def test_standard_workflow_302_redirect(self):
text = uuid.uuid4().hex
self.requests_mock.get(self.TEST_SP_URL, response_list=[
dict(headers=PAOS_HEADER,
content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
dict(text=text)
])
authm = self.requests_mock.post(self.TEST_IDP_URL,
content=saml2_fixtures.SAML2_ASSERTION)
self.requests_mock.post(
self.TEST_CONSUMER_URL,
status_code=302,
headers={'Location': self.TEST_SP_URL})
resp = requests.get(self.TEST_SP_URL, auth=self.get_plugin())
self.assertEqual(200, resp.status_code)
self.assertEqual(text, resp.text)
self.assertEqual(self.calls, [self.TEST_SP_URL,
self.TEST_IDP_URL,
self.TEST_CONSUMER_URL,
self.TEST_SP_URL])
self.assertEqual(self.basic_header(),
authm.last_request.headers['Authorization'])
authn_request = self.requests_mock.request_history[1].text
self.assertThat(saml2_fixtures.AUTHN_REQUEST,
matchers.XMLEquals(authn_request))
def test_standard_workflow_302_redirect(self):
text = uuid.uuid4().hex
self.requests_mock.get(self.TEST_SP_URL, response_list=[
dict(headers=CONTENT_TYPE_PAOS_HEADER,
content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
dict(text=text)
])
authm = self.requests_mock.post(self.TEST_IDP_URL,
content=saml2_fixtures.SAML2_ASSERTION)
self.requests_mock.post(
self.TEST_CONSUMER_URL,
status_code=302,
headers={'Location': self.TEST_SP_URL})
resp = requests.get(self.TEST_SP_URL, auth=self.get_plugin())
self.assertEqual(200, resp.status_code)
self.assertEqual(text, resp.text)
self.assertEqual(self.calls, [self.TEST_SP_URL,
self.TEST_IDP_URL,
self.TEST_CONSUMER_URL,
self.TEST_SP_URL])
self.assertEqual(self.basic_header(),
authm.last_request.headers['Authorization'])
authn_request = self.requests_mock.request_history[1].text
self.assertThat(saml2_fixtures.AUTHN_REQUEST,
matchers.XMLEquals(authn_request))
def test_workflow(self):
token_id = uuid.uuid4().hex
token = ksa_fixtures.V3Token()
self.requests_mock.get(self.default_sp_url, response_list=[
dict(headers=PAOS_HEADER,
content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
dict(headers={'X-Subject-Token': token_id}, json=token)
])
authm = self.requests_mock.post(self.TEST_IDP_URL,
content=saml2_fixtures.SAML2_ASSERTION)
self.requests_mock.post(
self.TEST_CONSUMER_URL,
status_code=302,
headers={'Location': self.sp_url()})
auth_ref = self.get_plugin().get_auth_ref(self.session)
self.assertEqual(token_id, auth_ref.auth_token)
self.assertEqual(self.calls, [self.default_sp_url,
self.TEST_IDP_URL,
self.TEST_CONSUMER_URL,
self.default_sp_url])
self.assertEqual(self.basic_header(),
authm.last_request.headers['Authorization'])
authn_request = self.requests_mock.request_history[1].text
self.assertThat(saml2_fixtures.AUTHN_REQUEST,
matchers.XMLEquals(authn_request))
def test_workflow(self):
token_id = uuid.uuid4().hex
token = ksa_fixtures.V3Token()
self.requests_mock.get(self.default_sp_url, response_list=[
dict(headers=CONTENT_TYPE_PAOS_HEADER,
content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE)),
dict(headers={'X-Subject-Token': token_id}, json=token)
])
authm = self.requests_mock.post(self.TEST_IDP_URL,
content=saml2_fixtures.SAML2_ASSERTION)
self.requests_mock.post(
self.TEST_CONSUMER_URL,
status_code=302,
headers={'Location': self.sp_url()})
auth_ref = self.get_plugin().get_auth_ref(self.session)
self.assertEqual(token_id, auth_ref.auth_token)
self.assertEqual(self.calls, [self.default_sp_url,
self.TEST_IDP_URL,
self.TEST_CONSUMER_URL,
self.default_sp_url])
self.assertEqual(self.basic_header(),
authm.last_request.headers['Authorization'])
authn_request = self.requests_mock.request_history[1].text
self.assertThat(saml2_fixtures.AUTHN_REQUEST,
matchers.XMLEquals(authn_request))
def test_get_adfs_security_token(self):
"""Test ADFSPassword._get_adfs_security_token()."""
self.requests_mock.post(self.IDENTITY_PROVIDER_URL,
content=utils.make_oneline(
self.ADFS_SECURITY_TOKEN_RESPONSE),
status_code=200)
self.adfsplugin._prepare_adfs_request()
self.adfsplugin._get_adfs_security_token(self.session)
adfs_response = etree.tostring(self.adfsplugin.adfs_token)
fixture_response = self.ADFS_SECURITY_TOKEN_RESPONSE
self.assertThat(fixture_response, matchers.XMLEquals(adfs_response))
def test_get_adfs_security_token(self):
"""Test ADFSPassword._get_adfs_security_token()."""
self.requests_mock.post(
self.IDENTITY_PROVIDER_URL,
content=utils.make_oneline(self.ADFS_SECURITY_TOKEN_RESPONSE),
status_code=200)
self.adfsplugin._prepare_adfs_request()
self.adfsplugin._get_adfs_security_token(self.session)
adfs_response = etree.tostring(self.adfsplugin.adfs_token)
fixture_response = self.ADFS_SECURITY_TOKEN_RESPONSE
self.assertThat(fixture_response,
matchers.XMLEquals(adfs_response))
def test_get_adfs_security_token_authn_fail(self):
"""Test proper parsing XML fault after bad authentication.
An exceptions.AuthorizationFailure should be raised including
error message from the XML message indicating where was the problem.
"""
content = utils.make_oneline(self.ADFS_FAULT)
self.requests_mock.register_uri('POST',
self.IDENTITY_PROVIDER_URL,
content=content,
status_code=500)
self.adfsplugin._prepare_adfs_request()
self.assertRaises(exceptions.AuthorizationFailure,
self.adfsplugin._get_adfs_security_token,
self.session)
def test_get_adfs_security_token_authn_fail(self):
"""Test proper parsing XML fault after bad authentication.
An exceptions.AuthorizationFailure should be raised including
error message from the XML message indicating where was the problem.
"""
content = utils.make_oneline(self.ADFS_FAULT)
self.requests_mock.register_uri('POST',
self.IDENTITY_PROVIDER_URL,
content=content,
status_code=500)
self.adfsplugin._prepare_adfs_request()
self.assertRaises(exceptions.AuthorizationFailure,
self.adfsplugin._get_adfs_security_token,
self.session)
def test_end_to_end_workflow(self):
self.requests_mock.get(
self.FEDERATION_AUTH_URL,
content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE))
self.requests_mock.post(self.IDENTITY_PROVIDER_URL,
content=saml2_fixtures.SAML2_ASSERTION)
self.requests_mock.post(
self.SHIB_CONSUMER_URL,
json=saml2_fixtures.UNSCOPED_TOKEN,
headers={'X-Subject-Token': saml2_fixtures.UNSCOPED_TOKEN_HEADER,
'Content-Type': 'application/json'})
self.session.redirect = False
response = self.saml2plugin.get_auth_ref(self.session)
self.assertEqual(saml2_fixtures.UNSCOPED_TOKEN_HEADER,
response.auth_token)
def test_initial_sp_call(self):
"""Test initial call, expect SOAP message."""
self.requests_mock.get(
self.FEDERATION_AUTH_URL,
content=utils.make_oneline(saml2_fixtures.SP_SOAP_RESPONSE))
a = self.saml2plugin._send_service_provider_request(self.session)
self.assertFalse(a)
sp_soap_response = etree.tostring(self.saml2plugin.saml2_authn_request)
self.assertThat(saml2_fixtures.SP_SOAP_RESPONSE,
matchers.XMLEquals(sp_soap_response))
self.assertEqual(
self.saml2plugin.sp_response_consumer_url, self.SHIB_CONSUMER_URL,
"Expected consumer_url set to %s instead of %s" % (
self.SHIB_CONSUMER_URL,
str(self.saml2plugin.sp_response_consumer_url)))
def test_initial_sp_call(self):
"""Test initial call, expect SOAP message."""
self.requests_mock.get(self.FEDERATION_AUTH_URL,
content=utils.make_oneline(
saml2_fixtures.SP_SOAP_RESPONSE))
a = self.saml2plugin._send_service_provider_request(self.session)
self.assertFalse(a)
sp_soap_response = etree.tostring(self.saml2plugin.saml2_authn_request)
self.assertThat(saml2_fixtures.SP_SOAP_RESPONSE,
matchers.XMLEquals(sp_soap_response))
self.assertEqual(
self.saml2plugin.sp_response_consumer_url, self.SHIB_CONSUMER_URL,
"Expected consumer_url set to %s instead of %s" %
(self.SHIB_CONSUMER_URL,
str(self.saml2plugin.sp_response_consumer_url)))
def test_end_to_end_workflow(self):
self.requests_mock.get(self.FEDERATION_AUTH_URL,
content=utils.make_oneline(
saml2_fixtures.SP_SOAP_RESPONSE))
self.requests_mock.post(self.IDENTITY_PROVIDER_URL,
content=saml2_fixtures.SAML2_ASSERTION)
self.requests_mock.post(self.SHIB_CONSUMER_URL,
json=saml2_fixtures.UNSCOPED_TOKEN,
headers={
'X-Subject-Token':
saml2_fixtures.UNSCOPED_TOKEN_HEADER,
'Content-Type': 'application/json'
})
self.session.redirect = False
response = self.saml2plugin.get_auth_ref(self.session)
self.assertEqual(saml2_fixtures.UNSCOPED_TOKEN_HEADER,
response.auth_token)