views: handle ProfileInvalidMsgError when resolving an artifact (#10270)

This commit is contained in:
Benjamin Dauvergne 2016-03-11 15:23:09 +01:00
parent dba3f32c3a
commit 2aec7a3294
2 changed files with 36 additions and 0 deletions

View File

@ -191,6 +191,13 @@ class LoginView(LogMixin, View):
try:
login.processResponseMsg(result.content)
login.acceptSso()
except lasso.ProfileInvalidMsgError:
self.log.warning('ArtifactResolveResponse is malformed %r' % result.content[:200])
if settings.DEBUG:
return HttpResponseBadRequest('ArtififactResolveResponse is malformed\n%r' %
result.content)
else:
return HttpResponseBadRequest('ArtififactResolveResponse is malformed')
except lasso.ProfileCannotVerifySignatureError:
self.log.warning('SAML authentication failed: signature validation failed for %r',
login.remoteProviderId)

View File

@ -3,6 +3,9 @@ import mock
import lasso
from urlparse import parse_qs, urlparse
import base64
import random
import hashlib
from httmock import HTTMock
from django.core.urlresolvers import reverse
from django.core.exceptions import ImproperlyConfigured
@ -10,6 +13,7 @@ from django.utils.http import urlencode
from xml_utils import assert_xml_constraints
from utils import error_500, html_response
def test_null_character_on_samlresponse_post(app):
app.post(reverse('mellon_login'), {'SAMLResponse': '\x00'}, status=400)
@ -214,3 +218,28 @@ def test_malfortmed_artifact(private_settings, client, caplog):
response = client.get('/login/?SAMLart=xxx', status=400)
assert 'artifact is malformed' in response.content
assert 'artifact is malformed' in caplog.text()
@pytest.fixture
def artifact():
entity_id = 'https://cresson.entrouvert.org/idp/saml2/metadata'
token = 'x' * 20
return base64.b64encode('\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token)
def test_error_500_on_artifact_resolve(private_settings, client, caplog, artifact):
private_settings.MELLON_IDENTITY_PROVIDERS = [{
'METADATA': open('tests/metadata.xml').read(),
}]
with HTTMock(error_500):
response = client.get('/login/?SAMLart=%s' % artifact)
assert 'IdP returned 500' in caplog.text()
def test_invalid_msg_on_artifact_resolve(private_settings, client, caplog, artifact):
private_settings.MELLON_IDENTITY_PROVIDERS = [{
'METADATA': open('tests/metadata.xml').read(),
}]
with HTTMock(html_response):
response = client.get('/login/?SAMLart=%s' % artifact)
assert 'ArtifactResolveResponse is malformed' in caplog.text()