def test_logout_request_http_redirect_without_signature(self):
# https://github.com/italia/spid-testenv2/issues/159
# https://github.com/italia/spid-testenv2/issues/165
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
request = FakeRequest(sample_requests.logout_no_signature % (''))
registry = FakeRegistry({
'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')])
})
validator = SpidRequestValidator(
'logout', settings.BINDING_HTTP_REDIRECT, registry, config)
validator.validate(request)
def test_logout_request_http_post_with_reason_attr(self):
# https://github.com/italia/spid-testenv2/issues/159
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
request = FakeRequest(sample_requests.logout_with_reason_attr %
(sample_requests.fake_signature))
registry = FakeRegistry({
'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')])
})
validator = SpidRequestValidator(
'logout', settings.BINDING_HTTP_POST, registry, config)
validator.validate(request)
def test_missing_issuer(self):
# https://github.com/italia/spid-testenv2/issues/133
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
registry = FakeRegistry({
'http://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')])
})
for binding, val in list({settings.BINDING_HTTP_POST: sample_requests.fake_signature, settings.BINDING_HTTP_REDIRECT: ''}.items()):
request = FakeRequest(sample_requests.missing_issuer)
validator = SpidRequestValidator('login', binding, registry, config)
with pytest.raises(UnknownEntityIDError) as excinfo:
request.saml_request = request.saml_request % (val)
validator.validate(request)
exc = excinfo.value
self.assertEqual(
'Issuer non presente nella AuthnRequest', str(exc))
def _get_deserializer(request, action, binding):
validators = [
XMLFormatValidator(),
AuthnRequestXMLSchemaValidator(),
SpidRequestValidator(action, binding),
]
validator_group = ValidatorGroup(validators)
return HTTPRequestDeserializer(request, validator_group)
def test_logout_request_http_post_without_signature(self):
# https://github.com/italia/spid-testenv2/issues/159
# https://github.com/italia/spid-testenv2/issues/165
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
request = FakeRequest(sample_requests.logout_no_signature % (''))
registry = FakeRegistry({
'https://localhost:8088/':
ServiceProviderMetadataFakeLoader(
[], [(0, 'http://localhost:3000/spid-sso')])
})
validator = SpidRequestValidator('logout', settings.BINDING_HTTP_POST,
registry, config)
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(request)
exc = excinfo.value
self.assertEqual('LogoutRequest/Signature', exc.details[0].path)
self.assertEqual('required key not provided', exc.details[0].message)
def test_wrong_destination(self):
# https://github.com/italia/spid-testenv2/issues/158
config = FakeConfig('http://localhost:9999/sso',
'http://localhost:9999/')
registry = FakeRegistry({
'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')])
})
for binding, val in list({
settings.BINDING_HTTP_POST: sample_requests.fake_signature,
settings.BINDING_HTTP_REDIRECT: ''
}.items()):
validator = SpidRequestValidator('login', binding, registry, config)
request = FakeRequest(sample_requests.wrong_destination)
with pytest.raises(SPIDValidationError) as excinfo:
request.saml_request = request.saml_request % (val)
validator.validate(request)
exc = excinfo.value
self.assertEqual(
'Il valore dell\'elemento è diverso dal valore atteso (http://localhost:9999/):', exc.details[0].message)
def test_authn_request_http_redirect_with_signature(self):
# https://github.com/italia/spid-testenv2/issues/159
# https://github.com/italia/spid-testenv2/issues/165
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
request = FakeRequest(sample_requests.auth_no_signature %
(sample_requests.fake_signature))
registry = FakeRegistry({
'https://localhost:8088/': ServiceProviderMetadataFakeLoader([], [(0, 'http://localhost:3000/spid-sso')])
})
validator = SpidRequestValidator(
'login', settings.BINDING_HTTP_REDIRECT, registry, config)
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(request)
exc = excinfo.value
self.assertEqual(
'AuthnRequest/Signature',
exc.details[0].path
)
self.assertEqual('item not allowed', exc.details[0].message)
