tests: add tests on SAML add_attributes (#41879)
autouse=True is removed from the `idp' fixture to prevent DB initialization for add_attributes tests.
This commit is contained in:
parent
ca62cf2ae6
commit
87b0eae371
|
@ -1,3 +1,4 @@
|
|||
# coding: utf-8
|
||||
# authentic2 - versatile identity manager
|
||||
# Copyright (C) 2010-2020 Entr'ouvert
|
||||
#
|
||||
|
@ -21,6 +22,7 @@ import datetime
|
|||
import base64
|
||||
|
||||
import pytest
|
||||
import mock
|
||||
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.core.urlresolvers import reverse
|
||||
|
@ -36,6 +38,8 @@ from authentic2.utils import make_url
|
|||
from authentic2.constants import NONCE_FIELD_NAME, SERVICE_FIELD_NAME
|
||||
from authentic2.models import Attribute
|
||||
from authentic2.custom_user.models import User
|
||||
from authentic2.idp.saml import saml2_endpoints
|
||||
from authentic2.saml.models import LibertyProvider, SAMLAttribute
|
||||
|
||||
import lasso
|
||||
import utils
|
||||
|
@ -68,7 +72,7 @@ def keys():
|
|||
return (cert, key)
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
@pytest.fixture()
|
||||
def idp(saml_settings, db, media):
|
||||
code_attribute = Attribute.objects.create(kind='string', name='code', label='Code')
|
||||
mobile_attribute = Attribute.objects.create(kind='string', name='mobile',
|
||||
|
@ -478,7 +482,7 @@ class Scenario(object):
|
|||
utils.assert_xpath_constraints(assertion_xml, constraints, namespaces)
|
||||
|
||||
|
||||
def test_sso_redirect_post(app, user):
|
||||
def test_sso_redirect_post(app, idp, user):
|
||||
scenario = Scenario(app, sp_kwargs=dict(binding='post'))
|
||||
scenario.launch_authn_request()
|
||||
scenario.login(user)
|
||||
|
@ -486,7 +490,7 @@ def test_sso_redirect_post(app, user):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_post_post(app, user):
|
||||
def test_sso_post_post(app, idp, user):
|
||||
scenario = Scenario(
|
||||
app,
|
||||
make_authn_request_kwargs={'method': lasso.HTTP_METHOD_POST},
|
||||
|
@ -497,7 +501,7 @@ def test_sso_post_post(app, user):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_redirect_artifact(app, user, keys):
|
||||
def test_sso_redirect_artifact(app, idp, user, keys):
|
||||
scenario = Scenario(app, sp_kwargs=dict(binding='artifact', keys=keys))
|
||||
scenario.launch_authn_request()
|
||||
scenario.login(user)
|
||||
|
@ -505,7 +509,7 @@ def test_sso_redirect_artifact(app, user, keys):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_cancel_redirect(app):
|
||||
def test_sso_cancel_redirect(app, idp):
|
||||
scenario = Scenario(app)
|
||||
scenario.launch_authn_request()
|
||||
scenario.cancel()
|
||||
|
@ -513,7 +517,7 @@ def test_sso_cancel_redirect(app):
|
|||
scenario.handle_post_response()
|
||||
|
||||
|
||||
def test_sso_no_name_id_policy_redirect(app, user):
|
||||
def test_sso_no_name_id_policy_redirect(app, idp, user):
|
||||
scenario = Scenario(app, make_authn_request_kwargs=dict(name_id_policy=False))
|
||||
scenario.launch_authn_request()
|
||||
scenario.login(user=user)
|
||||
|
@ -521,7 +525,7 @@ def test_sso_no_name_id_policy_redirect(app, user):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_nid_username(app, user):
|
||||
def test_sso_nid_username(app, idp, user):
|
||||
scenario = Scenario(app,
|
||||
sp_kwargs=dict(
|
||||
default_name_id_format='username'),
|
||||
|
@ -534,7 +538,7 @@ def test_sso_nid_username(app, user):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_nid_uuid(app, user):
|
||||
def test_sso_nid_uuid(app, idp, user):
|
||||
scenario = Scenario(app,
|
||||
sp_kwargs=dict(
|
||||
default_name_id_format='uuid'),
|
||||
|
@ -547,7 +551,7 @@ def test_sso_nid_uuid(app, user):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_authorized_role_ok(app, user):
|
||||
def test_sso_authorized_role_ok(app, idp, user):
|
||||
scenario = Scenario(app)
|
||||
scenario.sp.provider.add_authorized_role(scenario.sp.role_authorized)
|
||||
user.roles.add(scenario.sp.role_authorized)
|
||||
|
@ -557,9 +561,102 @@ def test_sso_authorized_role_ok(app, user):
|
|||
scenario.check_assertion(user=user)
|
||||
|
||||
|
||||
def test_sso_authorized_role_nok(app, user):
|
||||
def test_sso_authorized_role_nok(app, idp, user):
|
||||
scenario = Scenario(app)
|
||||
scenario.sp.provider.add_authorized_role(scenario.sp.role_authorized)
|
||||
scenario.launch_authn_request()
|
||||
scenario.login(user=user)
|
||||
assert scenario.idp_response.pyquery('a[href="%s"]' % 'https://whatever.com/loser/').text() == 'Back'
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def add_attributes(rf):
|
||||
with mock.patch('authentic2.idp.saml.saml2_endpoints.get_attribute_definitions') as get_definitions:
|
||||
with mock.patch('authentic2.idp.saml.saml2_endpoints.get_attributes') as get_attributes:
|
||||
request = rf.get('/')
|
||||
request.user = None
|
||||
assertion = lasso.Saml2Assertion()
|
||||
provider = LibertyProvider()
|
||||
|
||||
def func():
|
||||
saml2_endpoints.add_attributes(func.request, func.assertion, func.provider)
|
||||
return {
|
||||
at.name: set([
|
||||
''.join(force_text(mtn.dump()) for mtn in atv.any)
|
||||
for atv in at.attributeValue])
|
||||
for at in assertion.attributeStatement[0].attribute
|
||||
}
|
||||
|
||||
func.get_definitions = get_definitions
|
||||
func.get_attributes = get_attributes
|
||||
func.request = request
|
||||
func.assertion = assertion
|
||||
func.provider = provider
|
||||
|
||||
yield func
|
||||
|
||||
|
||||
def test_add_attributes_empty_assertion(add_attributes):
|
||||
'''Verify adding attributes to an otherwise empty assertion'''
|
||||
# setup
|
||||
add_attributes.get_attributes.return_value = {
|
||||
'first_name': ['Éléonore'],
|
||||
'last_name': ['Rigby'],
|
||||
}
|
||||
add_attributes.get_definitions.return_value = [
|
||||
SAMLAttribute(name_format='basic',
|
||||
name='prenom',
|
||||
attribute_name='first_name'),
|
||||
SAMLAttribute(name_format='basic',
|
||||
name='nom',
|
||||
attribute_name='last_name'),
|
||||
]
|
||||
|
||||
# run
|
||||
attributes = add_attributes()
|
||||
|
||||
# check
|
||||
assert attributes == {
|
||||
'nom': set(['Rigby']),
|
||||
'prenom': set(['Éléonore']),
|
||||
}
|
||||
|
||||
|
||||
def test_add_attributes_initialized_assertion(add_attributes):
|
||||
'''Verify existing assertion's attributes are preserved'''
|
||||
|
||||
# setup
|
||||
add_attributes.get_attributes.return_value = {
|
||||
'first_name': ['Éléonore'],
|
||||
'last_name': ['Rigby'],
|
||||
}
|
||||
add_attributes.get_definitions.return_value = [
|
||||
SAMLAttribute(name_format='basic',
|
||||
name='prenom',
|
||||
attribute_name='first_name'),
|
||||
SAMLAttribute(name_format='basic',
|
||||
name='nom',
|
||||
attribute_name='last_name'),
|
||||
]
|
||||
|
||||
assertion = add_attributes.assertion
|
||||
statement, = assertion.attributeStatement = [lasso.Saml2AttributeStatement()]
|
||||
attribute, = statement.attribute = [
|
||||
lasso.Saml2Attribute(),
|
||||
]
|
||||
attribute.name = 'prenom'
|
||||
attribute.nameFormat = lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC
|
||||
atv, = attribute.attributeValue = [lasso.Saml2AttributeValue()]
|
||||
mtn, = atv.any = [
|
||||
lasso.MiscTextNode.newWithString('coucou'),
|
||||
]
|
||||
mtn.textChild = True
|
||||
|
||||
# run
|
||||
attributes = add_attributes()
|
||||
|
||||
# check
|
||||
assert attributes == {
|
||||
'nom': set(['Rigby']),
|
||||
'prenom': set(['Éléonore', 'coucou']),
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue