Esempio n. 1
0
def bruker_login():
    if MOCK_IDPORTEN:
        return login_idporten_mock()

    # Encrypt "authentication" URL with our private key. We redirect to that URL.
    auth_request = AuthRequest(**app.idporten_settings)
    url = auth_request.get_signed_url(app.idporten_settings["private_key_file"])
    app.logger.info("url=%s", url)
    return redirect(url)
    def do_GET(self):
        """Serve a GET request."""
        if not self.path == '/':
            self._bad_request()
            return

	settings = self.settings
        auth_request = AuthRequest(**self.settings)
        url = auth_request.get_signed_url(settings["private_key_file"])

        self.send_response(301)
        self.send_header("Location", url)
        self.end_headers()
Esempio n. 3
0
    def do_GET(self):
        """Serve a GET request."""
        if not self.path == '/':
            self._bad_request()
            return

        settings = self.settings
        auth_request = AuthRequest(**self.settings)
        url = auth_request.get_signed_url(settings["private_key_file"])

        self.send_response(301)
        self.send_header("Location", url)
        self.end_headers()
    def test_constructor_creates_expected_document(self):
        fake_uuid_func = fudge.Fake('uuid', callable=True)
        fake_uuid_func.with_arg_count(0)
        fake_uuid = fudge.Fake('foo_uuid')
        fake_uuid.has_attr(hex='hex_uuid')
        fake_uuid = fake_uuid_func.returns(fake_uuid)

        def fake_clock():
            return datetime(2011, 7, 9, 19, 24, 52, 325405)

        expected_xml = """<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" IssueInstant="2011-07-09T19:24:52.875Z" Destination="http://foo.idp.bar" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" IsPassive="False" AssertionConsumerServiceURL="http://foo.bar/consume" ID="hex_uuid"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">foo_issuer</saml2:Issuer><saml2p:NameIDPolicy AllowCreate="true" SPNameQualifier="foo_issuer" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/><saml2p:RequestedAuthnContext Comparison="minimum"><saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2p:RequestedAuthnContext></saml2p:AuthnRequest>"""

        req = AuthRequest(
            _clock=fake_clock,
            _uuid=fake_uuid_func,
            assertion_consumer_service_url='http://foo.bar/consume',
            issuer='foo_issuer',
            name_identifier_format=('urn:oasis:names:tc:SAML:1.1:nameid-format:'
                                    + 'emailAddress'
                                    ),
            idp_sso_target_url='http://foo.idp.bar',
            private_key_file="/private/key_file.txt"
            )


        reparsed = minidom.parseString(etree.tostring(req.document))
        parsed_expected = minidom.parseString(expected_xml)

        eq(reparsed.toprettyxml(), parsed_expected.toprettyxml())
def home():
    """Render home page."""
    auth_request = AuthRequest(**settings)
    url = auth_request.get_signed_url(settings["private_key_file"])
    print "OUTGOING URL:", url
    return redirect(url)
Esempio n. 6
0
def login_with_idporten():
    """Render home page."""
    auth_request = AuthRequest(**settings)
    url = auth_request.get_signed_url(settings["private_key_file"])
    app.logger.info("url=%s", url)
    return redirect(url)
    def test_sign_created_request(self):

        expected_xml = """<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" IssueInstant="2011-07-09T19:24:52.875Z" Destination="http://foo.idp.bar" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" IsPassive="False" AssertionConsumerServiceURL="http://foo.bar/consume" ID="hex_uuid"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">foo_issuer</saml2:Issuer><saml2p:NameIDPolicy AllowCreate="true" SPNameQualifier="foo_issuer" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/><saml2p:RequestedAuthnContext Comparison="minimum"><saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2p:RequestedAuthnContext></saml2p:AuthnRequest>"""
        fake_zlib = fudge.Fake('zlib')
        fake_zlib.remember_order()
        fake_compress = fake_zlib.expects('compress')
        fake_compress.with_args(expected_xml)
        fake_compress.returns('HDfoo_compressedCHCK')

        fake_base64 = fudge.Fake('base64')
        fake_base64.remember_order()
        fake_encode = fake_base64.expects('b64encode')
        fake_encode.with_args('foo_compressed')
        fake_encode.returns('foo_encoded')

        fake_urllib = fudge.Fake('urllib')
        fake_urllib.remember_order()
        fake_urlencode = fake_urllib.expects('urlencode')
        fake_urlencode.with_args(
            [('SAMLRequest', 'foo_encoded'),
             ('SigAlg', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1')]
            )
        fake_urlencode.returns('foo_urlencoded')




        fake_uuid_func = fudge.Fake('uuid', callable=True)
        fake_uuid_func.with_arg_count(0)
        fake_uuid = fudge.Fake('foo_uuid')
        fake_uuid.has_attr(hex='hex_uuid')
        fake_uuid = fake_uuid_func.returns(fake_uuid)

        def fake_clock():
            return datetime(2011, 7, 9, 19, 24, 52, 325405)

        req = AuthRequest(_clock=fake_clock,
                          _uuid=fake_uuid_func,
                          assertion_consumer_service_url='http://foo.bar/consume',
                          issuer='foo_issuer',
                          name_identifier_format=('urn:oasis:names:tc:SAML:1.1:nameid-format:'
                                                  + 'emailAddress'
                                                  ),
                          idp_sso_target_url='http://foo.idp.bar',
                          private_key_file="/private/key_file.txt"
                          )


        with tempfile.NamedTemporaryFile(delete=False) as private_key_file:
            private_key = """
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMKaEPkdWp024qmWSLGcoyxLodJkm23uNtgJ2XnED9ZlxJyM6mfv
VEPTuetpJuxsAeiWxaKf7KL6EYnEuy0gwV8CAwEAAQJAPBWrxe79Smtm4qvHOCe/
7e5QQZDUuMWDY4LvBfy2UyDAwvc7wSDzLnPjlAho2HgtlRMc4wKzH4P/Iea8RhUx
2QIhAO8TEO02afKrRN7LUlOLOOzBjOF5C3xFiHTfa6ONeBBlAiEA0GD8yIV0K+YF
dkHUmPHUVgaA07oNAStrOj0+leLrlHMCIQCwAlBu46Wio9bjU7s7iH8TRveqM8xx
5Fsu+CGt2oQvRQIhAJ5M/9xpnb53qTCUhCiIlpGfsSCnl5eK35PH0RLW57bHAiAC
ke+DV3hRFd9DgRJNuhEEn94jmsL9rjAnToX/1pFt9A==
-----END RSA PRIVATE KEY-----"""


            private_key_file.write(private_key)
            private_key_file.seek(0)

            signed_url = req.get_signed_url(private_key_file.name,
                                            _zlib=fake_zlib,
                                            _base64=fake_base64,
                                            _urllib=fake_urllib)
            eq(signed_url, 'http://foo.idp.bar?foo_urlencoded&Signature=owpCXH6cNB%2BLqOAkKKnG4Gz4vNRXbV2G%2Fcnue8SPw4FkNTILInX5Mv7Fma9%2FVjCXiLqRW732cN7GIXBaLbc6hA%3D%3D')
def home():
    """Render home page."""
    auth_request = AuthRequest(**settings)
    url = auth_request.get_signed_url(settings["private_key_file"])
    print "OUTGOING URL:", url
    return redirect(url)