def internal_response(self): auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer") internal_response = InternalData(auth_info=auth_info) internal_response.requester = "client" internal_response.attributes = ATTRIBUTES return internal_response
def test_filter_one_attribute_from_all_target_providers_for_one_requester( self): requester = "test_requester" attribute_filters = {"": {requester: {"a1": "foo:bar"}}} filter_service = self.create_filter_service(attribute_filters) resp = InternalData(auth_info=AuthenticationInformation()) resp.requester = requester resp.attributes = { "a1": ["abc:xyz", "1:foo:bar:2"], } filtered = filter_service.process(None, resp) assert filtered.attributes == {"a1": ["1:foo:bar:2"]}
def test_allow_one_requester(self, target_context): rules = { TARGET_ENTITY: { "allow": ["test_requester"], } } decide_service = self.create_decide_service(rules) req = InternalData(requester="test_requester") assert decide_service.process(target_context, req) req.requester = "somebody else" with pytest.raises(SATOSAError): decide_service.process(target_context, req)
def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(self, context, satosa_config): satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = ["user_id", "domain"] base = SATOSABase(satosa_config) internal_resp = InternalData(auth_info=AuthenticationInformation("", "", "")) internal_resp.attributes = {"user_id": ["user"], "domain": ["@example.com"]} internal_resp.requester = "test_requester" context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"} context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"] base._auth_resp_callback_func(context, internal_resp) expected_user_id = "*****@*****.**" assert internal_resp.subject_id == expected_user_id
def test_allow_takes_precedence_over_deny_all(self, target_context): requester = "test_requester" rules = { TARGET_ENTITY: { "allow": requester, "deny": ["*"], } } decide_service = self.create_decide_service(rules) req = InternalData(requester=requester) assert decide_service.process(target_context, req) req.requester = "somebody else" with pytest.raises(SATOSAError): decide_service.process(target_context, req)
def test_attribute_policy(self): requester = "requester" attribute_policies = { "attribute_policy": { "requester_everything_allowed": {}, "requester_nothing_allowed": { "allowed": {} }, "requester_subset_allowed": { "allowed": { "attr1", "attr2", }, }, }, } attributes = { "attr1": ["foo"], "attr2": ["foo", "bar"], "attr3": ["foo"] } results = { "requester_everything_allowed": attributes.keys(), "requester_nothing_allowed": set(), "requester_subset_allowed": {"attr1", "attr2"}, } for requester, result in results.items(): attribute_policy_service = self.create_attribute_policy_service( attribute_policies) ctx = Context() ctx.state = dict() resp = InternalData(auth_info=AuthenticationInformation()) resp.requester = requester resp.attributes = { "attr1": ["foo"], "attr2": ["foo", "bar"], "attr3": ["foo"] } filtered = attribute_policy_service.process(ctx, resp) assert (filtered.attributes.keys() == result)
def test_when_target_is_mapped_choose_mapping_backend(self): self.context.decorate(Context.KEY_TARGET_ENTITYID, 'mapped_idp.example.org') data = InternalData(requester='test_requester') data.requester = 'somebody else' newctx, newdata = self.plugin.process(self.context, data) assert newctx.target_backend == 'mapped_backend'