def test_get_roles_from_saml_doc(self): a = SAMLAuthenticator() a.xpath_role_location = '//saml:AttributeStatement/saml:Attribute[@Name="Roles"]/saml:AttributeValue/text()' assert ['Default' ] == a._get_roles_from_saml_etree(self.verified_signed_xml) assert ['Default'] == a._get_roles_from_saml_etree(self.response_etree) assert ['Default' ] == a._get_roles_from_saml_doc(self.verified_signed_xml, self.response_etree) a.xpath_role_location = '//saml:AttributeStatement/saml:Attribute[@Name="Bad_Role_Location"]/saml:AttributeValue/text()' assert a._get_roles_from_saml_etree(self.verified_signed_xml) == [] assert a._get_roles_from_saml_etree(self.response_etree) == [] assert a._get_roles_from_saml_doc(self.verified_signed_xml, self.response_etree) == []
def test_xpath_roles_call_methods_false_return(self): a = SAMLAuthenticator() a._valid_roles_in_assertion = MagicMock( name='_valid_roles_in_assertion', return_value=False) a.log.warning = MagicMock(name='warning') a.allowed_roles = 'group1' a.xpath_role_location = 'value' assert a._valid_config_and_roles(None, None) == False a._valid_roles_in_assertion.assert_called_once_with(None, None) a.log.warning.assert_not_called()
def test_get_roles_from_saml_doc(self): a = SAMLAuthenticator() a.xpath_role_location = '//saml:AttributeStatement/saml:Attribute[@Name="Roles"]/saml:AttributeValue/text()' assert self.sorted_roles == sorted( a._get_roles_from_saml_etree(self.verified_signed_xml)) assert self.sorted_roles == sorted( a._get_roles_from_saml_etree(self.response_etree)) assert self.sorted_roles == sorted( a._get_roles_from_saml_doc(self.verified_signed_xml, self.response_etree))
def test_xpath_no_roles(self): a = SAMLAuthenticator() a.xpath_role_location = 'value' a._valid_roles_in_assertion = unittest.mock.create_autospec( MagicMock(name='_valid_roles_in_assertion')) a.log.warning = MagicMock(name='warning') assert a._valid_config_and_roles(None, None) a._valid_roles_in_assertion.assert_not_called() print(a.log.warning.call_args_list) a.log.warning.assert_called() a.log.warning.assert_any_call(a._const_warn_explain) a.log.warning.assert_any_call(a._const_warn_no_roles)
def test_no_allowed_roles(self): with patch('samlauthenticator.samlauthenticator.datetime' ) as mock_datetime: mock_datetime.now.return_value = datetime(2020, 7, 1, 23, 0, 0, tzinfo=timezone.utc) mock_datetime.strptime = datetime.strptime a = SAMLAuthenticator() a.metadata_content = test_constants.sample_metadata_xml a.xpath_role_location = '//saml:AttributeStatement/saml:Attribute[@Name="Roles"]/saml:AttributeValue/text()' # The included XML should not have either of these roles. a.allowed_roles = 'allowed_role_1,allowed_role_2' assert a._authenticate( None, { a.login_post_field: test_constants.b64encoded_response_xml_with_roles }) is None mock_datetime.now.assert_called_once_with(timezone.utc)