|
|
|
@ -644,7 +644,7 @@ def test_sso_slo_pass_login_hints_always_backoffice(db, app, idp, caplog, sp_set
|
|
|
|
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
|
|
|
|
root = ET.fromstring(idp.request)
|
|
|
|
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
|
|
|
|
assert len(login_hints) == 1, 'missing login hint'
|
|
|
|
|
assert len(login_hints) == 2, 'missing login hint'
|
|
|
|
|
assert login_hints[0].text == 'backoffice', 'login hint is not backoffice'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -655,23 +655,40 @@ def test_sso_slo_pass_login_hints_backoffice(db, app, idp, caplog, sp_settings):
|
|
|
|
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
|
|
|
|
root = ET.fromstring(idp.request)
|
|
|
|
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
|
|
|
|
assert len(login_hints) == 0
|
|
|
|
|
assert len(login_hints) == 1
|
|
|
|
|
|
|
|
|
|
response = app.get(reverse('mellon_login') + '?next=/whatever/')
|
|
|
|
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
|
|
|
|
root = ET.fromstring(idp.request)
|
|
|
|
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
|
|
|
|
assert len(login_hints) == 0
|
|
|
|
|
assert len(login_hints) == 1
|
|
|
|
|
|
|
|
|
|
for next_url in ['/manage/', '/admin/', '/manager/']:
|
|
|
|
|
response = app.get(reverse('mellon_login') + '?next=%s' % next_url)
|
|
|
|
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
|
|
|
|
root = ET.fromstring(idp.request)
|
|
|
|
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
|
|
|
|
assert len(login_hints) == 1, 'missing login hint'
|
|
|
|
|
assert len(login_hints) == 2, 'missing login hint'
|
|
|
|
|
assert login_hints[0].text == 'backoffice', 'login hint is not backoffice'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_sso_slo_login_hints_orig_path(db, app, idp, caplog, sp_settings):
|
|
|
|
|
sp_settings.MELLON_LOGIN_HINTS = []
|
|
|
|
|
response = app.get(reverse('mellon_login'))
|
|
|
|
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
|
|
|
|
root = ET.fromstring(idp.request)
|
|
|
|
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
|
|
|
|
assert len(login_hints) == 1
|
|
|
|
|
assert login_hints[0].text == 'orig_path:/'
|
|
|
|
|
|
|
|
|
|
response = app.get(reverse('mellon_login') + '?next=/foo/bar/')
|
|
|
|
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
|
|
|
|
root = ET.fromstring(idp.request)
|
|
|
|
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
|
|
|
|
assert len(login_hints) == 1
|
|
|
|
|
assert login_hints[0].text == 'orig_path:/foo/bar/'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_passive_auth_middleware_ok(db, app, idp, caplog, settings):
|
|
|
|
|
settings.MELLON_OPENED_SESSION_COOKIE_NAME = 'IDP_SESSION'
|
|
|
|
|
assert 'MELLON_PASSIVE_TRIED' not in app.cookies
|
|
|
|
|