def testGetNameId(self): """ Tests the get_nameid of the OneLogin_Saml2_LogoutRequest """ request = self.file_contents( join(self.data_path, 'logout_requests', 'logout_request.xml')) name_id = OneLogin_Saml2_Logout_Request.get_nameid(request) self.assertEqual(name_id, 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c') request_2 = self.file_contents( join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) try: OneLogin_Saml2_Logout_Request.get_nameid(request_2) self.assertTrue(False) except Exception as e: self.assertIn('Key is required in order to decrypt the NameID', e.message) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() name_id_3 = OneLogin_Saml2_Logout_Request.get_nameid(request_2, key) self.assertEqual('ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', name_id_3)
def testLogoutNameID(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case nameID loaded after process SAML Response """ request_data = self.get_request() message = self.file_contents( join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = {'SAMLResponse': message} auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() name_id_from_response = auth.get_nameid() target_url = auth.logout() parsed_query = parse_qs(urlparse(target_url)[4]) self.assertIn('SAMLRequest', parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate( parsed_query['SAMLRequest'][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid( logout_request) self.assertEqual(name_id_from_response, name_id_from_request)
def testLogoutNameIDandSessionIndex(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case nameID and sessionIndex as parameters. """ settings_info = self.loadSettingsJSON() request_data = self.get_request() auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) name_id = 'name_id_example' session_index = 'session_index_example' target_url = auth.logout(name_id=name_id, session_index=session_index) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLRequest', parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate( parsed_query['SAMLRequest'][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid( logout_request) sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes( logout_request) self.assertIn(session_index, sessions_index_in_request) self.assertEqual(name_id, name_id_from_request)
def testGetNameId(self): """ Tests the get_nameid of the OneLogin_Saml2_LogoutRequest """ request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) name_id = OneLogin_Saml2_Logout_Request.get_nameid(request) self.assertEqual(name_id, 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c') request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) self.assertRaisesRegexp(Exception, 'Key is required in order to decrypt the NameID', OneLogin_Saml2_Logout_Request.get_nameid, request_2) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() name_id_3 = OneLogin_Saml2_Logout_Request.get_nameid(request_2, key) self.assertEqual('ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', name_id_3)
def testGetNameIdData(self): """ Tests the get_nameid_data method of the OneLogin_Saml2_LogoutRequest """ expected_name_id_data = { 'Value': 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c', 'Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', 'SPNameQualifier': 'http://idp.example.com/' } request = self.file_contents( join(self.data_path, 'logout_requests', 'logout_request.xml')) name_id_data = OneLogin_Saml2_Logout_Request.get_nameid_data(request) self.assertEqual(expected_name_id_data, name_id_data) dom = parseString(request) name_id_data_2 = OneLogin_Saml2_Logout_Request.get_nameid_data( dom.toxml()) self.assertEqual(expected_name_id_data, name_id_data_2) request_2 = self.file_contents( join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) with self.assertRaisesRegexp( Exception, 'Key is required in order to decrypt the NameID'): OneLogin_Saml2_Logout_Request.get_nameid(request_2) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data( request_2, key) expected_name_id_data = { 'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress', 'SPNameQualifier': 'https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php' } self.assertEqual(expected_name_id_data, name_id_data_4) dom_2 = parseString(request_2) encrypted_id_nodes = dom_2.getElementsByTagName('saml:EncryptedID') encrypted_data = encrypted_id_nodes[0].firstChild.nextSibling encrypted_id_nodes[0].removeChild(encrypted_data) with self.assertRaisesRegexp(Exception, 'NameID not found in the Logout Request'): OneLogin_Saml2_Logout_Request.get_nameid(dom_2.toxml(), key) inv_request = self.file_contents( join(self.data_path, 'logout_requests', 'invalids', 'no_nameId.xml')) with self.assertRaisesRegexp(Exception, 'NameID not found in the Logout Request'): OneLogin_Saml2_Logout_Request.get_nameid(inv_request)
def testGetNameIdData(self): """ Tests the get_nameid_data method of the OneLogin_Saml2_LogoutRequest """ expected_name_id_data = { 'Value': 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c', 'Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', 'SPNameQualifier': 'http://idp.example.com/' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) name_id_data = OneLogin_Saml2_Logout_Request.get_nameid_data(request) self.assertEqual(expected_name_id_data, name_id_data) dom = parseString(request) name_id_data_2 = OneLogin_Saml2_Logout_Request.get_nameid_data(dom.toxml()) self.assertEqual(expected_name_id_data, name_id_data_2) request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) with self.assertRaises(Exception) as context: OneLogin_Saml2_Logout_Request.get_nameid(request_2) exception = context.exception self.assertIn("Key is required in order to decrypt the NameID", str(exception)) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(request_2, key) expected_name_id_data = { 'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress', 'SPNameQualifier': 'https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php' } self.assertEqual(expected_name_id_data, name_id_data_4) dom_2 = parseString(request_2) encrypted_id_nodes = dom_2.getElementsByTagName('saml:EncryptedID') encrypted_data = encrypted_id_nodes[0].firstChild.nextSibling encrypted_id_nodes[0].removeChild(encrypted_data) with self.assertRaises(Exception) as context: OneLogin_Saml2_Logout_Request.get_nameid(dom_2.toxml(), key) exception = context.exception self.assertIn("Not NameID found in the Logout Request", str(exception)) inv_request = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'no_nameId.xml')) with self.assertRaises(Exception) as context: OneLogin_Saml2_Logout_Request.get_nameid(inv_request) exception = context.exception self.assertIn("Not NameID found in the Logout Request", str(exception))
def testLogoutNameID(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case nameID loaded after process SAML Response """ request_data = self.get_request() message = self.file_contents(join(self.data_path, "responses", "valid_response.xml.base64")) del request_data["get_data"] request_data["post_data"] = {"SAMLResponse": message} auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() name_id_from_response = auth.get_nameid() target_url = auth.logout() parsed_query = parse_qs(urlparse(target_url)[4]) self.assertIn("SAMLRequest", parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query["SAMLRequest"][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request) self.assertEqual(name_id_from_response, name_id_from_request)
def testLogoutNameIDandSessionIndex(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case nameID and sessionIndex as parameters. """ settings_info = self.loadSettingsJSON() request_data = self.get_request() auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) name_id = 'name_id_example' session_index = 'session_index_example' target_url = auth.logout(name_id=name_id, session_index=session_index) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLRequest', parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request) sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes(logout_request) self.assertIn(session_index, sessions_index_in_request) self.assertEqual(name_id, name_id_from_request)