def test_process_response_replay(mock_time_and_id):
with open(os.path.join(BASEDIR, 'samlresponse.txt')) as fd:
post = dict(urllib.parse.parse_qsl(fd.read()))
# set a time when this response was still valid
mock_time_and_id.return_value = 1549304000
entity_id = 'https://samldemo.iamdev.s.uw.edu/saml'
acs_url = 'https://samldemo.iamdev.s.uw.edu/saml/login'
attributes = uw_saml2.process_response(post,
entity_id=entity_id,
acs_url=acs_url)
with pytest.raises(uw_saml2.auth.SamlResponseError) as excinfo:
attributes = uw_saml2.process_response(post,
entity_id=entity_id,
acs_url=acs_url)
assert 'replay' in str(excinfo.value).lower()
def test_process_response():
post = {
'idp': 'urn:mace:incommon:washington.edu',
'remote_user': '******',
'uwnetid': 'javerage'
}
expected = {'two_factor': False, **post}
assert uw_saml2.process_response(post) == expected
def process_saml_request(self, request: Request, session: LocalProxy,
**kwargs):
dest_url = request.form.get("RelayState") or request.host_url
post_args: Dict = request.form.copy()
post_args.setdefault("RelayState", request.host_url)
remote_ip = request.headers.get("X-Forwarded-For")
self.logger.info(
f"Processing SAML POST request from {remote_ip} to access {dest_url} with POST: {post_args}"
)
attributes = uw_saml2.process_response(post_args, **kwargs)
session["uwnetid"] = attributes["uwnetid"]
self.logger.info(f"Signed in user {session['uwnetid']}")
return redirect(dest_url)
def login():
"""
Process a SAML Response, and set the uwnetid and groups on the session.
"""
session.clear()
if request.method == 'GET':
return login_redirect()
args = _saml_args()
attributes = uw_saml2.process_response(request.form, **args)
session['userid'] = attributes['uwnetid']
session['groups'] = attributes.get('groups', [])
session['has_2fa'] = attributes.get('two_factor')
relay_state = request.form.get('RelayState')
if relay_state and relay_state.startswith('/'):
return redirect(urljoin(request.url_root, request.form['RelayState']))
return status()
def test_process_response(mock_time_and_id):
"""
Take a once-valid SAML Response, mock the time to when it was valid,
validate the response, and compare the attributes.
"""
with open(os.path.join(BASEDIR, 'samlresponse.txt')) as fd:
post = dict(urllib.parse.parse_qsl(fd.read()))
# set a time when this response was still valid
mock_time_and_id.return_value = 1549304000
entity_id = 'https://samldemo.iamdev.s.uw.edu/saml'
acs_url = 'https://samldemo.iamdev.s.uw.edu/saml/login'
attributes = uw_saml2.process_response(post,
entity_id=entity_id,
acs_url=acs_url)
expected_attributes = {
'affiliations': ['student', 'member'],
'eppn': '*****@*****.**',
'groups': ['u_jpf_test-saml'],
'scoped_affiliations':
['*****@*****.**', '*****@*****.**'],
'two_factor': False,
'uwnetid': 'idtest55'
}
assert attributes == expected_attributes
def test_process_respose_error():
post = {'idp': 'badidp', 'foo': 'bar'}
with pytest.raises(uw_saml2.SamlResponseError):
uw_saml2.process_response(post)