summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2019-03-25 14:12:50 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2019-03-25 14:24:13 (GMT)
commitb640f5b33438c444e76dda9433397e1b3c5587f7 (patch)
tree05a5a41b6135c49eb68eb766d21a7eeafd33426e
parent99a60c1d8886e0e972c7716aa5649e5b6294606b (diff)
downloaddjango-mellon-b640f5b33438c444e76dda9433397e1b3c5587f7.zip
django-mellon-b640f5b33438c444e76dda9433397e1b3c5587f7.tar.gz
django-mellon-b640f5b33438c444e76dda9433397e1b3c5587f7.tar.bz2
tests: test failed request path with artifact (#31690)v1.2.41
-rw-r--r--tests/test_sso_slo.py31
1 files changed, 29 insertions, 2 deletions
diff --git a/tests/test_sso_slo.py b/tests/test_sso_slo.py
index cd5a795..42721df 100644
--- a/tests/test_sso_slo.py
+++ b/tests/test_sso_slo.py
@@ -61,7 +61,7 @@ class MockIdp(object):
self.server = server = lasso.Server.newFromBuffers(idp_metadata, private_key)
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, sp_metadata)
- def process_authn_request_redirect(self, url, auth_result=True, consent=True):
+ def process_authn_request_redirect(self, url, auth_result=True, consent=True, msg=None):
login = lasso.Login(self.server)
login.processAuthnRequestMsg(url.split('?', 1)[1])
# See
@@ -86,6 +86,8 @@ class MockIdp(object):
"FIXME",
"FIXME",
"FIXME")
+ if not auth_result and msg:
+ login.response.status.statusMessage = msg
if login.protocolProfile == lasso.LOGIN_PROTOCOL_PROFILE_BRWS_ART:
login.buildArtifactMsg(lasso.HTTP_METHOD_ARTIFACT_GET)
self.artifact = login.artifact
@@ -147,7 +149,10 @@ def test_sso(db, app, idp, caplog, sp_settings):
def test_sso_request_denied(db, app, idp, caplog, sp_settings):
response = app.get(reverse('mellon_login'))
- url, body, relay_state = idp.process_authn_request_redirect(response['Location'], auth_result=False)
+ url, body, relay_state = idp.process_authn_request_redirect(
+ response['Location'],
+ auth_result=False,
+ msg=u'User is not allowed to login')
assert not relay_state
assert url.endswith(reverse('mellon_login'))
response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state})
@@ -159,6 +164,28 @@ def test_sso_request_denied(db, app, idp, caplog, sp_settings):
u'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text
+def test_sso_request_denied_artifact(db, app, caplog, sp_settings, idp_metadata, idp_private_key, rf):
+ sp_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact'
+ request = rf.get('/')
+ sp_metadata = create_metadata(request)
+ idp = MockIdp(idp_metadata, idp_private_key, sp_metadata)
+ response = app.get(reverse('mellon_login'))
+ url, body, relay_state = idp.process_authn_request_redirect(
+ response['Location'],
+ auth_result=False,
+ msg=u'User is not allowed to login')
+ assert not relay_state
+ assert body is None
+ assert reverse('mellon_login') in url
+ assert 'SAMLart' in url
+ acs_artifact_url = url.split('testserver', 1)[1]
+ with HTTMock(idp.mock_artifact_resolver()):
+ response = app.get(acs_artifact_url, params={'RelayState': relay_state})
+ assert "status is not success codes: ['urn:oasis:names:tc:SAML:2.0:status:Responder',\
+ 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text
+ assert 'User is not allowed to login' in response
+
+
def test_sso_artifact(db, app, caplog, sp_settings, idp_metadata, idp_private_key, rf):
sp_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact'
request = rf.get('/')