Ordered way to find a local name of an attribute.

2 files changed, 42 insertions, 21 deletions

diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index 0db4b723..8984db59 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -8,12 +8,15 @@ import six
 
 from saml2 import saml
 from saml2 import xmlenc
-from saml2.attribute_converter import from_local, get_local_name
+from saml2.attribute_converter import from_local, ac_factory
+from saml2.attribute_converter import get_local_name
 from saml2.s_utils import assertion_factory
 from saml2.s_utils import factory
-from saml2.s_utils import sid, MissingValue
+from saml2.s_utils import sid
+from saml2.s_utils import MissingValue
 from saml2.saml import NAME_FORMAT_URI
-from saml2.time_util import instant, in_a_while
+from saml2.time_util import instant
+from saml2.time_util import in_a_while
 
 logger = logging.getLogger(__name__)
 
@@ -78,15 +81,22 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None,
     """
 
     def _match_attr_name(attr, ava):
-        
-        local_name = get_local_name(acs, attr["name"], attr["name_format"])
-        if not local_name:
-            try:
-                local_name = attr["friendly_name"]
-            except KeyError:
-                pass
+        local_name = None
+
+        for a in ['name_format', 'friendly_name']:
+            _val = attr.get(a)
+            if _val:
+                if a == 'name_format':
+                    local_name = get_local_name(acs, attr['name'], _val)
+                else:
+                    local_name = _val
+                break
+
+        if local_name:
+            _fn = _match(local_name, ava)
+        else:
+            _fn = None
 
-        _fn = _match(local_name, ava)
         if not _fn:  # In the unlikely case that someone has provided us with
             #  URIs as attribute names
             _fn = _match(attr["name"], ava)
@@ -117,8 +127,7 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None,
         if _fn:
             _apply_attr_value_restrictions(attr, res, True)
         elif fail_on_unfulfilled_requirements:
-            desc = "Required attribute missing: '%s' (%s)" % (attr["name"],
-                                                              _fn)
+            desc = "Required attribute missing: '%s'" % (attr["name"])
             raise MissingValue(desc)
 
     if optional is None:
@@ -502,6 +511,9 @@ class Policy(object):
 
         _ava = None
 
+        if not self.acs:  # acs MUST have a value, fall back to default.
+            self.acs = ac_factory()
+
         _rest = self.get_entity_categories(sp_entity_id, mdstore, required)
         if _rest:
             _ava = filter_attribute_value_assertions(ava.copy(), _rest)
diff --git a/tests/test_20_assertion.py b/tests/test_20_assertion.py
index 5fc36f6b..1c04f18a 100644
--- a/tests/test_20_assertion.py
+++ b/tests/test_20_assertion.py
@@ -130,6 +130,17 @@ def test_filter_on_attributes_with_missing_optional_attribute():
     assert filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) == {}
 
 
+def test_filter_on_attributes_with_missing_name_format():
+    ava = {"eduPersonTargetedID": "test@example.com",
+           "eduPersonAffiliation": "test",
+           "extra": "foo"}
+    eptid = to_dict(Attribute(friendly_name="eduPersonTargetedID",
+                              name="urn:myown:eptid",
+                              name_format=''), ONTS)
+    ava = filter_on_attributes(ava, optional=[eptid], acs=ac_factory())
+    assert ava['eduPersonTargetedID'] == "test@example.com"
+
+
 # ----------------------------------------------------------------------
 
 def test_lifetime_1():
@@ -148,6 +159,7 @@ def test_lifetime_1():
         }}
 
     r = Policy(conf)
+
     assert r is not None
 
     assert r.get_lifetime("urn:mace:umu.se:saml:roland:sp") == {"minutes": 5}
@@ -215,25 +227,22 @@ def test_ava_filter_2():
             "lifetime": {"minutes": 5},
             "attribute_restrictions": {
                 "givenName": None,
-                "surName": None,
+                "sn": None,
                 "mail": [".*@.*\.umu\.se"],
             }
         }}
 
     policy = Policy(conf)
 
-    ava = {"givenName": "Derek",
-           "surName": "Jeter",
-           "mail": "derek@example.com"}
+    ava = {"givenName": "Derek", "sn": "Jeter", "mail": "derek@example.com"}
 
     # mail removed because it doesn't match the regular expression
     _ava = policy.filter(ava, 'urn:mace:umu.se:saml:roland:sp', None, [mail],
                          [gn, sn])
 
-    assert _eq(sorted(list(_ava.keys())), ["givenName", "surName"])
+    assert _eq(sorted(list(_ava.keys())), ["givenName", 'sn'])
 
-    ava = {"givenName": "Derek",
-           "surName": "Jeter"}
+    ava = {"givenName": "Derek", "sn": "Jeter"}
 
     # it wasn't there to begin with
     try:
@@ -746,7 +755,7 @@ def test_req_opt():
                 is_required="false"), ONTS)]
 
     policy = Policy()
-    ava = {'givenname': 'Roland', 'surname': 'Hedberg',
+    ava = {'givenname': 'Roland', 'sn': 'Hedberg',
            'uid': 'rohe0002', 'edupersonaffiliation': 'staff'}
 
     sp_entity_id = "urn:mace:example.com:saml:curt:sp"