def test_noop_attribute_conversion():
ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg"}
aconv = AttributeConverterNOOP(URI_NF)
res = aconv.to_(ava)
print(res)
assert len(res) == 2
for attr in res:
assert len(attr.attribute_value) == 1
if attr.name == "urn:oid:2.5.4.42":
assert attr.name_format == URI_NF
assert attr.attribute_value[0].text == "Hedberg"
elif attr.name == "urn:oid:2.5.4.4":
assert attr.name_format == URI_NF
assert attr.attribute_value[0].text == "Roland"
def test_noop_attribute_conversion():
ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg" }
aconv = AttributeConverterNOOP(URI_NF)
res = aconv.to_(ava)
print res
assert len(res) == 2
for attr in res:
assert len(attr.attribute_value) == 1
if attr.name == "urn:oid:2.5.4.42":
assert attr.name_format == URI_NF
assert attr.attribute_value[0].text == "Hedberg"
elif attr.name == "urn:oid:2.5.4.4":
assert attr.name_format == URI_NF
assert attr.attribute_value[0].text == "Roland"
def test_assertion_with_authn_instant():
ava = {}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {
"minutes": 240
},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
farg = add_path(
{}, ['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct("sp_entity_id",
[AttributeConverterNOOP(NAME_FORMAT_URI)],
policy,
issuer=issuer,
authn_decl=ACD,
authn_auth="authn_authn",
authn_instant=1234567890,
name_id=name_id,
farg=farg)
print(msg)
assert msg.authn_statement[0].authn_instant == "2009-02-13T23:31:30Z"
def test_assertion_with_noop_attribute_conv():
ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg" }
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {"minutes": 240},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
msg = ast.construct("sp_entity_id", "in_response_to", "consumer_url",
name_id, [AttributeConverterNOOP(NAME_FORMAT_URI)],
policy, issuer=issuer, authn_decl=ACD ,
authn_auth="authn_authn")
print(msg)
for attr in msg.attribute_statement[0].attribute:
assert attr.name_format == NAME_FORMAT_URI
assert len(attr.attribute_value) == 1
if attr.name == "urn:oid:2.5.4.42":
assert attr.attribute_value[0].text == "Hedberg"
elif attr.name == "urn:oid:2.5.4.4":
assert attr.attribute_value[0].text == "Roland"
def test_assertion_with_zero_attributes():
ava = {}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {
"minutes": 240
},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
msg = ast.construct("sp_entity_id",
"in_response_to",
"consumer_url",
name_id, [AttributeConverterNOOP(NAME_FORMAT_URI)],
policy,
issuer=issuer,
authn_decl=ACD,
authn_auth="authn_authn")
print(msg)
assert msg.attribute_statement == []
def post_auth(authData):
for t in authData:
if t[0] == 'Stripped-User-Name':
userName = t[1][1:-1]
elif t[0] == 'User-Password':
userPassword = t[1][1:-1]
identity = ldap_attributes(userName, userPassword)
if identity == None:
return radiusd.RLM_MODULE_FAIL
indentityFiltered = {
k: identity[k]
for k in set(ATTRS) & set(identity.keys())
}
print {k: identity[k] for k in set(ATTRS) & set(identity.keys())}
policy = Policy({
'default': {
'lifetime': {
'minutes': 60
},
'attribute_restrictions': None,
'name_form': NAME_FORMAT_URI
}
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT,
text='urn:mace:' + LDAP_SERVER)
issuer = Issuer(text='moonshot.' + LDAP_SERVER,
format=NAMEID_FORMAT_ENTITY)
ast = Assertion(indentityFiltered)
assertion = ast.construct('',
'',
'',
name_id,
[AttributeConverterNOOP(NAME_FORMAT_URI)],
policy,
issuer=issuer)
assertion = str(assertion).replace('\n', '')
attr = 'SAML-AAA-Assertion'
result = (tuple([(attr, x) for x in eq_len_parts('%s' % assertion)]))
return radiusd.RLM_MODULE_UPDATED, result, None
def test_assertion_with_noop_attribute_conv():
ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg"}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {
"minutes": 240
},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
farg = add_path(
{}, ['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct("sp_entity_id",
[AttributeConverterNOOP(NAME_FORMAT_URI)],
policy,
issuer=issuer,
farg=farg,
authn_decl=ACD,
name_id=name_id,
authn_auth="authn_authn")
print(msg)
for attr in msg.attribute_statement[0].attribute:
assert attr.name_format == NAME_FORMAT_URI
assert len(attr.attribute_value) == 1
if attr.name == "urn:oid:2.5.4.42":
assert attr.attribute_value[0].text == "Hedberg"
elif attr.name == "urn:oid:2.5.4.4":
assert attr.attribute_value[0].text == "Roland"
