views: show debug login view on lasso exception (#68962)

2022-09-14 13:53:49 +02:00 · 2022-09-14 13:53:49 +02:00 · a7a3582c97
parent 98783c8574
commit a7a3582c97
2 changed files with 20 additions and 1 deletions
--- a/mellon/views.py
+++ b/mellon/views.py
@ -231,6 +231,8 @@ class LoginView(ProfileMixin, LogMixin, View):
        ):
            self.show_message_status_is_not_success(login, 'SAML authentication failed')
        except lasso.Error as e:
+            if self.debug_login:
+                return self.render_debug_template(request, login)
            return HttpResponseBadRequest('error processing the authentication response: %r' % e)
        else:
            if 'RelayState' in request.POST and utils.is_nonnull(request.POST['RelayState']):
@ -315,7 +317,7 @@ class LoginView(ProfileMixin, LogMixin, View):

        return HttpResponseRedirect(next_url)

-    def render_debug_template(self, request, login, attributes):
+    def render_debug_template(self, request, login, attributes=None):
        request.session['mellon_debug_login'] = False
        context = {
            'logs': self.stream.getvalue(),
--- a/tests/test_sso_slo.py
+++ b/tests/test_sso_slo.py
@ -21,6 +21,7 @@ import urllib.parse as urlparse
 import xml.etree.ElementTree as ET
 import zlib
 from html import unescape
+from unittest import mock

 import lasso
 import pytest
@ -776,6 +777,22 @@ def test_debug_sso(db, app, idp, caplog, sp_settings, settings):
    assert '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"' in caplog.text


+def test_debug_sso_on_exception(db, app, idp, caplog, sp_settings, settings):
+    settings.DEBUG = True
+    response = app.get(reverse('mellon_debug_login') + '?next=/whatever/')
+    response = response.follow()
+    url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
+
+    def lasso_error(*args, **kwargs):
+        raise lasso.Error
+
+    with mock.patch('lasso.Login.acceptSso', side_effect=lasso_error):
+        response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state})
+
+    response_text = unescape(response.text)
+    assert '<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"' in response_text
+
+
 def test_nonce(db, app, idp, caplog, sp_settings):
    response = app.get(reverse('mellon_login') + '?nonce=1234')
    url, body, relay_state = idp.process_authn_request_redirect(response['Location'])