Пример #1
0
    def handle_logout_request(self,
                              request,
                              name_id,
                              binding,
                              sign=False,
                              relay_state=""):
        """
        Deal with a LogoutRequest

        :param request: The request as text string
        :param name_id: The id of the current user
        :param binding: Which binding the message came in over
        :param sign: Whether the response will be signed or not
        :return: Keyword arguments which can be used to send the response
            what's returned follow different patterns for different bindings.
            If the binding is BINDIND_SOAP, what is returned looks like this::

                {
                    "data": <the SOAP enveloped response>
                    "url": "",
                    'headers': [('content-type', 'application/soap+xml')]
                    'method': "POST
                }
        """
        logger.info("logout request: %s" % request)

        _req = self._parse_request(request, LogoutRequest,
                                   "single_logout_service", binding)

        if _req.message.name_id == name_id:
            try:
                if self.local_logout(name_id):
                    status = success_status_factory()
                else:
                    status = status_message_factory("Server error",
                                                    STATUS_REQUEST_DENIED)
            except KeyError:
                status = status_message_factory("Server error",
                                                STATUS_REQUEST_DENIED)
        else:
            status = status_message_factory("Wrong user",
                                            STATUS_UNKNOWN_PRINCIPAL)

        if binding == BINDING_SOAP:
            response_bindings = [BINDING_SOAP]
        elif binding == BINDING_HTTP_POST or BINDING_HTTP_REDIRECT:
            response_bindings = [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT]
        else:
            response_bindings = self.config.preferred_binding[
                "single_logout_service"]

        response = self.create_logout_response(_req.message, response_bindings,
                                               status, sign)
        rinfo = self.response_args(_req.message, response_bindings)

        return self.apply_binding(rinfo["binding"],
                                  response,
                                  rinfo["destination"],
                                  relay_state,
                                  response=True)
Пример #2
0
    def handle_logout_request(self, request, name_id, binding, sign=False,
                              relay_state=""):
        """
        Deal with a LogoutRequest

        :param request: The request as text string
        :param name_id: The id of the current user
        :param binding: Which binding the message came in over
        :param sign: Whether the response will be signed or not
        :return: Keyword arguments which can be used to send the response
            what's returned follow different patterns for different bindings.
            If the binding is BINDIND_SOAP, what is returned looks like this::

                {
                    "data": <the SOAP enveloped response>
                    "url": "",
                    'headers': [('content-type', 'application/soap+xml')]
                    'method': "POST
                }
        """
        logger.info("logout request: %s", request)

        _req = self._parse_request(request, LogoutRequest,
                                   "single_logout_service", binding)

        if _req.message.name_id == name_id:
            try:
                if self.local_logout(name_id):
                    status = success_status_factory()
                else:
                    status = status_message_factory("Server error",
                                                    STATUS_REQUEST_DENIED)
            except KeyError:
                status = status_message_factory("Server error",
                                                STATUS_REQUEST_DENIED)
        else:
            status = status_message_factory("Wrong user",
                                            STATUS_UNKNOWN_PRINCIPAL)

        if binding == BINDING_SOAP:
            response_bindings = [BINDING_SOAP]
        elif binding == BINDING_HTTP_POST or BINDING_HTTP_REDIRECT:
            response_bindings = [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT]
        else:
            response_bindings = self.config.preferred_binding[
                "single_logout_service"]

        response = self.create_logout_response(_req.message, response_bindings,
                                               status, sign)
        rinfo = self.response_args(_req.message, response_bindings)

        return self.apply_binding(rinfo["binding"], response,
                                  rinfo["destination"], relay_state,
                                  response=True)
Пример #3
0
def test_error_status():
    status = utils.status_message_factory("Error resolving principal",
                                          samlp.STATUS_UNKNOWN_PRINCIPAL,
                                          samlp.STATUS_RESPONDER)

    status_text = "%s" % status
    print status_text
    assert status_text == ERROR_STATUS
Пример #4
0
def test_error_status():
    status = utils.status_message_factory("Error resolving principal",
                                          samlp.STATUS_UNKNOWN_PRINCIPAL,
                                          samlp.STATUS_RESPONDER)

    status_text = "%s" % status
    print status_text
    assert status_text == ERROR_STATUS
Пример #5
0
    def handle_logout_request(
        self,
        request,
        name_id,
        binding,
        sign=None,
        sign_alg=None,
        digest_alg=None,
        relay_state=None,
        sigalg=None,
        signature=None,
    ):
        """
        Deal with a LogoutRequest

        :param request: The request as text string
        :param name_id: The id of the current user
        :param binding: Which binding the message came in over
        :param sign: Whether the response will be signed or not
        :param sign_alg: The signing algorithm for the response
        :param digest_alg: The digest algorithm for the the response
        :param relay_state: The relay state of the request
        :param sigalg: The SigAlg query param of the request
        :param signature: The Signature query param of the request
        :return: Keyword arguments which can be used to send the response
            what's returned follow different patterns for different bindings.
            If the binding is BINDIND_SOAP, what is returned looks like this::

                {
                    "data": <the SOAP enveloped response>
                    "url": "",
                    'headers': [('content-type', 'application/soap+xml')]
                    'method': "POST
                }
        """
        logger.info("logout request: %s", request)

        _req = self.parse_logout_request(
            xmlstr=request,
            binding=binding,
            relay_state=relay_state,
            sigalg=sigalg,
            signature=signature,
        )

        if _req.message.name_id == name_id:
            try:
                if self.local_logout(name_id):
                    status = success_status_factory()
                else:
                    status = status_message_factory("Server error",
                                                    STATUS_REQUEST_DENIED)
            except KeyError:
                status = status_message_factory("Server error",
                                                STATUS_REQUEST_DENIED)
        else:
            status = status_message_factory("Wrong user",
                                            STATUS_UNKNOWN_PRINCIPAL)

        response_bindings = {
            BINDING_SOAP: [BINDING_SOAP],
            BINDING_HTTP_POST: [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT],
            BINDING_HTTP_REDIRECT: [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST],
        }.get(binding)

        if sign is None:
            sign = self.logout_responses_signed

        response = self.create_logout_response(
            _req.message,
            bindings=response_bindings,
            status=status,
            sign=sign,
            sign_alg=sign_alg,
            digest_alg=digest_alg,
        )
        rinfo = self.response_args(_req.message, response_bindings)

        return self.apply_binding(
            rinfo["binding"],
            response,
            rinfo["destination"],
            relay_state,
            response=True,
            sign=sign,
            sigalg=sign_alg,
        )