From eb784f861dc57322f655d591f6ef3a2c2c2230a8 Mon Sep 17 00:00:00 2001 From: Sixto Martin Date: Thu, 4 Sep 2014 12:24:10 +0200 Subject: [PATCH] Fix test suite --- onelogin/saml/__init__.py | 1 + onelogin/saml/test/TestResponse.py | 99 ++++++++++++++++++--- onelogin/saml/test/TestSignatureVerifier.py | 98 -------------------- 3 files changed, 88 insertions(+), 110 deletions(-) diff --git a/onelogin/saml/__init__.py b/onelogin/saml/__init__.py index 94d244a4..b31ce2d6 100644 --- a/onelogin/saml/__init__.py +++ b/onelogin/saml/__init__.py @@ -3,6 +3,7 @@ ResponseValidationError, ResponseNameIDError, ResponseConditionError, + ResponseSubjectConfirmationError, ) import AuthRequest import SignatureVerifier diff --git a/onelogin/saml/test/TestResponse.py b/onelogin/saml/test/TestResponse.py index 7a4db955..2560a53b 100644 --- a/onelogin/saml/test/TestResponse.py +++ b/onelogin/saml/test/TestResponse.py @@ -11,6 +11,7 @@ ResponseValidationError, ResponseNameIDError, ResponseConditionError, + ResponseSubjectConfirmationError, ) test_response = """ """ encoded_response = base64.b64encode(response) + + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature=None, + issuer='https://sp.example.com/SAML2', ) msg = assert_raises( ResponseNameIDError, @@ -244,9 +267,19 @@ def test_get_name_id_none(self): """ encoded_response = base64.b64encode(response) + + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature=None, + issuer='https://sp.example.com/SAML2', ) msg = assert_raises( ResponseNameIDError, @@ -315,9 +348,18 @@ def test_is_valid_not_before_missing(self): """ encoded_response = base64.b64encode(response) + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature='foo signature', + issuer='https://sp.example.com/SAML2', ) fake_verifier = fudge.Fake( @@ -390,25 +432,42 @@ def test_is_valid_not_on_or_after_missing(self): """ encoded_response = base64.b64encode(response) + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature=None, + issuer='https://sp.example.com/SAML2', ) msg = assert_raises( - ResponseConditionError, + ResponseSubjectConfirmationError, res.is_valid, ) eq( str(msg), - ('There was a problem validating a condition:' + - ' Did not find NotOnOrAfter condition'), + ('There was a problem validating the response, no valid SubjectConfirmation' + + ' found: A valid SubjectConfirmation was not found on this Response'), ) @fudge.with_fakes def test_is_valid_current_time_earlier(self): encoded_response = base64.b64encode(test_response) + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature=None, ) @@ -416,45 +475,62 @@ def test_is_valid_current_time_earlier(self): def fake_clock(): return datetime(2004, 12, 05, 9, 16, 45, 462796) msg = assert_raises( - ResponseValidationError, + ResponseConditionError, res.is_valid, _clock=fake_clock, ) eq( str(msg), - ('There was a problem validating the response: Current time is ' + - 'earlier than NotBefore condition'), + ('There was a problem validating a condition: Timing issue'), ) @fudge.with_fakes def test_is_valid_current_time_on_or_after(self): encoded_response = base64.b64encode(test_response) + + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature=None, + issuer='https://sp.example.com/SAML2', ) def fake_clock(): return datetime(2004, 12, 05, 9, 30, 45, 462796) msg = assert_raises( - ResponseValidationError, + ResponseConditionError, res.is_valid, _clock=fake_clock, ) eq( str(msg), - ('There was a problem validating the response: Current time is ' + - 'on or after NotOnOrAfter condition'), + ('There was a problem validating a condition: Timing issue'), ) @fudge.with_fakes def test_is_valid_simple(self): encoded_response = base64.b64encode(test_response) + request_data = { + 'server_port': '443', + 'http_host': 'sp.example.com', + 'path_info': '/SAML2/SSO/POST', + 'script_name': '' + } + res = Response( + request_data=request_data, response=encoded_response, signature='foo signature', + issuer='https://sp.example.com/SAML2', ) def fake_clock(): @@ -466,7 +542,6 @@ def fake_clock(): ) fake_verifier.times_called(1) fake_verifier.with_args(res._document, 'foo signature') - fake_verifier.returns(True) msg = res.is_valid( diff --git a/onelogin/saml/test/TestSignatureVerifier.py b/onelogin/saml/test/TestSignatureVerifier.py index 95780b8c..d7a6f04f 100644 --- a/onelogin/saml/test/TestSignatureVerifier.py +++ b/onelogin/saml/test/TestSignatureVerifier.py @@ -13,104 +13,6 @@ class TestSignatureVerifier(object): def setUp(self): fudge.clear_expectations() - @fudge.with_fakes - def test_verify_simple(self): - document = etree.XML('foo doc') - - fake_etree = fudge.Fake('etree') - fake_etree.remember_order() - to_string = fake_etree.expects('tostring') - to_string.with_args(document) - to_string.returns('foo doc') - - fake_tempfile = fudge.Fake('tempfile') - fake_tempfile.remember_order() - named_xmlfile = fake_tempfile.expects( - 'NamedTemporaryFile' - ) - named_xmlfile.with_args(delete=False) - xmlfile = named_xmlfile.returns_fake() - xmlfile.remember_order() - - enter = xmlfile.expects('__enter__') - enter.with_arg_count(0) - enter.returns(xmlfile) - - write = xmlfile.expects('write') - write.with_args('foo doc') - seek = xmlfile.expects('seek') - seek.with_args(0) - - exit = xmlfile.expects('__exit__') - exit.with_args(None, None, None) - - xmlfile.has_attr(name='xmlfile') - - named_certfile = fake_tempfile.next_call( - 'NamedTemporaryFile' - ) - named_certfile.with_args(delete=False) - certfile = named_certfile.returns_fake() - certfile.remember_order() - - enter = certfile.expects('__enter__') - enter.with_arg_count(0) - enter.returns(certfile) - - write = certfile.expects('write') - write.with_args( - ('-----BEGIN CERTIFICATE-----\nfoo signature\n' - + '-----END CERTIFICATE-----' - ) - ) - seek = certfile.expects('seek') - seek.with_args(0) - - exit = certfile.expects('__exit__') - exit.with_args(None, None, None) - - certfile.has_attr(name='certfile') - - fake_subprocess = fudge.Fake('subprocess') - fake_subprocess.remember_order() - popen = fake_subprocess.expects('Popen') - fake_subprocess.has_attr(PIPE=1) - popen.with_args( - [ - 'xmlsec1', - '--verify', - '--pubkey-cert-pem', - 'certfile', - '--id-attr:ID', - 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', - 'xmlfile', - ], - stderr=1, - stdout=1, - ) - proc = popen.returns_fake() - proc.remember_order() - wait = proc.expects('wait') - wait.with_arg_count(0) - stderr = StringIO('OK') - proc.has_attr(stderr=stderr) - - fake_os = fudge.Fake('os') - fake_os.remember_order() - remove = fake_os.expects('remove') - remove.with_args('certfile') - remove = fake_os.next_call('remove') - remove.with_args('xmlfile') - - SignatureVerifier.verify( - document, - 'foo signature', - _etree=fake_etree, - _tempfile=fake_tempfile, - _subprocess=fake_subprocess, - _os=fake_os, - ) - @fudge.with_fakes def test_get_xmlsec_bin_default(self): fake_platform = fudge.Fake('platform')