def test_create_light_response_failed_response(self): self.maxDiff = None with cast(BinaryIO, (DATA_DIR / 'saml_response_failed.xml').open('rb')) as f: response = SAMLResponse(parse_xml(f), 'relay123') self.assertEqual(response.create_light_response(), self.create_light_response(False))
def test_create_light_response_no_auth_statement(self): root = Element(Q_NAMES['saml2p:Response'], nsmap=EIDAS_NAMESPACES) SubElement(root, Q_NAMES['saml2:Assertion']) saml = SAMLResponse(ElementTree(root)) response = saml.create_light_response() self.assertIsNone(response.ip_address) self.assertIsNone(response.level_of_assurance)
def test_create_light_response_not_encrypted(self): self.maxDiff = None with cast(BinaryIO, (DATA_DIR / 'saml_response.xml').open('rb')) as f: saml_response = SAMLResponse(parse_xml(f), 'relay123') light_response = saml_response.create_light_response() self.assertEqual(light_response, self.create_light_response(True))
def test_create_light_response_with_unsupported_sub_status(self): with cast(BinaryIO, (DATA_DIR / 'saml_response_failed_unsupported_sub_status.xml' ).open('rb')) as f: response = SAMLResponse(parse_xml(f), 'relay123') expected = self.create_light_response(False) expected.status.sub_status_code = None self.assertEqual(response.create_light_response(), expected)
def test_create_light_response_with_status_version_mismatch(self): with cast( BinaryIO, (DATA_DIR / 'saml_response_failed_version_mismatch.xml').open('rb')) as f: response = SAMLResponse(parse_xml(f), 'relay123') expected = self.create_light_response(False) expected.status.status_code = StatusCode.REQUESTER expected.status.sub_status_code = SubStatusCode.VERSION_MISMATCH self.assertEqual(response.create_light_response(), expected)
def test_create_light_response_decrypted(self): self.maxDiff = None with cast(BinaryIO, (DATA_DIR / 'saml_response_decrypted.xml').open('rb')) as f: response = SAMLResponse(parse_xml(f), 'relay123') light_response = self.create_light_response( True, level_of_assurance=LevelOfAssurance.SUBSTANTIAL, ip_address='217.31.205.1', id='_751e557772344aa59e9e3f35d2c9f6d6', in_response_to_id='e399fb9b-9454-4284-831f-4aa33d83757e', issuer='urn:microsoft:cgg2010:fpsts') self.assertEqual(response.create_light_response(), light_response)
def test_create_light_response_with_extra_elements(self): self.maxDiff = None with cast(BinaryIO, (DATA_DIR / 'saml_response.xml').open('rb')) as f: response = SAMLResponse(parse_xml(f), 'relay123') SubElement( response.document.find(".//{}".format( Q_NAMES['saml2p:StatusCode'])), 'something') SubElement( response.document.find(".//{}".format( Q_NAMES['saml2:AuthnStatement'])), 'something') SubElement( response.document.find(".//{}".format( Q_NAMES['saml2:AuthnContext'])), 'something') self.assertEqual(response.create_light_response(), self.create_light_response(True))
def test_create_light_response_unrecognized_auth_context_class(self): root = Element(Q_NAMES['saml2p:Response'], { 'ID': 'id', 'InResponseTo': 'id0' }, nsmap=EIDAS_NAMESPACES) context_class = SubElement( SubElement( SubElement(SubElement(root, Q_NAMES['saml2:Assertion']), Q_NAMES['saml2:AuthnStatement']), Q_NAMES['saml2:AuthnContext']), Q_NAMES['saml2:AuthnContextClassRef']) context_class.text = 'saml2:AuthnContextClassRef:unrecognized' saml = SAMLResponse(ElementTree(root)) response = saml.create_light_response() self.assertEqual(response.id, 'id') self.assertEqual(response.in_response_to_id, 'id0') self.assertTrue(response.status.failure) self.assertEqual(response.status.status_code, StatusCode.RESPONDER) self.assertIn('saml2:AuthnContextClassRef:unrecognized', response.status.status_message) self.assertIsNone(response.level_of_assurance)
def test_create_light_response_auth_context_class_alias_not_used(self): root = Element(Q_NAMES['saml2p:Response'], { 'ID': 'id', 'InResponseTo': 'id0' }, nsmap=EIDAS_NAMESPACES) context_class = SubElement( SubElement( SubElement(SubElement(root, Q_NAMES['saml2:Assertion']), Q_NAMES['saml2:AuthnStatement']), Q_NAMES['saml2:AuthnContext']), Q_NAMES['saml2:AuthnContextClassRef']) context_class.text = LevelOfAssurance.HIGH.value saml = SAMLResponse(ElementTree(root)) response = saml.create_light_response( {context_class.text: LevelOfAssurance.LOW}) self.assertEqual(response.id, 'id') self.assertEqual(response.in_response_to_id, 'id0') self.assertFalse(response.status.failure) self.assertIsNone(response.status.status_code) self.assertEqual(response.level_of_assurance, LevelOfAssurance.HIGH) # Not overridden
def test_create_light_response_missing_decrypted_assertion(self): root = Element(Q_NAMES['saml2p:Response'], nsmap=EIDAS_NAMESPACES) SubElement(root, Q_NAMES['saml2:EncryptedAssertion']) saml_response = SAMLResponse(ElementTree(root)) self.assertEqual(saml_response.create_light_response().attributes, {})
def test_create_light_response_not_decrypted(self): with cast(BinaryIO, (DATA_DIR / 'saml_response_encrypted.xml').open('rb')) as f: response = SAMLResponse(parse_xml(f)) self.assertEqual(response.create_light_response().attributes, {})