def testGetNameId(self):
"""
Tests the get_nameid of the OneLogin_Saml2_LogoutRequest
"""
request = self.file_contents(
join(self.data_path, 'logout_requests', 'logout_request.xml'))
name_id = OneLogin_Saml2_Logout_Request.get_nameid(request)
self.assertEqual(name_id,
'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c')
request_2 = self.file_contents(
join(self.data_path, 'logout_requests',
'logout_request_encrypted_nameid.xml'))
try:
OneLogin_Saml2_Logout_Request.get_nameid(request_2)
self.assertTrue(False)
except Exception as e:
self.assertIn('Key is required in order to decrypt the NameID',
e.message)
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
key = settings.get_sp_key()
name_id_3 = OneLogin_Saml2_Logout_Request.get_nameid(request_2, key)
self.assertEqual('ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69',
name_id_3)
def testLogoutNameID(self):
"""
Tests the logout method of the OneLogin_Saml2_Auth class
Case nameID loaded after process SAML Response
"""
request_data = self.get_request()
message = self.file_contents(
join(self.data_path, 'responses', 'valid_response.xml.base64'))
del request_data['get_data']
request_data['post_data'] = {'SAMLResponse': message}
auth = OneLogin_Saml2_Auth(request_data,
old_settings=self.loadSettingsJSON())
auth.process_response()
name_id_from_response = auth.get_nameid()
target_url = auth.logout()
parsed_query = parse_qs(urlparse(target_url)[4])
self.assertIn('SAMLRequest', parsed_query)
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(
parsed_query['SAMLRequest'][0])
name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(
logout_request)
self.assertEqual(name_id_from_response, name_id_from_request)
def testLogoutNameIDandSessionIndex(self):
"""
Tests the logout method of the OneLogin_Saml2_Auth class
Case nameID and sessionIndex as parameters.
"""
settings_info = self.loadSettingsJSON()
request_data = self.get_request()
auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info)
name_id = 'name_id_example'
session_index = 'session_index_example'
target_url = auth.logout(name_id=name_id, session_index=session_index)
parsed_query = parse_qs(urlparse(target_url)[4])
slo_url = settings_info['idp']['singleLogoutService']['url']
self.assertIn(slo_url, target_url)
self.assertIn('SAMLRequest', parsed_query)
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(
parsed_query['SAMLRequest'][0])
name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(
logout_request)
sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes(
logout_request)
self.assertIn(session_index, sessions_index_in_request)
self.assertEqual(name_id, name_id_from_request)
def testGetNameId(self):
"""
Tests the get_nameid of the OneLogin_Saml2_LogoutRequest
"""
request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml'))
name_id = OneLogin_Saml2_Logout_Request.get_nameid(request)
self.assertEqual(name_id, 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c')
request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml'))
self.assertRaisesRegexp(Exception, 'Key is required in order to decrypt the NameID',
OneLogin_Saml2_Logout_Request.get_nameid, request_2)
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
key = settings.get_sp_key()
name_id_3 = OneLogin_Saml2_Logout_Request.get_nameid(request_2, key)
self.assertEqual('ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', name_id_3)
def testGetNameIdData(self):
"""
Tests the get_nameid_data method of the OneLogin_Saml2_LogoutRequest
"""
expected_name_id_data = {
'Value': 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c',
'Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'SPNameQualifier': 'http://idp.example.com/'
}
request = self.file_contents(
join(self.data_path, 'logout_requests', 'logout_request.xml'))
name_id_data = OneLogin_Saml2_Logout_Request.get_nameid_data(request)
self.assertEqual(expected_name_id_data, name_id_data)
dom = parseString(request)
name_id_data_2 = OneLogin_Saml2_Logout_Request.get_nameid_data(
dom.toxml())
self.assertEqual(expected_name_id_data, name_id_data_2)
request_2 = self.file_contents(
join(self.data_path, 'logout_requests',
'logout_request_encrypted_nameid.xml'))
with self.assertRaisesRegexp(
Exception, 'Key is required in order to decrypt the NameID'):
OneLogin_Saml2_Logout_Request.get_nameid(request_2)
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
key = settings.get_sp_key()
name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(
request_2, key)
expected_name_id_data = {
'Value':
'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69',
'Format':
'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
'SPNameQualifier':
'https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php'
}
self.assertEqual(expected_name_id_data, name_id_data_4)
dom_2 = parseString(request_2)
encrypted_id_nodes = dom_2.getElementsByTagName('saml:EncryptedID')
encrypted_data = encrypted_id_nodes[0].firstChild.nextSibling
encrypted_id_nodes[0].removeChild(encrypted_data)
with self.assertRaisesRegexp(Exception,
'NameID not found in the Logout Request'):
OneLogin_Saml2_Logout_Request.get_nameid(dom_2.toxml(), key)
inv_request = self.file_contents(
join(self.data_path, 'logout_requests', 'invalids',
'no_nameId.xml'))
with self.assertRaisesRegexp(Exception,
'NameID not found in the Logout Request'):
OneLogin_Saml2_Logout_Request.get_nameid(inv_request)
def testGetNameIdData(self):
"""
Tests the get_nameid_data method of the OneLogin_Saml2_LogoutRequest
"""
expected_name_id_data = {
'Value': 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c',
'Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'SPNameQualifier': 'http://idp.example.com/'
}
request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml'))
name_id_data = OneLogin_Saml2_Logout_Request.get_nameid_data(request)
self.assertEqual(expected_name_id_data, name_id_data)
dom = parseString(request)
name_id_data_2 = OneLogin_Saml2_Logout_Request.get_nameid_data(dom.toxml())
self.assertEqual(expected_name_id_data, name_id_data_2)
request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml'))
with self.assertRaises(Exception) as context:
OneLogin_Saml2_Logout_Request.get_nameid(request_2)
exception = context.exception
self.assertIn("Key is required in order to decrypt the NameID", str(exception))
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
key = settings.get_sp_key()
name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(request_2, key)
expected_name_id_data = {
'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69',
'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
'SPNameQualifier': 'https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php'
}
self.assertEqual(expected_name_id_data, name_id_data_4)
dom_2 = parseString(request_2)
encrypted_id_nodes = dom_2.getElementsByTagName('saml:EncryptedID')
encrypted_data = encrypted_id_nodes[0].firstChild.nextSibling
encrypted_id_nodes[0].removeChild(encrypted_data)
with self.assertRaises(Exception) as context:
OneLogin_Saml2_Logout_Request.get_nameid(dom_2.toxml(), key)
exception = context.exception
self.assertIn("Not NameID found in the Logout Request", str(exception))
inv_request = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'no_nameId.xml'))
with self.assertRaises(Exception) as context:
OneLogin_Saml2_Logout_Request.get_nameid(inv_request)
exception = context.exception
self.assertIn("Not NameID found in the Logout Request", str(exception))
def testLogoutNameID(self):
"""
Tests the logout method of the OneLogin_Saml2_Auth class
Case nameID loaded after process SAML Response
"""
request_data = self.get_request()
message = self.file_contents(join(self.data_path, "responses", "valid_response.xml.base64"))
del request_data["get_data"]
request_data["post_data"] = {"SAMLResponse": message}
auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON())
auth.process_response()
name_id_from_response = auth.get_nameid()
target_url = auth.logout()
parsed_query = parse_qs(urlparse(target_url)[4])
self.assertIn("SAMLRequest", parsed_query)
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query["SAMLRequest"][0])
name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request)
self.assertEqual(name_id_from_response, name_id_from_request)
def testLogoutNameIDandSessionIndex(self):
"""
Tests the logout method of the OneLogin_Saml2_Auth class
Case nameID and sessionIndex as parameters.
"""
settings_info = self.loadSettingsJSON()
request_data = self.get_request()
auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info)
name_id = 'name_id_example'
session_index = 'session_index_example'
target_url = auth.logout(name_id=name_id, session_index=session_index)
parsed_query = parse_qs(urlparse(target_url)[4])
slo_url = settings_info['idp']['singleLogoutService']['url']
self.assertIn(slo_url, target_url)
self.assertIn('SAMLRequest', parsed_query)
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0])
name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request)
sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes(logout_request)
self.assertIn(session_index, sessions_index_in_request)
self.assertEqual(name_id, name_id_from_request)
