def test_missing_issuer(self):
# https://github.com/italia/spid-testenv2/issues/133
config = FakeConfig('http://localhost:8088/sso')
request = FakeRequest(sample_requests.missing_issuer)
for binding in [
settings.BINDING_HTTP_POST, settings.BINDING_HTTP_REDIRECT
]:
validator = SpidValidator('login', binding, {}, config)
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(request)
exc = excinfo.value
self.assertEqual('required key not provided',
exc.details[0].message)
def test_logout_request_http_redirect_without_signature(self):
# https://github.com/italia/spid-testenv2/issues/159
# https://github.com/italia/spid-testenv2/issues/165
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
request = FakeRequest(sample_requests.logout_no_signature % (''))
registry = FakeRegistry({
'https://localhost:8088/':
ServiceProviderMetadataFakeLoader(
[], [(0, 'http://localhost:3000/spid-sso')])
})
validator = SpidValidator('logout', settings.BINDING_HTTP_REDIRECT,
registry, config)
validator.validate(request)
def _get_deserializer(request, action, binding, metadata, config):
validators = [
XMLFormatValidator(),
AuthnRequestXMLSchemaValidator(),
SpidValidator(action, binding, metadata, config),
]
return HTTPRequestDeserializer(request, validators)
def _get_deserializer(request, action, binding):
validators = [
XMLFormatValidator(),
AuthnRequestXMLSchemaValidator(),
SpidValidator(action, binding),
]
validator_group = ValidatorGroup(validators)
return HTTPRequestDeserializer(request, validator_group)
def test_logout_request_http_post_without_signature(self):
# https://github.com/italia/spid-testenv2/issues/159
# https://github.com/italia/spid-testenv2/issues/165
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
request = FakeRequest(sample_requests.logout_no_signature % (''))
registry = FakeRegistry({
'https://localhost:8088/':
ServiceProviderMetadataFakeLoader(
[], [(0, 'http://localhost:3000/spid-sso')])
})
validator = SpidValidator('logout', settings.BINDING_HTTP_POST,
registry, config)
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(request)
exc = excinfo.value
self.assertEqual(
'xpath: {urn:oasis:names:tc:SAML:2.0:protocol}LogoutRequest/{http://www.w3.org/2000/09/xmldsig#}Signature',
exc.details[0].path)
self.assertEqual('required key not provided', exc.details[0].message)
def test_missing_issuer(self):
# https://github.com/italia/spid-testenv2/issues/133
config = FakeConfig('http://localhost:8088/sso',
'http://localhost:8088/')
registry = FakeRegistry({
'http://localhost:8088/':
ServiceProviderMetadataFakeLoader(
[], [(0, 'http://localhost:3000/spid-sso')])
})
for binding, val in {
settings.BINDING_HTTP_POST: sample_requests.fake_signature,
settings.BINDING_HTTP_REDIRECT: ''
}.items():
request = FakeRequest(sample_requests.missing_issuer)
validator = SpidValidator('login', binding, registry, config)
with pytest.raises(UnknownEntityIDError) as excinfo:
request.saml_request = request.saml_request % (val)
validator.validate(request)
exc = excinfo.value
self.assertEqual('Issuer non presente nella AuthnRequest',
str(exc))
def test_wrong_destination(self):
# https://github.com/italia/spid-testenv2/issues/158
config = FakeConfig('http://localhost:9999/sso',
'http://localhost:9999/')
registry = FakeRegistry({
'https://localhost:8088/':
ServiceProviderMetadataFakeLoader(
[], [(0, 'http://localhost:3000/spid-sso')])
})
for binding, val in {
settings.BINDING_HTTP_POST: sample_requests.fake_signature,
settings.BINDING_HTTP_REDIRECT: ''
}.items():
validator = SpidValidator('login', binding, registry, config)
request = FakeRequest(sample_requests.wrong_destination)
with pytest.raises(SPIDValidationError) as excinfo:
request.saml_request = request.saml_request % (val)
validator.validate(request)
exc = excinfo.value
self.assertEqual(
'è diverso dal valore di riferimento http://localhost:9999/',
exc.details[0].message)