tests: check registration page behaviour when configured with saml
This commit is contained in:
parent
41b77e7c74
commit
4fe81c600d
|
@ -16,7 +16,7 @@ from wcs.qommon.saml2 import Saml2Directory
|
|||
from wcs.qommon.ident.idp import MethodAdminDirectory, AdminIDPDir
|
||||
from wcs.qommon import sessions, x509utils
|
||||
|
||||
from utilities import create_temporary_pub
|
||||
from utilities import get_app, create_temporary_pub
|
||||
|
||||
pytestmark = pytest.mark.skipif('lasso is None')
|
||||
|
||||
|
@ -37,7 +37,8 @@ def setup_module(module):
|
|||
global pub
|
||||
pub = create_temporary_pub()
|
||||
|
||||
def setup_environment():
|
||||
def setup_environment(idp_number=1):
|
||||
pub.cfg = {}
|
||||
pub.cfg['sp'] = {
|
||||
'base_url': 'http://example.net/liberty',
|
||||
'providerid': 'http://example.net/liberty/metadata',
|
||||
|
@ -47,29 +48,36 @@ def setup_environment():
|
|||
}
|
||||
MethodAdminDirectory().generate_rsa_keypair()
|
||||
|
||||
# generate a pair of keys for the mocking idp server
|
||||
idp_publickey, idp_privatekey = x509utils.generate_rsa_keypair()
|
||||
pub.cfg['idp'] = {
|
||||
'http-sso.example.net-saml2-metadata': {
|
||||
'metadata': 'idp-http-sso.example.net-saml2-metadata-metadata.xml',
|
||||
'publickey': 'idp-http-sso.example.net-saml2-metadata-publickey.pem',
|
||||
pub.cfg['idp'] = {}
|
||||
for i in range(idp_number):
|
||||
# generate a pair of keys for the mocking idp server
|
||||
idp_publickey, idp_privatekey = x509utils.generate_rsa_keypair()
|
||||
metadata = IDP_METADATA
|
||||
if i == 0:
|
||||
base_id = 'http-sso.example.net-saml2-metadata'
|
||||
else:
|
||||
base_id = 'http-sso%s.example.net-saml2-metadata' % i
|
||||
metadata = IDP_METADATA.replace('sso.example.net',
|
||||
'sso%d.example.net' % i)
|
||||
pub.cfg['idp'][base_id] = {
|
||||
'metadata': 'idp-%s-metadata.xml' % base_id,
|
||||
'publickey': 'idp-%s-publickey.pem' % base_id,
|
||||
'role': lasso.PROVIDER_ROLE_IDP,
|
||||
}
|
||||
}
|
||||
filename = pub.cfg['idp']['http-sso.example.net-saml2-metadata']['metadata']
|
||||
fd = file(os.path.join(pub.app_dir, filename), 'w')
|
||||
fd.write(IDP_METADATA)
|
||||
fd.close()
|
||||
filename = pub.cfg['idp'][base_id]['metadata']
|
||||
fd = file(os.path.join(pub.app_dir, filename), 'w')
|
||||
fd.write(metadata)
|
||||
fd.close()
|
||||
|
||||
filename = pub.cfg['idp']['http-sso.example.net-saml2-metadata']['publickey']
|
||||
fd = file(os.path.join(pub.app_dir, filename), 'w')
|
||||
fd.write(idp_publickey)
|
||||
fd.close()
|
||||
filename = pub.cfg['idp'][base_id]['publickey']
|
||||
fd = file(os.path.join(pub.app_dir, filename), 'w')
|
||||
fd.write(idp_publickey)
|
||||
fd.close()
|
||||
|
||||
filename = pub.cfg['idp']['http-sso.example.net-saml2-metadata']['publickey'].replace('public', 'private')
|
||||
fd = file(os.path.join(pub.app_dir, filename), 'w')
|
||||
fd.write(idp_privatekey)
|
||||
fd.close()
|
||||
filename = pub.cfg['idp'][base_id]['publickey'].replace('public', 'private')
|
||||
fd = file(os.path.join(pub.app_dir, filename), 'w')
|
||||
fd.write(idp_privatekey)
|
||||
fd.close()
|
||||
|
||||
pub.write_cfg()
|
||||
|
||||
|
@ -180,3 +188,44 @@ def test_assertion_consumer_redirect_after_url():
|
|||
saml_response_body = req.form['SAMLResponse']
|
||||
body = saml2.assertionConsumerPost()
|
||||
assert req.response.headers['location'] == 'http://example.net/foobar'
|
||||
|
||||
def test_saml_login_page():
|
||||
setup_environment()
|
||||
resp = get_app(pub).get('/login/')
|
||||
assert resp.status_int == 302
|
||||
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
|
||||
|
||||
def test_saml_login_page_several_idp():
|
||||
setup_environment(idp_number=4)
|
||||
# even if there are multiple IdP, /login/ will initiate SSO with the first
|
||||
# one.
|
||||
resp = get_app(pub).get('/login/')
|
||||
assert resp.status_int == 302
|
||||
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
|
||||
|
||||
def test_saml_register():
|
||||
setup_environment()
|
||||
get_app(pub).get('/register/', status=404)
|
||||
pub.cfg['saml_identities'] = {'identity-creation': 'self'}
|
||||
pub.write_cfg()
|
||||
|
||||
# if there's no specific registration URL, this initiates a SSO and there
|
||||
# should be a registration link on the identity provider
|
||||
resp = get_app(pub).get('/register/')
|
||||
assert resp.location == 'http://example.net/login/'
|
||||
resp = resp.follow()
|
||||
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
|
||||
|
||||
# check redirection to known registration page
|
||||
pub.cfg['saml_identities'] = {'identity-creation': 'self',
|
||||
'registration-url': 'http://sso.example.net/registration'}
|
||||
pub.write_cfg()
|
||||
resp = get_app(pub).get('/register/')
|
||||
assert resp.location == 'http://sso.example.net/registration'
|
||||
|
||||
# check redirection to known registration page, with a variable
|
||||
pub.cfg['saml_identities'] = {'identity-creation': 'self',
|
||||
'registration-url': 'http://sso.example.net/registration?next_url=[next_url]'}
|
||||
pub.write_cfg()
|
||||
resp = get_app(pub).get('/register/')
|
||||
assert resp.location == 'http://sso.example.net/registration?next_url=http%3A%2F%2Fexample.net%2Fregister%2F'
|
||||
|
|
Loading…
Reference in New Issue