diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-06-11 00:44:47 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-06-11 00:47:58 +0300 |
commit | 5c90be6bf42d0801b359e3fe49256fd4067c828d (patch) | |
tree | 59daf0f59788a707f8bf27909c7d8f343c6ef076 | |
parent | 2587196d64763e812b9e32de332855067c8a0305 (diff) | |
download | pysaml2-5c90be6bf42d0801b359e3fe49256fd4067c828d.tar.gz |
Refactor create_authn_request name_id_policy
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | src/saml2/client_base.py | 84 |
1 files changed, 35 insertions, 49 deletions
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index 9ce774ab..d0154423 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -349,57 +349,43 @@ class Base(Entity): else: raise ValueError("Wrong type for param {name}".format(name=param)) - try: - args["name_id_policy"] = kwargs["name_id_policy"] - del kwargs["name_id_policy"] - except KeyError: - if allow_create is None: - allow_create = self.config.getattr("name_id_format_allow_create", "sp") - if allow_create is None: - allow_create = "false" - else: - if allow_create is True: - allow_create = "true" - else: - allow_create = "false" + # NameIDPolicy + nameid_format_config = self.config.getattr("name_id_format", "sp") + nameid_format = ( + nameid_format + if nameid_format is not None + else NAMEID_FORMAT_TRANSIENT + if nameid_format_config is None + else nameid_format_config[0] + if isinstance(nameid_format_config, list) + else None + if nameid_format == 'None' + else nameid_format_config + ) - if nameid_format == "": - name_id_policy = None - else: - if nameid_format is None: - nameid_format = self.config.getattr("name_id_format", "sp") - - # If no nameid_format has been set in the configuration - # or passed in then transient is the default. - if nameid_format is None: - # SAML 2.0 errata says AllowCreate MUST NOT be used for - # transient ids - to make a conservative change this is - # only applied for the default cause - allow_create = None - nameid_format = NAMEID_FORMAT_TRANSIENT - - # If a list has been configured or passed in choose the - # first since NameIDPolicy can only have one format specified. - elif isinstance(nameid_format, list): - nameid_format = nameid_format[0] - - # Allow a deployer to signal that no format should be specified - # in the NameIDPolicy by passing in or configuring the string 'None'. - elif nameid_format == 'None': - nameid_format = None - - name_id_policy = samlp.NameIDPolicy(allow_create=allow_create, - format=nameid_format) - - if name_id_policy and vorg: - try: - name_id_policy.sp_name_qualifier = vorg - name_id_policy.format = saml.NAMEID_FORMAT_PERSISTENT - except KeyError: - pass - args["name_id_policy"] = name_id_policy + allow_create_config = self.config.getattr("name_id_format_allow_create", "sp") + allow_create = ( + None + # SAML 2.0 errata says AllowCreate MUST NOT be used for transient ids + if nameid_format == NAMEID_FORMAT_TRANSIENT + else allow_create + if allow_create is not None + else str(bool(allow_create_config)).lower() + ) - nsprefix = kwargs.get("nsprefix") + name_id_policy = ( + kwargs.pop("name_id_policy", None) + if "name_id_policy" in kwargs + else None + if nameid_format == "" + else samlp.NameIDPolicy(allow_create=allow_create, format=nameid_format) + ) + + if name_id_policy and vorg: + name_id_policy.sp_name_qualifier = vorg + name_id_policy.format = saml.NAMEID_FORMAT_PERSISTENT + + args["name_id_policy"] = name_id_policy conf_sp_type = self.config.getattr('sp_type', 'sp') conf_sp_type_in_md = self.config.getattr('sp_type_in_metadata', 'sp') |