def test_raise_exception_if_file_dont_exist(self): with pytest.raises(IOError): SATOSAConfig._readfile("no_exist")
def test_can_read_endpoint_configs_from_file(self, satosa_config_dict, modules_key): satosa_config_dict[modules_key] = ["/fake_file_path"] with pytest.raises(SATOSAConfigurationError): SATOSAConfig(satosa_config_dict)
def run_test(self, satosa_config_dict, sp_conf, oidc_backend_config, frontend_config): subject_id = "testuser1" # proxy config satosa_config_dict["FRONTEND_MODULES"] = [frontend_config] satosa_config_dict["BACKEND_MODULES"] = [oidc_backend_config] satosa_config_dict["INTERNAL_ATTRIBUTES"]["attributes"] = { attr_name: { "openid": [attr_name], "saml": [attr_name] } for attr_name in USERS[subject_id] } frontend_metadata, backend_metadata = create_entity_descriptors( SATOSAConfig(satosa_config_dict)) # application test_client = Client(make_app(SATOSAConfig(satosa_config_dict)), BaseResponse) # config test SP frontend_metadata_str = str( frontend_metadata[frontend_config["name"]][0]) sp_conf["metadata"]["inline"].append(frontend_metadata_str) fakesp = FakeSP(SPConfig().load(sp_conf)) # create auth req destination, req_args = fakesp.make_auth_req( frontend_metadata[frontend_config["name"]][0].entity_id) auth_req = urlparse(destination).path + "?" + urlencode(req_args) # make auth req to proxy proxied_auth_req = test_client.get(auth_req) assert proxied_auth_req.status == "302 Found" parsed_auth_req = dict( parse_qsl(urlparse(proxied_auth_req.data.decode("utf-8")).query)) # create auth resp id_token_claims = {k: v for k, v in OIDC_USERS[subject_id].items()} id_token_claims["sub"] = subject_id id_token_claims["iat"] = time.time() id_token_claims["exp"] = time.time() + 3600 id_token_claims["iss"] = "https://op.example.com" id_token_claims["aud"] = oidc_backend_config["config"]["client"][ "client_metadata"]["client_id"] id_token_claims["nonce"] = parsed_auth_req["nonce"] id_token = IdToken(**id_token_claims).to_jwt() authn_resp = {"state": parsed_auth_req["state"], "id_token": id_token} # make auth resp to proxy redirect_uri_path = urlparse( oidc_backend_config["config"]["client"]["client_metadata"] ["redirect_uris"][0]).path authn_resp_req = redirect_uri_path + "?" + urlencode(authn_resp) authn_resp = test_client.get(authn_resp_req) assert authn_resp.status == "303 See Other" # verify auth resp from proxy resp_dict = dict( parse_qsl(urlparse(authn_resp.data.decode("utf-8")).query)) auth_resp = fakesp.parse_authn_request_response( resp_dict["SAMLResponse"], BINDING_HTTP_REDIRECT) assert auth_resp.ava == USERS[subject_id]
def test_can_read_endpoint_configs_from_dict(self, satosa_config_dict, modules_key): expected_config = [{"foo": "bar"}, {"abc": "xyz"}] satosa_config_dict[modules_key] = expected_config config = SATOSAConfig(satosa_config_dict) assert config[modules_key] == expected_config
def test_constructor_should_raise_exception_if_sensitive_keys_are_missing(self, non_sensitive_config_dict): with pytest.raises(SATOSAConfigurationError): SATOSAConfig(non_sensitive_config_dict)
def test_senstive_config_data_from_env_var_overrides_config(self, monkeypatch, non_sensitive_config_dict): non_sensitive_config_dict["STATE_ENCRYPTION_KEY"] = "bar" monkeypatch.setenv("SATOSA_STATE_ENCRYPTION_KEY", "state_encryption_key") config = SATOSAConfig(non_sensitive_config_dict) assert config["STATE_ENCRYPTION_KEY"] == "state_encryption_key"
def __init__(self): if TestConfiguration._instance: raise TypeError( 'Singletons must be accessed through `get_instance()`.') else: TestConfiguration._instance = self # Add test directory to path to be able to import configurations sys.path.append(os.path.dirname(__file__)) if os.path.isfile("/usr/bin/xmlsec1"): self.xmlsec_path = "/usr/bin/xmlsec1" elif os.path.isfile("/usr/local/bin/xmlsec1"): self.xmlsec_path = "/usr/local/bin/xmlsec1" proxy_config_dict = { "BASE": "https://localhost:8090", "COOKIE_STATE_NAME": "TEST_STATE", "STATE_ENCRYPTION_KEY": "ASDasd123", "PLUGIN_PATH": [os.path.dirname(__file__)], "BACKEND_MODULES": [inspect.getmodulename(__file__)], "FRONTEND_MODULES": [inspect.getmodulename(__file__)], "USER_ID_HASH_SALT": "qwerty", "INTERNAL_ATTRIBUTES": INTERNAL_ATTRIBUTES } self.proxy_config = SATOSAConfig(proxy_config_dict) frontend_metadata = [] backend_metadata = [] self.fake_idp_metadata = [] self.fake_sp_metadata = [] self.backend_cert, self.backend_key = \ FileGenerator.get_instance().generate_cert("Saml2Backend") self.frontend_cert, self.frontend_key = \ FileGenerator.get_instance().generate_cert("Saml2Frontend") fake_idp_base = "https://example.com" fake_idp_cert, fake_idp_key = FileGenerator.get_instance( ).generate_cert("fake_idp") self.fake_idp_config = { "entityid": "{}/unittest_idp.xml".format(fake_idp_base), "service": { "idp": { "endpoints": { "single_sign_on_service": [ ("%s/sso/post" % fake_idp_base, BINDING_HTTP_POST), ("%s/sso/redirect" % fake_idp_base, BINDING_HTTP_REDIRECT), ], }, }, }, "key_file": fake_idp_key.name, "cert_file": fake_idp_cert.name, "metadata": { "local": backend_metadata, }, "xmlsec_binary": self.xmlsec_path, } fake_sp_base = "http://example.com" fake_sp_cert, fake_sp_key = FileGenerator.get_instance().generate_cert( "fake_sp") self.fake_sp_config = { "entityid": "{}/unittest_sp.xml".format(fake_sp_base), "service": { "sp": { "endpoints": { "assertion_consumer_service": [("%s/acs/redirect" % fake_sp_base, BINDING_HTTP_REDIRECT), ("%s/acs/post" % fake_sp_base, BINDING_HTTP_POST)], }, "allow_unsolicited": "true", }, }, "key_file": fake_sp_key.name, "cert_file": fake_sp_cert.name, "metadata": { "local": frontend_metadata, }, "xmlsec_binary": self.xmlsec_path, } fake_idp_metadata_file = FileGenerator.get_instance().create_metadata( self.fake_idp_config, "fake_idp") fake_sp_metadata_file = FileGenerator.get_instance().create_metadata( self.fake_sp_config, "fake_sp") frontend_metadata_file = FileGenerator.get_instance().create_metadata( Saml2FrontendPlugin(self.proxy_config.BASE).config["idp_config"], "frontend") backend_metadata_file = FileGenerator.get_instance().create_metadata( Saml2BackendPlugin(self.proxy_config.BASE).config["config"], "backend") self.fake_idp_metadata.append(fake_idp_metadata_file.name) self.fake_sp_metadata.append(fake_sp_metadata_file.name) frontend_metadata.append(frontend_metadata_file.name) backend_metadata.append(backend_metadata_file.name)
def test_read_senstive_config_data_from_env_var(self, monkeypatch, non_sensitive_config_dict): monkeypatch.setenv("SATOSA_USER_ID_HASH_SALT", "user_id_hash_salt") monkeypatch.setenv("SATOSA_STATE_ENCRYPTION_KEY", "state_encryption_key") config = SATOSAConfig(non_sensitive_config_dict) assert config["USER_ID_HASH_SALT"] == "user_id_hash_salt" assert config["STATE_ENCRYPTION_KEY"] == "state_encryption_key"