def test_ava_filter_2(): conf = { "default": { "lifetime": {"minutes": 15}, "attribute_restrictions": None # means all I have }, "urn:mace:umu.se:saml:roland:sp": { "lifetime": {"minutes": 5}, "attribute_restrictions": { "givenName": None, "sn": None, "mail": [".*@.*\.umu\.se"], } }} policy = Policy(conf) ava = {"givenName": "Derek", "sn": "Jeter", "mail": "*****@*****.**"} # mail removed because it doesn't match the regular expression _ava = policy.filter(ava, 'urn:mace:umu.se:saml:roland:sp', None, [mail], [gn, sn]) assert _eq(sorted(list(_ava.keys())), ["givenName", 'sn']) ava = {"givenName": "Derek", "sn": "Jeter"} # it wasn't there to begin with try: policy.filter(ava, 'urn:mace:umu.se:saml:roland:sp', None, [gn, sn, mail]) except MissingValue: pass
def test_req_opt(): req = [ to_dict( md.RequestedAttribute( friendly_name="surname", name="urn:oid:2.5.4.4", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="true"), ONTS), to_dict( md.RequestedAttribute( friendly_name="givenname", name="urn:oid:2.5.4.42", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="true"), ONTS), to_dict( md.RequestedAttribute( friendly_name="edupersonaffiliation", name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="true"), ONTS)] opt = [ to_dict( md.RequestedAttribute( friendly_name="title", name="urn:oid:2.5.4.12", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="false"), ONTS)] policy = Policy() ava = {'givenname': 'Roland', 'sn': 'Hedberg', 'uid': 'rohe0002', 'edupersonaffiliation': 'staff'} sp_entity_id = "urn:mace:example.com:saml:curt:sp" fava = policy.filter(ava, sp_entity_id, None, req, opt) assert fava
def test_ava_filter_1(): conf = { "default": { "lifetime": {"minutes": 15}, "attribute_restrictions": None # means all I have }, "urn:mace:umu.se:saml:roland:sp": { "lifetime": {"minutes": 5}, "attribute_restrictions": { "givenName": None, "surName": None, "mail": [".*@.*\.umu\.se"], } }} r = Policy(conf) ava = {"givenName": "Derek", "surName": "Jeter", "mail": "*****@*****.**"} ava = r.filter(ava, "urn:mace:umu.se:saml:roland:sp", None, None) assert _eq(list(ava.keys()), ["givenName", "surName"]) ava = {"givenName": "Derek", "mail": "*****@*****.**"} assert _eq(sorted(list(ava.keys())), ["givenName", "mail"])
def test_ava_filter_dont_fail(): conf = { "default": { "lifetime": {"minutes": 15}, "attribute_restrictions": None, # means all I have "fail_on_missing_requested": False }, "urn:mace:umu.se:saml:roland:sp": { "lifetime": {"minutes": 5}, "attribute_restrictions": { "givenName": None, "surName": None, "mail": [".*@.*\.umu\.se"], }, "fail_on_missing_requested": False }} policy = Policy(conf) ava = {"givenName": "Derek", "surName": "Jeter", "mail": "*****@*****.**"} # mail removed because it doesn't match the regular expression # So it should fail if the 'fail_on_ ...' flag wasn't set _ava = policy.filter(ava, 'urn:mace:umu.se:saml:roland:sp', None, [mail], [gn, sn]) assert _ava ava = {"givenName": "Derek", "surName": "Jeter"} # it wasn't there to begin with _ava = policy.filter(ava, 'urn:mace:umu.se:saml:roland:sp', None, [gn, sn, mail]) assert _ava
def test_filter_ava(): policy = Policy({ "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } }) ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["*****@*****.**", "*****@*****.**"], "c": ["USA"]} ava = policy.filter(ava, "https://connect.sunet.se/shibboleth", MDS) assert _eq(list(ava.keys()), ['mail', 'givenName', 'sn', 'c']) assert _eq(ava["mail"], ["*****@*****.**", "*****@*****.**"])
def test_filter_ava2(): policy = Policy({ "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["refeds", "edugain"] } }) ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["*****@*****.**"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz"} ava = policy.filter(ava, "https://connect.sunet.se/shibboleth", MDS) # Mismatch, policy deals with eduGAIN, metadata says SWAMID # So only minimum should come out assert _eq(list(ava.keys()), ['eduPersonTargetedID'])
def test_filter_ava3(): policy = Policy({ "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } }) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp([{"class": "saml2_tophat.mdstore.MetaDataFile", "metadata": [(full_path("entity_cat_sfs_hei.xml"),)]}]) ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["*****@*****.**"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "norEduPersonNIN": "19800101134"} ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) assert _eq(list(ava.keys()), ['eduPersonTargetedID', "norEduPersonNIN"])
def test_filter_ava_4(): """ Return everything as default policy is used """ policy = Policy({ "default": { "lifetime": {"minutes": 15}, "attribute_restrictions": None # means all I have }, "urn:mace:example.com:saml:roland:sp": { "lifetime": {"minutes": 5}, "attribute_restrictions": { "mail": [".*@example\.com$"], } }}) ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["*****@*****.**", "*****@*****.**"]} # No restrictions apply ava = policy.filter(ava, "urn:mace:example.com:saml:curt:sp", [], []) assert _eq(sorted(list(ava.keys())), ['mail', 'givenName', 'surName']) assert _eq(ava["mail"], ["*****@*****.**", "*****@*****.**"])
def test_filter_ava_3(): """ Only example.com mail addresses returned """ policy = Policy({ "default": { "lifetime": {"minutes": 15}, "attribute_restrictions": None # means all I have }, "urn:mace:example.com:saml:roland:sp": { "lifetime": {"minutes": 5}, "attribute_restrictions": { "mail": [".*@example\.com$"], } }}) ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["*****@*****.**", "*****@*****.**"]} # No restrictions apply ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", [], []) assert _eq(list(ava.keys()), ["mail"]) assert ava["mail"] == ["*****@*****.**"]
def test_filter_ava_0(): policy = Policy( { "default": { "lifetime": {"minutes": 15}, "attribute_restrictions": None # means all I have }, "urn:mace:example.com:saml:roland:sp": { "lifetime": {"minutes": 5}, } } ) ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["*****@*****.**"]} # No restrictions apply ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", [], []) assert _eq(sorted(list(ava.keys())), ["givenName", "mail", "surName"]) assert ava["givenName"] == ["Derek"] assert ava["surName"] == ["Jeter"] assert ava["mail"] == ["*****@*****.**"]