def test_assertion_consumer_service(self):
# Get initial number of users
initial_user_count = User.objects.count()
settings.SAML_CONFIG = conf.create_conf(
sp_host='sp.example.com',
idp_hosts=['idp.example.com'],
metadata_file='remote_metadata_one_idp.xml',
)
response = self.client.get(reverse('saml2_login'))
saml2_req = saml2_from_httpredirect_request(response.url)
session_id = get_session_id_from_saml2(saml2_req)
# session_id should start with a letter since it is a NCName
came_from = '/another-view/'
self.add_outstanding_query(session_id, came_from)
# this will create a user
saml_response = auth_response(session_id, 'student')
_url = reverse('saml2_acs')
response = self.client.post(
_url, {
'SAMLResponse': self.b64_for_post(saml_response),
'RelayState': came_from,
})
self.assertEqual(response.status_code, 302)
location = response['Location']
url = urlparse(location)
self.assertEqual(url.path, came_from)
self.assertEqual(User.objects.count(), initial_user_count + 1)
user_id = self.client.session[SESSION_KEY]
user = User.objects.get(id=user_id)
self.assertEqual(user.username, 'student')
# let's create another user and log in with that one
new_user = User.objects.create(username='******', password='******')
# session_id = "a1111111111111111111111111111111"
client = Client()
response = client.get(reverse('saml2_login'))
saml2_req = saml2_from_httpredirect_request(response.url)
session_id = get_session_id_from_saml2(saml2_req)
came_from = '' # bad, let's see if we can deal with this
saml_response = auth_response(session_id, 'teacher')
self.add_outstanding_query(session_id, '/')
response = client.post(
reverse('saml2_acs'), {
'SAMLResponse': self.b64_for_post(saml_response),
'RelayState': came_from,
})
self.assertEqual(response.status_code, 302)
location = response['Location']
url = urlparse(location)
# as the RelayState is empty we have redirect to LOGIN_REDIRECT_URL
self.assertEqual(url.path, settings.LOGIN_REDIRECT_URL)
self.assertEqual(force_text(new_user.id), client.session[SESSION_KEY])
def test_assertion_consumer_service_no_session(self):
settings.SAML_CONFIG = conf.create_conf(
sp_host='sp.example.com',
idp_hosts=['idp.example.com'],
metadata_file='remote_metadata_one_idp.xml',
)
response = self.client.get(reverse('saml2_login'))
saml2_req = saml2_from_httpredirect_request(response.url)
session_id = get_session_id_from_saml2(saml2_req)
# session_id should start with a letter since it is a NCName
came_from = '/another-view/'
self.add_outstanding_query(session_id, came_from)
# Authentication is confirmed.
saml_response = auth_response(session_id, 'student')
response = self.client.post(
reverse('saml2_acs'), {
'SAMLResponse': self.b64_for_post(saml_response),
'RelayState': came_from,
})
self.assertEqual(response.status_code, 302)
location = response['Location']
url = urlparse(location)
self.assertEqual(url.path, came_from)
# Session should no longer be in outstanding queries.
saml_response = auth_response(session_id, 'student')
response = self.client.post(
reverse('saml2_acs'), {
'SAMLResponse': self.b64_for_post(saml_response),
'RelayState': came_from,
})
self.assertEqual(response.status_code, 403)
def test_assertion_consumer_service_default_relay_state(self):
settings.SAML_CONFIG = conf.create_conf(
sp_host='sp.example.com',
idp_hosts=['idp.example.com'],
metadata_file='remote_metadata_one_idp.xml',
)
new_user = User.objects.create(username='******', password='******')
response = self.client.get(reverse('saml2_login'))
saml2_req = saml2_from_httpredirect_request(response.url)
session_id = get_session_id_from_saml2(saml2_req)
saml_response = auth_response(session_id, 'teacher')
self.add_outstanding_query(session_id, '/')
response = self.client.post(
reverse('saml2_acs'), {
'SAMLResponse': self.b64_for_post(saml_response),
})
self.assertEqual(response.status_code, 302)
# The RelayState is missing, redirect to ACS_DEFAULT_REDIRECT_URL
self.assertRedirects(response, '/dashboard/')
self.assertEqual(force_text(new_user.id),
self.client.session[SESSION_KEY])
def do_login(self):
"""Auxiliary method used in several tests (mainly logout tests)"""
self.init_cookies()
response = self.client.get(reverse('saml2_login'))
saml2_req = saml2_from_httpredirect_request(response.url)
session_id = get_session_id_from_saml2(saml2_req)
# session_id should start with a letter since it is a NCName
came_from = '/another-view/'
self.add_outstanding_query(session_id, came_from)
saml_response = auth_response(session_id, 'student')
# this will create a user
response = self.client.post(reverse('saml2_acs'), {
'SAMLResponse': self.b64_for_post(saml_response),
'RelayState': came_from,
})
subject_id = get_subject_id_from_saml2(saml_response)
self.assertEqual(response.status_code, 302)
return subject_id
def _get_saml_response_for_acs_view(self, relay_state):
response = self.client.get(self.login_url, {'RelayState': relay_state})
saml2_req = saml2_from_httpredirect_request(response.url)
session_id = get_session_id_from_saml2(saml2_req)
self.add_outstanding_query(session_id, relay_state)
return auth_response(session_id, 'org_user'), relay_state