diff options
| author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-11-25 23:50:29 -0800 |
|---|---|---|
| committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-11-25 23:50:29 -0800 |
| commit | 8e85b5bcaead1f99dcdae050c94524a30f1e3d01 (patch) | |
| tree | 61ccf7663bc159e17e108bf34f7a3b3591eb9547 | |
| parent | 5e0d3f13a2f36f3b5a9aa09d3b9f041bb99e43db (diff) | |
| parent | ecd5dc54c651b890fb350129236725c979cea9d3 (diff) | |
| download | pysaml2-8e85b5bcaead1f99dcdae050c94524a30f1e3d01.tar.gz | |
Merge pull request #68 from arbn/master
Pluralizes return_addr verification
| -rw-r--r-- | src/saml2/client_base.py | 20 | ||||
| -rw-r--r-- | src/saml2/entity.py | 6 | ||||
| -rw-r--r-- | src/saml2/request.py | 4 | ||||
| -rw-r--r-- | src/saml2/response.py | 58 |
4 files changed, 44 insertions, 44 deletions
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index 9dcaab4b..706faca3 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -195,10 +195,10 @@ class Base(Entity): """ return True - def service_url(self, binding=BINDING_HTTP_POST): + def service_urls(self, binding=BINDING_HTTP_POST): _res = self.config.endpoint("assertion_consumer_service", binding, "sp") if _res: - return _res[0] + return _res else: return None @@ -231,9 +231,9 @@ class Base(Entity): args = {} try: - args["assertion_consumer_service_url"] = kwargs[ - "assertion_consumer_service_url"] - del kwargs["assertion_consumer_service_url"] + args["assertion_consumer_service_urls"] = kwargs[ + "assertion_consumer_service_urls"] + del kwargs["assertion_consumer_service_urls"] except KeyError: try: args["attribute_consuming_service_index"] = str(kwargs[ @@ -241,10 +241,10 @@ class Base(Entity): del kwargs["attribute_consuming_service_index"] except KeyError: if service_url_binding is None: - service_url = self.service_url(binding) + service_urls = self.service_urls(binding) else: - service_url = self.service_url(service_url_binding) - args["assertion_consumer_service_url"] = service_url + service_urls = self.service_urls(service_url_binding) + args["assertion_consumer_service_urls"] = service_urls try: args["provider_name"] = kwargs["provider_name"] @@ -508,7 +508,7 @@ class Base(Entity): "outstanding_queries": outstanding, "allow_unsolicited": self.allow_unsolicited, "want_assertions_signed": self.want_assertions_signed, - "return_addr": self.service_url(), + "return_addrs": self.service_urls(), "entity_id": self.config.entityid, "attribute_converters": self.config.attribute_converters, "allow_unknown_attributes": self.config.allow_unknown_attributes, @@ -608,7 +608,7 @@ class Base(Entity): # ---------------------------------------- # <paos:Request> # ---------------------------------------- - my_url = self.service_url(BINDING_PAOS) + my_url = self.service_urls(BINDING_PAOS)[0] # must_understand and act according to the standard # diff --git a/src/saml2/entity.py b/src/saml2/entity.py index d7a13150..6d83b117 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -773,12 +773,12 @@ class Entity(HTTPBase): kwargs["asynchop"] = True if xmlstr: - if "return_addr" not in kwargs: + if "return_addrs" not in kwargs: if binding in [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST]: try: # expected return address - kwargs["return_addr"] = self.config.endpoint( - service, binding=binding)[0] + kwargs["return_addrs"] = self.config.endpoint( + service, binding=binding) except Exception: logger.info("Not supposed to handle this!") return None diff --git a/src/saml2/request.py b/src/saml2/request.py index 0df0d24c..c6804344 100644 --- a/src/saml2/request.py +++ b/src/saml2/request.py @@ -77,7 +77,7 @@ class Request(object): assert self.message.version == "2.0" if self.message.destination and \ self.message.destination not in self.receiver_addrs: - logger.error("%s != %s" % (self.message.destination, + logger.error("%s not in %s" % (self.message.destination, self.receiver_addrs)) raise OtherError("Not destined for me!") @@ -232,4 +232,4 @@ SERVICE2REQUEST = { "name_id_mapping_service": NameIDMappingRequest, #"artifact_resolve_service": ArtifactResolve, "single_logout_service": LogoutRequest -}
\ No newline at end of file +} diff --git a/src/saml2/response.py b/src/saml2/response.py index 005a0dfa..4c30cff4 100644 --- a/src/saml2/response.py +++ b/src/saml2/response.py @@ -220,7 +220,7 @@ def for_me(conditions, myself): return False -def authn_response(conf, return_addr, outstanding_queries=None, timeslack=0, +def authn_response(conf, return_addrs, outstanding_queries=None, timeslack=0, asynchop=True, allow_unsolicited=False, want_assertions_signed=False): sec = security_context(conf) if not timeslack: @@ -230,13 +230,13 @@ def authn_response(conf, return_addr, outstanding_queries=None, timeslack=0, timeslack = 0 return AuthnResponse(sec, conf.attribute_converters, conf.entityid, - return_addr, outstanding_queries, timeslack, + return_addrs, outstanding_queries, timeslack, asynchop=asynchop, allow_unsolicited=allow_unsolicited, want_assertions_signed=want_assertions_signed) # comes in over SOAP so synchronous -def attribute_response(conf, return_addr, timeslack=0, asynchop=False, +def attribute_response(conf, return_addrs, timeslack=0, asynchop=False, test=False): sec = security_context(conf) if not timeslack: @@ -246,17 +246,17 @@ def attribute_response(conf, return_addr, timeslack=0, asynchop=False, timeslack = 0 return AttributeResponse(sec, conf.attribute_converters, conf.entityid, - return_addr, timeslack, asynchop=asynchop, + return_addrs, timeslack, asynchop=asynchop, test=test) class StatusResponse(object): msgtype = "status_response" - def __init__(self, sec_context, return_addr=None, timeslack=0, + def __init__(self, sec_context, return_addrs=None, timeslack=0, request_id=0, asynchop=True): self.sec = sec_context - self.return_addr = return_addr + self.return_addrs = return_addrs self.timeslack = timeslack self.request_id = request_id @@ -382,9 +382,9 @@ class StatusResponse(object): if self.asynchop: if self.response.destination and \ - self.response.destination != self.return_addr: - logger.error("%s != %s" % (self.response.destination, - self.return_addr)) + self.response.destination not in self.return_addrs: + logger.error("%s not in %s" % (self.response.destination, + self.return_addrs)) return None assert self.issue_instant_ok() @@ -413,9 +413,9 @@ class StatusResponse(object): class LogoutResponse(StatusResponse): msgtype = "logout_response" - def __init__(self, sec_context, return_addr=None, timeslack=0, + def __init__(self, sec_context, return_addrs=None, timeslack=0, asynchop=True): - StatusResponse.__init__(self, sec_context, return_addr, timeslack, + StatusResponse.__init__(self, sec_context, return_addrs, timeslack, asynchop=asynchop) self.signature_check = self.sec.correctly_signed_logout_response @@ -423,9 +423,9 @@ class LogoutResponse(StatusResponse): class NameIDMappingResponse(StatusResponse): msgtype = "name_id_mapping_response" - def __init__(self, sec_context, return_addr=None, timeslack=0, + def __init__(self, sec_context, return_addrs=None, timeslack=0, request_id=0, asynchop=True): - StatusResponse.__init__(self, sec_context, return_addr, timeslack, + StatusResponse.__init__(self, sec_context, return_addrs, timeslack, request_id, asynchop) self.signature_check = self.sec.correctly_signed_name_id_mapping_response @@ -433,9 +433,9 @@ class NameIDMappingResponse(StatusResponse): class ManageNameIDResponse(StatusResponse): msgtype = "manage_name_id_response" - def __init__(self, sec_context, return_addr=None, timeslack=0, + def __init__(self, sec_context, return_addrs=None, timeslack=0, request_id=0, asynchop=True): - StatusResponse.__init__(self, sec_context, return_addr, timeslack, + StatusResponse.__init__(self, sec_context, return_addrs, timeslack, request_id, asynchop) self.signature_check = self.sec.correctly_signed_manage_name_id_response @@ -449,12 +449,12 @@ class AuthnResponse(StatusResponse): msgtype = "authn_response" def __init__(self, sec_context, attribute_converters, entity_id, - return_addr=None, outstanding_queries=None, + return_addrs=None, outstanding_queries=None, timeslack=0, asynchop=True, allow_unsolicited=False, test=False, allow_unknown_attributes=False, want_assertions_signed=False, **kwargs): - StatusResponse.__init__(self, sec_context, return_addr, timeslack, + StatusResponse.__init__(self, sec_context, return_addrs, timeslack, asynchop=asynchop) self.entity_id = entity_id self.attribute_converters = attribute_converters @@ -875,10 +875,10 @@ class AuthnQueryResponse(AuthnResponse): msgtype = "authn_query_response" def __init__(self, sec_context, attribute_converters, entity_id, - return_addr=None, timeslack=0, asynchop=False, test=False): + return_addrs=None, timeslack=0, asynchop=False, test=False): AuthnResponse.__init__(self, sec_context, attribute_converters, - entity_id, return_addr, timeslack=timeslack, + entity_id, return_addrs, timeslack=timeslack, asynchop=asynchop, test=test) self.entity_id = entity_id self.attribute_converters = attribute_converters @@ -893,10 +893,10 @@ class AttributeResponse(AuthnResponse): msgtype = "attribute_response" def __init__(self, sec_context, attribute_converters, entity_id, - return_addr=None, timeslack=0, asynchop=False, test=False): + return_addrs=None, timeslack=0, asynchop=False, test=False): AuthnResponse.__init__(self, sec_context, attribute_converters, - entity_id, return_addr, timeslack=timeslack, + entity_id, return_addrs, timeslack=timeslack, asynchop=asynchop, test=test) self.entity_id = entity_id self.attribute_converters = attribute_converters @@ -910,9 +910,9 @@ class AuthzResponse(AuthnResponse): msgtype = "authz_decision_response" def __init__(self, sec_context, attribute_converters, entity_id, - return_addr=None, timeslack=0, asynchop=False): + return_addrs=None, timeslack=0, asynchop=False): AuthnResponse.__init__(self, sec_context, attribute_converters, - entity_id, return_addr, timeslack=timeslack, + entity_id, return_addrs, timeslack=timeslack, asynchop=asynchop) self.entity_id = entity_id self.attribute_converters = attribute_converters @@ -924,10 +924,10 @@ class ArtifactResponse(AuthnResponse): msgtype = "artifact_response" def __init__(self, sec_context, attribute_converters, entity_id, - return_addr=None, timeslack=0, asynchop=False, test=False): + return_addrs=None, timeslack=0, asynchop=False, test=False): AuthnResponse.__init__(self, sec_context, attribute_converters, - entity_id, return_addr, timeslack=timeslack, + entity_id, return_addrs, timeslack=timeslack, asynchop=asynchop, test=test) self.entity_id = entity_id self.attribute_converters = attribute_converters @@ -935,7 +935,7 @@ class ArtifactResponse(AuthnResponse): self.context = "ArtifactResolve" -def response_factory(xmlstr, conf, return_addr=None, outstanding_queries=None, +def response_factory(xmlstr, conf, return_addrs=None, outstanding_queries=None, timeslack=0, decode=True, request_id=0, origxml=None, asynchop=True, allow_unsolicited=False, want_assertions_signed=False): sec_context = security_context(conf) @@ -949,13 +949,13 @@ def response_factory(xmlstr, conf, return_addr=None, outstanding_queries=None, entity_id = conf.entityid extension_schema = conf.extension_schema - response = StatusResponse(sec_context, return_addr, timeslack, request_id, + response = StatusResponse(sec_context, return_addrs, timeslack, request_id, asynchop) try: response.loads(xmlstr, decode, origxml) if response.response.assertion or response.response.encrypted_assertion: authnresp = AuthnResponse(sec_context, attribute_converters, - entity_id, return_addr, + entity_id, return_addrs, outstanding_queries, timeslack, asynchop, allow_unsolicited, extension_schema=extension_schema, @@ -965,7 +965,7 @@ def response_factory(xmlstr, conf, return_addr=None, outstanding_queries=None, except TypeError: response.signature_check = sec_context.correctly_signed_logout_response response.loads(xmlstr, decode, origxml) - logoutresp = LogoutResponse(sec_context, return_addr, timeslack, + logoutresp = LogoutResponse(sec_context, return_addrs, timeslack, asynchop=asynchop) logoutresp.update(response) return logoutresp |