python3: variations encoding in idp.saml.saml2_endpoints

2020-02-06 18:24:27 +01:00 · 2020-02-06 18:24:27 +01:00 · 915d9e33ea
parent f9f358347f
commit 915d9e33ea
1 changed files with 8 additions and 7 deletions
--- a/src/authentic2/idp/saml/saml2_endpoints.py
+++ b/src/authentic2/idp/saml/saml2_endpoints.py
@ -178,14 +178,15 @@ def fill_assertion(request, saml_request, assertion, provider_id, nid_format):
        # a session duration, without that logout is broken as you can send
        # many session_index in a logout request but only one NameID
        keys = ''.join([request.session.session_key, provider_id, settings.SECRET_KEY])
-        transient_id_content = '_' + hashlib.sha1(keys).hexdigest().upper()
+        transient_id_content = '_' + hashlib.sha1(keys.encode('utf-8')).hexdigest().upper()
        assertion.subject.nameID.content = transient_id_content
    if nid_format == 'email':
        assert request.user.email, 'email is required when using the email NameID format'
        assertion.subject.nameID.content = request.user.email
    if nid_format == 'username':
        assert request.user.username, 'username field is required when using the username NameID format'
-        assertion.subject.nameID.content = request.user.username.encode('utf-8')
+        assertion.subject.nameID.content = force_text(
+                request.user.username.encode('utf-8'))
    if nid_format == 'uuid':
        assertion.subject.nameID.content = request.user.uuid
    if nid_format == 'edupersontargetedid':
@ -243,9 +244,9 @@ def add_attributes(request, assertion, provider):
        if (name, name_format) in attributes:
            continue
        attribute, value = attributes[(name, name_format)] = lasso.Saml2Attribute(), []
-        attribute.friendlyName = friendly_name.encode('utf-8')
-        attribute.name = name.encode('utf-8')
-        attribute.nameFormat = name_format.encode('utf-8')
+        attribute.friendlyName = force_text(friendly_name.encode('utf-8'))
+        attribute.name = force_text(name.encode('utf-8'))
+        attribute.nameFormat = force_text(name_format.encode('utf-8'))
    verified = set()
    for definition in qs:
        verified_attribute_name = definition.attribute_name + ':verified'
@ -263,9 +264,9 @@ def add_attributes(request, assertion, provider):

        # We keep only one friendly name
        if not attribute.friendlyName and friendly_name:
-            attribute.friendlyName = friendly_name.encode('utf-8')
+            attribute.friendlyName = force_text(friendly_name.encode('utf-8'))
        atv = lasso.Saml2AttributeValue()
-        tn = lasso.MiscTextNode.newWithString(value.encode('utf-8'))
+        tn = lasso.MiscTextNode.newWithString(force_text(value.encode('utf-8')))
        tn.textChild = True
        atv.any = [tn]
        values.append(atv)