From a3bc08789015145c7ace31c3ff47417ab784dc11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Wed, 9 Mar 2016 08:59:16 +0100
Subject: [PATCH] misc: fix passing of RequestedAuthnContext (#10243)

---
 mellon/views.py     |  4 ++--
 tests/test_views.py | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/mellon/views.py b/mellon/views.py
index c8b7a59..f2ba26b 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -262,9 +262,9 @@ class LoginView(LogMixin, View):
             # configure requested AuthnClassRef
             authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
             if authn_classref:
-                req_authncontext = lasso.RequestedAuthnContext()
+                req_authncontext = lasso.Samlp2RequestedAuthnContext()
                 authn_request.requestedAuthnContext = req_authncontext
-                req_authncontext.authnContextClassRef = authn_classref
+                req_authncontext.authnContextClassRef = tuple(authn_classref)
             if next_url and utils.is_nonnull(next_url):
                 login.msgRelayState = next_url
             login.buildAuthnRequestMsg()
diff --git a/tests/test_views.py b/tests/test_views.py
index aaadd1d..f4800d1 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -186,3 +186,22 @@ def test_sp_initiated_login_chosen(private_settings, client):
     assert len(params['SAMLRequest']) == 1
     assert base64.b64decode(params['SAMLRequest'][0])
     assert params['RelayState'] == ['/whatever']
+
+
+def test_sp_initiated_login_requested_authn_context(private_settings, client):
+    private_settings.MELLON_IDENTITY_PROVIDERS = [{
+        'METADATA': open('tests/metadata.xml').read(),
+        'AUTHN_CLASSREF': ['urn:be:fedict:iam:fas:citizen:eid',
+                           'urn:be:fedict:iam:fas:citizen:token'],
+    }]
+    response = client.get('/login/')
+    assert response.status_code == 302
+    params = parse_qs(urlparse(response['Location']).query)
+    assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
+    assert params.keys() == ['SAMLRequest']
+    assert len(params['SAMLRequest']) == 1
+    assert base64.b64decode(params['SAMLRequest'][0])
+    request = lasso.Samlp2AuthnRequest()
+    assert request.initFromQuery(urlparse(response['Location']).query)
+    assert request.requestedAuthnContext.authnContextClassRef == (
+            'urn:be:fedict:iam:fas:citizen:eid', 'urn:be:fedict:iam:fas:citizen:token')