def internal_response(self):
auth_info = AuthenticationInformation("auth_class_ref", "timestamp",
"issuer")
internal_response = InternalData(auth_info=auth_info)
internal_response.requester = "client"
internal_response.attributes = ATTRIBUTES
return internal_response
def test_filter_one_attribute_from_all_target_providers_for_one_requester(
self):
requester = "test_requester"
attribute_filters = {"": {requester: {"a1": "foo:bar"}}}
filter_service = self.create_filter_service(attribute_filters)
resp = InternalData(auth_info=AuthenticationInformation())
resp.requester = requester
resp.attributes = {
"a1": ["abc:xyz", "1:foo:bar:2"],
}
filtered = filter_service.process(None, resp)
assert filtered.attributes == {"a1": ["1:foo:bar:2"]}
def test_allow_one_requester(self, target_context):
rules = {
TARGET_ENTITY: {
"allow": ["test_requester"],
}
}
decide_service = self.create_decide_service(rules)
req = InternalData(requester="test_requester")
assert decide_service.process(target_context, req)
req.requester = "somebody else"
with pytest.raises(SATOSAError):
decide_service.process(target_context, req)
def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = ["user_id", "domain"]
base = SATOSABase(satosa_config)
internal_resp = InternalData(auth_info=AuthenticationInformation("", "", ""))
internal_resp.attributes = {"user_id": ["user"], "domain": ["@example.com"]}
internal_resp.requester = "test_requester"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
expected_user_id = "*****@*****.**"
assert internal_resp.subject_id == expected_user_id
def test_allow_takes_precedence_over_deny_all(self, target_context):
requester = "test_requester"
rules = {
TARGET_ENTITY: {
"allow": requester,
"deny": ["*"],
}
}
decide_service = self.create_decide_service(rules)
req = InternalData(requester=requester)
assert decide_service.process(target_context, req)
req.requester = "somebody else"
with pytest.raises(SATOSAError):
decide_service.process(target_context, req)
def test_attribute_policy(self):
requester = "requester"
attribute_policies = {
"attribute_policy": {
"requester_everything_allowed": {},
"requester_nothing_allowed": {
"allowed": {}
},
"requester_subset_allowed": {
"allowed": {
"attr1",
"attr2",
},
},
},
}
attributes = {
"attr1": ["foo"],
"attr2": ["foo", "bar"],
"attr3": ["foo"]
}
results = {
"requester_everything_allowed": attributes.keys(),
"requester_nothing_allowed": set(),
"requester_subset_allowed": {"attr1", "attr2"},
}
for requester, result in results.items():
attribute_policy_service = self.create_attribute_policy_service(
attribute_policies)
ctx = Context()
ctx.state = dict()
resp = InternalData(auth_info=AuthenticationInformation())
resp.requester = requester
resp.attributes = {
"attr1": ["foo"],
"attr2": ["foo", "bar"],
"attr3": ["foo"]
}
filtered = attribute_policy_service.process(ctx, resp)
assert (filtered.attributes.keys() == result)
def test_when_target_is_mapped_choose_mapping_backend(self):
self.context.decorate(Context.KEY_TARGET_ENTITYID, 'mapped_idp.example.org')
data = InternalData(requester='test_requester')
data.requester = 'somebody else'
newctx, newdata = self.plugin.process(self.context, data)
assert newctx.target_backend == 'mapped_backend'
