def authenticate(self, action_type=None, idp_session=None):
eppn = self.test_eppn
session['eduPersonPrincipalName'] = eppn
session['user_eppn'] = eppn
session['user_is_logged_in'] = True
if action_type is not None:
session['current_plugin'] = action_type
if idp_session is not None:
session.actions.session = idp_session
session.persist()
def authenticate(self, action_type=None, idp_session=None):
eppn = self.test_eppn
session['eduPersonPrincipalName'] = eppn
session['user_eppn'] = eppn
session['user_is_logged_in'] = True
if action_type is not None:
session['current_plugin'] = action_type
if idp_session is not None:
session.actions.session = idp_session
session.persist()
def add_actions(idp_app, user, ticket):
"""
stripped down version of eduid_idp.tou_action.add_actions
"""
version = idp_app.config.tou_version
action = idp_app.actions_db.add_action(user.eppn,
action_type='tou',
preference=100,
params={'version': version})
session['current_plugin'] = 'tou'
action_d = action.to_dict()
action_d['_id'] = str(action_d['_id'])
session['current_action'] = action_d
session.persist()
def add_actions(idp_app, user, ticket):
"""
stripped down version of eduid_idp.tou_action.add_actions
"""
version = idp_app.config.tou_version
action = idp_app.actions_db.add_action(
user.eppn,
action_type = 'tou',
preference = 100,
params = {'version': version})
session['current_plugin'] = 'tou'
action_d = action.to_dict()
action_d['_id'] = str(action_d['_id'])
session['current_action'] = action_d
session.persist()
def add_actions(context, user, ticket):
"""
This is a stripped down version of eduid_idp.mfa_action.add_actions
that adds the action unconditionally.
"""
action = context.actions_db.add_action(user.eppn,
action_type='mfa',
preference=1,
session=ticket.key,
params={})
session['current_plugin'] = 'mfa'
action_d = action.to_dict()
action_d['_id'] = str(action_d['_id'])
session['current_action'] = action_d
session.persist()
def add_actions(context, user, ticket):
"""
This is a stripped down version of eduid_idp.mfa_action.add_actions
that adds the action unconditionally.
"""
action = context.actions_db.add_action(
user.eppn,
action_type = 'mfa',
preference = 1,
session = ticket.key,
params = {})
session['current_plugin'] = 'mfa'
action_d = action.to_dict()
action_d['_id'] = str(action_d['_id'])
session['current_action'] = action_d
session.persist()
def test_logout_service_startingIDP(self):
eppn = 'hubba-bubba'
came_from = '/afterlogin/'
session_id = self.add_outstanding_query(came_from)
cookie = self.dump_session_cookie(session_id)
saml_response = auth_response(session_id, eppn).encode('utf-8')
# Log in through IDP SAMLResponse
with self.app.test_request_context(
'/saml2-acs',
method='POST',
headers={'Cookie': cookie},
data={
'SAMLResponse': base64.b64encode(saml_response),
'RelayState': '/testing-relay-state',
},
):
self.app.dispatch_request()
session.persist(
) # Explicit session.persist is needed when working within a test_request_context
with self.app.test_request_context(
'/saml2-ls',
method='POST',
headers={'Cookie': cookie},
data={
'SAMLRequest':
deflate_and_base64_encode(logout_request(session_id)),
'RelayState':
'/testing-relay-state',
},
):
response = self.app.dispatch_request()
self.assertEqual(response.status, '302 FOUND')
self.assertIn(
'https://idp.example.com/simplesaml/saml2/idp/'
'SingleLogoutService.php?SAMLResponse=',
response.location,
)
def add_outstanding_query(self, came_from):
"""
Add a SAML2 authentication query to the queries cache.
To be used before accessing the assertion consumer service.
:param came_from: url to redirect back the client
after finishing with the authn service.
:type came_from: str
:return: the session token corresponding to the query
:rtype: str
"""
with self.app.test_request_context('/login'):
self.app.dispatch_request()
oq_cache = OutstandingQueriesCache(session)
token = session.token
if isinstance(token, six.binary_type):
token = token.decode('ascii')
oq_cache.set(token, came_from)
session.persist(
) # Explicit session.persist is needed when working within a test_request_context
return token
def login(self, eppn, came_from):
"""
Add a SAML2 authentication query to the queries cache,
build a cookie with a session id corresponding to the added query,
build a SAML2 authn response for the added query,
and send both to the assertion consumer service,
so that the user is logged in (the session corresponding to the cookie
has her eppn).
This method returns the cookie that has to be sent with any
subsequent request that needs to be authenticated.
:param eppn: the eppn of the user to be logged in
:type eppn: str
:param came_from: url to redirect back the client
after finishing with the authn service.
:type came_from: str
:return: the cookie corresponding to the authn session
:rtype: str
"""
session_id = self.add_outstanding_query(came_from)
cookie = self.dump_session_cookie(session_id)
saml_response = auth_response(session_id, eppn).encode('utf-8')
with self.app.test_request_context(
'/saml2-acs',
method='POST',
headers={'Cookie': cookie},
data={
'SAMLResponse': base64.b64encode(saml_response),
'RelayState': came_from
},
):
self.app.dispatch_request()
session.persist(
) # Explicit session.persist is needed when working within a test_request_context
return cookie