def test_tampered_response(self):
a = SAMLAuthenticator()
a.metadata_content = test_constants.sample_metadata_xml
assert a._authenticate(None, {
a.login_post_field:
test_constants.tampered_sample_response_encoded
}) is None
def test_metadata_field(self):
a = SAMLAuthenticator()
a.metadata_url = 'bad_data'
a.metadata_content = test_constants.sample_metadata_xml
assert a._get_metadata_from_config(
) == test_constants.sample_metadata_xml
self._test_high_level_metadata_retrieval_functions(a)
def test_malformed_metadata(self):
a = SAMLAuthenticator()
bad_xml = 'not an xml document'
a.metadata_content = bad_xml
assert a._get_metadata_from_config() == bad_xml
assert a._get_preferred_metadata_from_source() == bad_xml
assert a._get_saml_metadata_etree() is None
def test_get_invalid_xml_element(self):
a = SAMLAuthenticator()
a.metadata_content = test_constants.sample_metadata_xml
mock_handler_self = MagicMock()
with self.assertRaises(IndexError):
a._get_redirect_from_metadata_and_redirect('md:BadElement',
mock_handler_self)
def test_get_empty_metadata(self):
a = SAMLAuthenticator()
a.metadata_filepath = None
a.metadata_content = None
a.metadata_url = None
mock_handler_self = MagicMock()
with self.assertRaises(HTTPError):
a._get_redirect_from_metadata_and_redirect('md:BadElement',
mock_handler_self)
def test_get_valid_logout_redirect(self):
a = SAMLAuthenticator()
a.metadata_content = test_constants.sample_metadata_xml
mock_handler_self = MagicMock()
a._get_redirect_from_metadata_and_redirect('md:SingleLogoutService',
mock_handler_self)
mock_handler_self.redirect.assert_called_once_with(
'https://bluedata-test-before-deploy.onelogin.com/trust/saml2/http-redirect/slo/719630',
permanent=False)
def _confirm_tom(self, saml_data, mock_datetime, mock_pwd):
mock_datetime.now.return_value = saml_data.datetime_stamp
mock_datetime.strptime = datetime.strptime
mock_pwd.getpwnam.return_value = True
a = SAMLAuthenticator()
a.metadata_content = saml_data.metadata_xml
assert 'tom' == a._authenticate(
None, {a.login_post_field: saml_data.b64encoded_response})
mock_datetime.now.assert_called_once_with(timezone.utc)
mock_pwd.getpwnam.assert_called_once_with('tom')
def test_file_fail(self, mock_fileopen):
entered_obj = MagicMock()
entered_obj.read.side_effect = IOError('Fake IO Error')
mock_fileopen().__enter__.return_value = entered_obj
a = SAMLAuthenticator()
a.metadata_url = 'bad_data'
a.metadata_content = 'bad_data'
a.metadata_filepath = '/completely/illegitimate/filepath'
with pytest.raises(IOError):
a._get_metadata_from_file()
with pytest.raises(IOError):
a._get_preferred_metadata_from_source()
assert a._get_saml_metadata_etree() is None
def test_file_read(self, mock_fileopen):
entered_obj = MagicMock()
entered_obj.read.return_value = test_constants.sample_metadata_xml
mock_fileopen().__enter__.return_value = entered_obj
a = SAMLAuthenticator()
a.metadata_url = 'bad_data'
a.metadata_content = 'bad_data'
a.metadata_filepath = '/completely/legitimate/filepath'
assert a._get_metadata_from_file(
) == test_constants.sample_metadata_xml
# Check that we have, at least once, called open with the provided filepath
# TODO: Figure out how to do this so we can use 'assert_called_once_with'
mock_fileopen.assert_any_call(a.metadata_filepath, 'r')
# Check that we're reading the file
entered_obj.read.assert_called_once()
self._test_readable_mock(a, mock_fileopen)
def test_no_allowed_roles(self):
with patch('samlauthenticator.samlauthenticator.datetime'
) as mock_datetime:
mock_datetime.now.return_value = datetime(2020,
7,
1,
23,
0,
0,
tzinfo=timezone.utc)
mock_datetime.strptime = datetime.strptime
a = SAMLAuthenticator()
a.metadata_content = test_constants.sample_metadata_xml
a.xpath_role_location = '//saml:AttributeStatement/saml:Attribute[@Name="Roles"]/saml:AttributeValue/text()'
# The included XML should not have either of these roles.
a.allowed_roles = 'allowed_role_1,allowed_role_2'
assert a._authenticate(
None, {
a.login_post_field:
test_constants.b64encoded_response_xml_with_roles
}) is None
mock_datetime.now.assert_called_once_with(timezone.utc)
def test_add_user_fail(self):
with patch('samlauthenticator.samlauthenticator.pwd') as mock_pwd, \
patch('samlauthenticator.samlauthenticator.datetime') as mock_datetime, \
patch('samlauthenticator.samlauthenticator.subprocess') as mock_subprocess:
mock_pwd.getpwnam.side_effect = KeyError('No User')
mock_datetime.now.return_value = datetime(2019,
4,
9,
21,
35,
0,
tzinfo=timezone.utc)
mock_datetime.strptime = datetime.strptime
mock_subprocess.call.return_value = 1
a = SAMLAuthenticator()
a.metadata_content = test_constants.sample_metadata_xml
assert a._authenticate(
None,
{a.login_post_field: test_constants.b64encoded_response_xml
}) is None
mock_pwd.getpwnam.assert_called_once_with('bluedata')
mock_datetime.now.assert_called_once_with(timezone.utc)
mock_subprocess.call.assert_called_once_with(
['useradd', 'bluedata'])
