=[
            dict(headers=PAOS_HEADER,
                 content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
            dict(headers={'X-Subject-Token': token_id}, json=token)
        ])

        authm = self.requests_mock.post(self.TEST_IDP_URL,
                                        content=saml2_fixtures.SAML2_ASSERTION)

        self.requests_mock.post(
            self.TEST_CONSUMER_URL,
            status_code=302,
            headers={'Location': self.sp_url()})

        auth_ref = self.get_plugin().get_auth_ref(self.session)

        self.assertEqual(token_id, auth_ref.auth_token)

        self.assertEqual(self.calls, [self.default_sp_url,
                                      self.TEST_IDP_URL,
                                      self.TEST_CONSUMER_URL,
                                      self.default_sp_url])

        self.assertEqual(self.basic_header(),
                         authm.last_request.headers['Authorization'])

        authn_request = self.requests_mock.request_history[1].text
        self.assertThat(saml2_fixtures.AUTHN_REQUEST,
                        matchers.XMLEquals(authn_request))
    def test_workflow(self):
        token_id = uuid.uuid4().hex
        token = ksa_fixtures.V3Token()

        self.requests_mock.get(self.default_sp_url, response_list=[
            dict(headers=CONTENT_TYPE_PAOS_HEADER,
                 content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
            dict(headers={'X-Subject-Token': token_id}, json=token)
        ])

        authm = self.requests_mock.post(self.TEST_IDP_URL,
                                        content=saml2_fixtures.SAML2_ASSERTION)

        self.requests_mock.post(
            self.TEST_CONSUMER_URL,
            status_code=302,
            headers={'Location': self.sp_url()})

        auth_ref = self.get_plugin().get_auth_ref(self.session)

        self.assertEqual(token_id, auth_ref.auth_token)

        self.assertEqual(self.calls, [self.default_sp_url,
                                      self.TEST_IDP_URL,
                                      self.TEST_CONSUMER_URL,
                                      self.default_sp_url])

        self.assertEqual(self.basic_header(),
                         authm.last_request.headers['Authorization'])

        authn_request = self.requests_mock.request_history[1].text
        self.assertThat(saml2_fixtures.AUTHN_REQUEST,
                        matchers.XMLEquals(authn_request))
Exemple #5
0
    def test_get_adfs_security_token(self):
        """Test ADFSPassword._get_adfs_security_token()."""
        self.requests_mock.post(self.IDENTITY_PROVIDER_URL,
                                content=utils.make_oneline(
                                    self.ADFS_SECURITY_TOKEN_RESPONSE),
                                status_code=200)

        self.adfsplugin._prepare_adfs_request()
        self.adfsplugin._get_adfs_security_token(self.session)

        adfs_response = etree.tostring(self.adfsplugin.adfs_token)
        fixture_response = self.ADFS_SECURITY_TOKEN_RESPONSE

        self.assertThat(fixture_response, matchers.XMLEquals(adfs_response))
Exemple #6
0
    def test_get_adfs_security_token(self):
        """Test ADFSPassword._get_adfs_security_token()."""
        self.requests_mock.post(
            self.IDENTITY_PROVIDER_URL,
            content=utils.make_oneline(self.ADFS_SECURITY_TOKEN_RESPONSE),
            status_code=200)

        self.adfsplugin._prepare_adfs_request()
        self.adfsplugin._get_adfs_security_token(self.session)

        adfs_response = etree.tostring(self.adfsplugin.adfs_token)
        fixture_response = self.ADFS_SECURITY_TOKEN_RESPONSE

        self.assertThat(fixture_response,
                        matchers.XMLEquals(adfs_response))
Exemple #7
0
    def test_get_adfs_security_token_authn_fail(self):
        """Test proper parsing XML fault after bad authentication.

        An exceptions.AuthorizationFailure should be raised including
        error message from the XML message indicating where was the problem.
        """
        content = utils.make_oneline(self.ADFS_FAULT)
        self.requests_mock.register_uri('POST',
                                        self.IDENTITY_PROVIDER_URL,
                                        content=content,
                                        status_code=500)

        self.adfsplugin._prepare_adfs_request()
        self.assertRaises(exceptions.AuthorizationFailure,
                          self.adfsplugin._get_adfs_security_token,
                          self.session)
Exemple #8
0
    def test_get_adfs_security_token_authn_fail(self):
        """Test proper parsing XML fault after bad authentication.

        An exceptions.AuthorizationFailure should be raised including
        error message from the XML message indicating where was the problem.
        """
        content = utils.make_oneline(self.ADFS_FAULT)
        self.requests_mock.register_uri('POST',
                                        self.IDENTITY_PROVIDER_URL,
                                        content=content,
                                        status_code=500)

        self.adfsplugin._prepare_adfs_request()
        self.assertRaises(exceptions.AuthorizationFailure,
                          self.adfsplugin._get_adfs_security_token,
                          self.session)
Exemple #9
0
    def test_end_to_end_workflow(self):
        self.requests_mock.get(
            self.FEDERATION_AUTH_URL,
            content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE))

        self.requests_mock.post(self.IDENTITY_PROVIDER_URL,
                                content=saml2_fixtures.SAML2_ASSERTION)

        self.requests_mock.post(
            self.SHIB_CONSUMER_URL,
            json=saml2_fixtures.UNSCOPED_TOKEN,
            headers={'X-Subject-Token': saml2_fixtures.UNSCOPED_TOKEN_HEADER,
                     'Content-Type': 'application/json'})

        self.session.redirect = False
        response = self.saml2plugin.get_auth_ref(self.session)
        self.assertEqual(saml2_fixtures.UNSCOPED_TOKEN_HEADER,
                         response.auth_token)
Exemple #10
0
    def test_initial_sp_call(self):
        """Test initial call, expect SOAP message."""
        self.requests_mock.get(
            self.FEDERATION_AUTH_URL,
            content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE))
        a = self.saml2plugin._send_service_provider_request(self.session)

        self.assertFalse(a)

        sp_soap_response = etree.tostring(self.saml2plugin.saml2_authn_request)

        self.assertThat(saml2_fixtures.SP_SOAP_RESPONSE,
                        matchers.XMLEquals(sp_soap_response))

        self.assertEqual(
            self.saml2plugin.sp_response_consumer_url, self.SHIB_CONSUMER_URL,
            "Expected consumer_url set to %s instead of %s" % (
                self.SHIB_CONSUMER_URL,
                str(self.saml2plugin.sp_response_consumer_url)))
    def test_initial_sp_call(self):
        """Test initial call, expect SOAP message."""
        self.requests_mock.get(self.FEDERATION_AUTH_URL,
                               content=utils.make_oneline(
                                   saml2_fixtures.SP_SOAP_RESPONSE))
        a = self.saml2plugin._send_service_provider_request(self.session)

        self.assertFalse(a)

        sp_soap_response = etree.tostring(self.saml2plugin.saml2_authn_request)

        self.assertThat(saml2_fixtures.SP_SOAP_RESPONSE,
                        matchers.XMLEquals(sp_soap_response))

        self.assertEqual(
            self.saml2plugin.sp_response_consumer_url, self.SHIB_CONSUMER_URL,
            "Expected consumer_url set to %s instead of %s" %
            (self.SHIB_CONSUMER_URL,
             str(self.saml2plugin.sp_response_consumer_url)))
    def test_end_to_end_workflow(self):
        self.requests_mock.get(self.FEDERATION_AUTH_URL,
                               content=utils.make_oneline(
                                   saml2_fixtures.SP_SOAP_RESPONSE))

        self.requests_mock.post(self.IDENTITY_PROVIDER_URL,
                                content=saml2_fixtures.SAML2_ASSERTION)

        self.requests_mock.post(self.SHIB_CONSUMER_URL,
                                json=saml2_fixtures.UNSCOPED_TOKEN,
                                headers={
                                    'X-Subject-Token':
                                    saml2_fixtures.UNSCOPED_TOKEN_HEADER,
                                    'Content-Type': 'application/json'
                                })

        self.session.redirect = False
        response = self.saml2plugin.get_auth_ref(self.session)
        self.assertEqual(saml2_fixtures.UNSCOPED_TOKEN_HEADER,
                         response.auth_token)