def handle_response(self, context):
auth_info = AuthenticationInformation("test", str(datetime.now()),
"test_issuer")
internal_resp = InternalResponse(auth_info=auth_info)
internal_resp.attributes = context.request
internal_resp.user_id = "test_user"
return self.auth_callback_func(context, internal_resp)
def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(
self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = [
"user_id", "domain"
]
base = SATOSABase(satosa_config)
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = {
"user_id": ["user"],
"domain": ["@example.com"]
}
internal_resp.requester = "test_requester"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.
STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
UserIdHasher.save_state(InternalRequest(UserIdHashType.persistent, ""),
context.state)
base._auth_resp_callback_func(context, internal_resp)
expected_user_id = UserIdHasher.hash_data(
satosa_config["USER_ID_HASH_SALT"], "*****@*****.**")
expected_user_id = UserIdHasher.hash_id(
satosa_config["USER_ID_HASH_SALT"], expected_user_id,
internal_resp.requester, context.state)
assert internal_resp.user_id == expected_user_id
def internal_response(self, idp_conf):
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z",
idp_conf["entityid"])
internal_response = InternalResponse(auth_info=auth_info)
internal_response.attributes = AttributeMapper(
INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
return internal_response
def internal_response(self):
auth_info = AuthenticationInformation("auth_class_ref", "timestamp",
"issuer")
internal_response = InternalResponse(auth_info=auth_info)
internal_response.requester = "client"
internal_response.attributes = ATTRIBUTES
return internal_response
def setup_for_authn_response(self, context, frontend, auth_req):
context.state[frontend.name] = {"oidc_request": auth_req.to_urlencoded()}
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", "unittest_idp.xml")
internal_response = InternalResponse(auth_info=auth_info)
internal_response.attributes = AttributeMapper(INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
internal_response.user_id = USERS["testuser1"]["eduPersonTargetedID"][0]
return internal_response
def test_filter_attribute_not_in_response(self):
attribute_filters = {"": {"": {"a0": "foo:bar"}}}
filter_service = self.create_filter_service(attribute_filters)
resp = InternalResponse(AuthenticationInformation(None, None, None))
resp.attributes = {
"a1": ["abc:xyz", "1:foo:bar:2"],
}
filtered = filter_service.process(None, resp)
assert filtered.attributes == {"a1": ["abc:xyz", "1:foo:bar:2"]}
def test_filter_one_attribute_for_one_target_provider(self):
target_provider = "test_provider"
attribute_filters = {target_provider: {"": {"a1": "foo:bar"}}}
filter_service = self.create_filter_service(attribute_filters)
resp = InternalResponse(
AuthenticationInformation(None, None, target_provider))
resp.attributes = {
"a1": ["abc:xyz", "1:foo:bar:2"],
}
filtered = filter_service.process(None, resp)
assert filtered.attributes == {"a1": ["1:foo:bar:2"]}
def test_filter_one_attribute_from_all_target_providers_for_all_requesters(
self):
attribute_filters = {"": {"": {"a2": "^foo:bar$"}}}
filter_service = self.create_filter_service(attribute_filters)
resp = InternalResponse(AuthenticationInformation(None, None, None))
resp.attributes = {
"a1": ["abc:xyz"],
"a2": ["foo:bar", "1:foo:bar:2"],
}
filtered = filter_service.process(None, resp)
assert filtered.attributes == {"a1": ["abc:xyz"], "a2": ["foo:bar"]}
def setup_for_authn_response(self, context, frontend, auth_req):
context.state[frontend.name] = {
"oidc_request": auth_req.to_urlencoded()
}
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z",
"unittest_idp.xml")
internal_response = InternalResponse(auth_info=auth_info)
internal_response.attributes = AttributeMapper(
INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
internal_response.user_id = USERS["testuser1"]["eduPersonTargetedID"][
0]
return internal_response
def test_authz_deny_fail(self):
attribute_deny = {"": {"default": {"a0": ['foo1', 'foo2']}}}
attribute_allow = {}
authz_service = self.create_authz_service(attribute_allow,
attribute_deny)
resp = InternalResponse(AuthenticationInformation(None, None, None))
resp.attributes = {
"a0": ["foo3"],
}
try:
ctx = Context()
ctx.state = dict()
authz_service.process(ctx, resp)
except SATOSAAuthenticationError as ex:
assert False
def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
base = SATOSABase(satosa_config)
attributes = {"user_id": ["user"], "mail": ["*****@*****.**", "*****@*****.**"]}
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = copy.copy(attributes)
internal_resp.user_id = "test_user"
UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""), context.state)
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
assert internal_resp.attributes[attr] == [UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v)
for v in attributes[attr]]
def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["user_id_from_attrs"] = ["user_id", "domain"]
base = SATOSABase(satosa_config)
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = {"user_id": ["user"], "domain": ["@example.com"]}
internal_resp.requester = "test_requester"
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
UserIdHasher.save_state(InternalRequest(UserIdHashType.persistent, ""), context.state)
base._auth_resp_callback_func(context, internal_resp)
expected_user_id = UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], "*****@*****.**")
expected_user_id = UserIdHasher.hash_id(satosa_config["USER_ID_HASH_SALT"],
expected_user_id,
internal_resp.requester,
context.state)
assert internal_resp.user_id == expected_user_id
def test_auth_resp_callback_func_hashes_all_specified_attributes(
self, context, satosa_config):
satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
base = SATOSABase(satosa_config)
attributes = {
"user_id": ["user"],
"mail": ["*****@*****.**", "*****@*****.**"]
}
internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
internal_resp.attributes = copy.copy(attributes)
internal_resp.user_id = "test_user"
UserIdHasher.save_state(InternalRequest(UserIdHashType.transient, ""),
context.state)
context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
context.state[satosa.routing.
STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
base._auth_resp_callback_func(context, internal_resp)
for attr in satosa_config["INTERNAL_ATTRIBUTES"]["hash"]:
assert internal_resp.attributes[attr] == [
UserIdHasher.hash_data(satosa_config["USER_ID_HASH_SALT"], v)
for v in attributes[attr]
]
def handle_response(self, context):
auth_info = AuthenticationInformation("test", str(datetime.now()), "test_issuer")
internal_resp = InternalResponse(auth_info=auth_info)
internal_resp.attributes = context.request
internal_resp.user_id = "test_user"
return self.auth_callback_func(context, internal_resp)
def internal_response(self):
auth_info = AuthenticationInformation("auth_class_ref", "timestamp", "issuer")
internal_response = InternalResponse(auth_info=auth_info)
internal_response.requester = "client"
internal_response.attributes = ATTRIBUTES
return internal_response
def internal_response(self, idp_conf):
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", idp_conf["entityid"])
internal_response = InternalResponse(auth_info=auth_info)
internal_response.attributes = AttributeMapper(INTERNAL_ATTRIBUTES).to_internal("saml", USERS["testuser1"])
return internal_response