Moved param 'http_method' of lasso_login_build_authn_request_msg() method

in lasso_login_init_authn_request() BEWARE : this change breaks the API
2004-08-21 17:12:21 +00:00 · 2004-08-21 17:12:21 +00:00 · 5dc6f94ffd
parent 87e3c2dbfc
commit 5dc6f94ffd
7 changed files with 42 additions and 31 deletions
--- a/lasso/id-ff/lecp.c
+++ b/lasso/id-ff/lecp.c
@ -183,7 +183,10 @@ lasso_lecp_init_authn_request(LassoLecp *lecp)

  g_return_val_if_fail(LASSO_IS_LECP(lecp), -1);

-  res = lasso_login_init_authn_request(LASSO_LOGIN(lecp));
+  /* FIXME : BAD usage of http_method
+     using POST method so that the lib:AuthnRequest is initialize with
+     a signature template */
+  res = lasso_login_init_authn_request(LASSO_LOGIN(lecp), lassoHttpMethodPost);

  return(res);
 }
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@ -518,7 +518,6 @@ lasso_login_build_artifact_msg(LassoLogin      *login,
 * lasso_login_build_authn_request_msg:
 * @login: a LassoLogin
 * @remote_providerID: the providerID of the identity provider
- * @http_method: the HTTP method to send the AuthnRequest (REDIRECT or POST)
 * 
 * Builds an authentication request. Depending of the SSO protocol profile of
 * the identity provider (defined in metadata file), the data for the sending of
@ -528,8 +527,7 @@ lasso_login_build_artifact_msg(LassoLogin      *login,
 **/
 gint
 lasso_login_build_authn_request_msg(LassoLogin      *login,
-				    const gchar     *remote_providerID,
-				    lassoHttpMethod  http_method)
+				    const gchar     *remote_providerID)
 {
  LassoProvider *provider, *remote_provider;
  xmlChar *md_authnRequestsSigned = NULL;
@ -543,10 +541,6 @@ lasso_login_build_authn_request_msg(LassoLogin      *login,

  g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ);
  g_return_val_if_fail(remote_providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
-  if (http_method != lassoHttpMethodRedirect && http_method != lassoHttpMethodPost) {
-    message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it must be REDIRECT or POST\n.");
-    return (LASSO_PARAM_ERROR_INVALID_VALUE);
-  }

  LASSO_PROFILE(login)->remote_providerID = g_strdup(remote_providerID);
  
@ -584,7 +578,7 @@ lasso_login_build_authn_request_msg(LassoLogin      *login,
    goto done;
  }
  
-  if (http_method == lassoHttpMethodRedirect) {
+  if (login->http_method == lassoHttpMethodRedirect) {
    /* REDIRECT -> query */
    if (must_sign) {
      query = lasso_node_export_to_query(LASSO_PROFILE(login)->request,
@ -610,7 +604,7 @@ lasso_login_build_authn_request_msg(LassoLogin      *login,
    LASSO_PROFILE(login)->msg_body = NULL;
    g_free(query);
  }
-  else if (http_method == lassoHttpMethodPost) {
+  else if (login->http_method == lassoHttpMethodPost) {
    /* POST -> formular */
    if (must_sign) {
      ret = lasso_samlp_request_abstract_sign_signature_tmpl(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request),
@ -774,20 +768,34 @@ lasso_login_dump(LassoLogin *login)
 }

 gint
-lasso_login_init_authn_request(LassoLogin *login)
+lasso_login_init_authn_request(LassoLogin      *login,
+			       lassoHttpMethod  http_method)
 {
  g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ);
+  if (http_method != lassoHttpMethodRedirect && http_method != lassoHttpMethodPost) {
+    message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it must be REDIRECT or POST\n.");
+    return (LASSO_PARAM_ERROR_INVALID_VALUE);
+  }

-  /* FIXME */
-  LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID,
-							  lassoSignatureTypeNone,
-							  0);
-  LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest;
+  login->http_method = http_method;
+
+  if (http_method == lassoHttpMethodPost) {
+    LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID,
+							    lassoSignatureTypeWithX509,
+							    lassoSignatureMethodRsaSha1);
+  }
+  else {
+    LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID,
+							    lassoSignatureTypeNone,
+							    0);    
+  }

  if (LASSO_PROFILE(login)->request == NULL) {
    return (-2);
  }

+  LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest;
+
  return (0);
 }

--- a/lasso/id-ff/login.h
+++ b/lasso/id-ff/login.h
@ -62,6 +62,7 @@ struct _LassoLogin {
  gchar *assertionArtifact;
  gchar *response_dump;
  /*< private >*/
+  lassoHttpMethod http_method;
  LassoLoginPrivate *private;
 };

@ -85,8 +86,7 @@ LASSO_EXPORT gint        lasso_login_build_artifact_msg          (LassoLogin
 								  lassoHttpMethod  http_method);

 LASSO_EXPORT gint        lasso_login_build_authn_request_msg     (LassoLogin      *login,
-								  const gchar     *remote_providerID,
-								  lassoHttpMethod  http_method);
+								  const gchar     *remote_providerID);

 LASSO_EXPORT gint        lasso_login_build_authn_response_msg    (LassoLogin  *login,
 								  gboolean     authentication_result,
@ -99,7 +99,8 @@ LASSO_EXPORT void        lasso_login_destroy                     (LassoLogin *lo

 LASSO_EXPORT gchar*      lasso_login_dump                        (LassoLogin *login);

-LASSO_EXPORT gint        lasso_login_init_authn_request          (LassoLogin  *login);
+LASSO_EXPORT gint        lasso_login_init_authn_request          (LassoLogin      *login,
+								  lassoHttpMethod  http_method);

 LASSO_EXPORT gint        lasso_login_init_from_authn_request_msg (LassoLogin      *login,
 								  gchar           *authn_request_msg,
--- a/python/lasso.py
+++ b/python/lasso.py
@ -472,9 +472,9 @@ class Login(_ObjectMixin, lassomod.LassoLogin, _ProfileChild):
        if errorCode:
            raise newError(errorCode, 'lasso_login_build_artifact_msg')

-    def build_authn_request_msg(self, remote_providerID, http_method):
+    def build_authn_request_msg(self, remote_providerID):
        errorCode = lassomod.lasso_login_build_authn_request_msg(
-            self, remote_providerID, http_method)
+            self, remote_providerID)
        if errorCode:
            raise newError(errorCode, 'lasso_login_build_authn_request_msg')

@ -493,8 +493,8 @@ class Login(_ObjectMixin, lassomod.LassoLogin, _ProfileChild):
    def dump(self):
        return lassomod.lasso_login_dump(self)

-    def init_authn_request(self):
-        errorCode = lassomod.lasso_login_init_authn_request(self)
+    def init_authn_request(self, http_method):
+        errorCode = lassomod.lasso_login_init_authn_request(self, http_method)
        if errorCode:
            raise newError(errorCode, 'lasso_login_init_authn_request')

--- a/python/tests/ServiceProvider.py
+++ b/python/tests/ServiceProvider.py
@ -223,7 +223,8 @@ class ServiceProviderMixin(Provider.ProviderMixin):
            return handler.respond(headers = headers, body = authnRequestEnvelopeMsg)
        else:
            login = lasso.Login(lassoServer)
-            login.init_authn_request()
+            login.init_authn_request(lasso.httpMethodRedirect)
+            #login.init_authn_request()
            failUnlessEqual(login.request_type, lasso.messageTypeAuthnRequest)
            if forceAuthn:
                login.request.set_forceAuthn(forceAuthn)
@ -233,7 +234,7 @@ class ServiceProviderMixin(Provider.ProviderMixin):
            login.request.set_consent(lasso.libConsentObtained)
            if relayState:
                login.request.set_relayState(relayState)
-            login.build_authn_request_msg(self.idpSite.providerId, lasso.httpMethodRedirect)
+            login.build_authn_request_msg(self.idpSite.providerId)
            authnRequestUrl = login.msg_url
            failUnless(authnRequestUrl)
            return handler.respondRedirectTemporarily(authnRequestUrl)
--- a/swig/Lasso.i
+++ b/swig/Lasso.i
@ -561,8 +561,7 @@ gint lasso_login_build_artifact_msg(LassoLogin *login, gint authentication_resul
 				    const gchar *reauthenticateOnOrAfter,
 				    lassoHttpMethod http_method);

-gint lasso_login_build_authn_request_msg(LassoLogin *login, const gchar *remote_providerID,
-					 lassoHttpMethod http_method);
+gint lasso_login_build_authn_request_msg(LassoLogin *login, const gchar *remote_providerID);

 gint lasso_login_build_authn_response_msg(LassoLogin  *login, gint authentication_result,
 					  const gchar *authenticationMethod,
@ -573,7 +572,7 @@ gint lasso_login_build_request_msg(LassoLogin *login);
 %newobject lasso_login_dump;
 gchar* lasso_login_dump(LassoLogin *login);

-gint lasso_login_init_authn_request(LassoLogin *login);
+gint lasso_login_init_authn_request(LassoLogin *login, lassoHttpMethod http_method);

 gint lasso_login_init_from_authn_request_msg(LassoLogin *login, gchar *authn_request_msg,
 					     lassoHttpMethod  authn_request_http_method);
--- a/tests/login_tests.c
+++ b/tests/login_tests.c
@ -104,7 +104,7 @@ START_TEST(test02_serviceProviderLogin)
 	spLoginContext = lasso_login_new(spContext);
 	fail_unless(spLoginContext != NULL,
 			"lasso_login_new() shouldn't have returned NULL");
-	rc = lasso_login_init_authn_request(spLoginContext);
+	rc = lasso_login_init_authn_request(spLoginContext, lassoHttpMethodRedirect);
 	fail_unless(rc == 0, "lasso_login_init_authn_request failed");
 	fail_unless(LASSO_PROFILE(spLoginContext)->request_type == \
 			lassoMessageTypeAuthnRequest, "request_type should be AuthnRequest");
@ -115,8 +115,7 @@ START_TEST(test02_serviceProviderLogin)
 	lasso_lib_authn_request_set_consent(request, lassoLibConsentObtained);
 	relayState = "fake";
 	lasso_lib_authn_request_set_relayState(request, "fake");
-	rc = lasso_login_build_authn_request_msg(spLoginContext, "https://idp1/metadata",
-						 lassoHttpMethodRedirect);
+	rc = lasso_login_build_authn_request_msg(spLoginContext, "https://idp1/metadata");
 	fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
 	authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
 	fail_unless(authnRequestUrl != NULL,