diff options
author | Roland Hedberg <roland@catalogix.se> | 2017-10-11 15:37:14 +0200 |
---|---|---|
committer | Roland Hedberg <roland@catalogix.se> | 2017-10-11 15:37:14 +0200 |
commit | f6a47025f034fc030a6cbb8b7ec901399b58118d (patch) | |
tree | 60b96e7a2b9326b16caa494f63e3772a99e0d645 | |
parent | 3360ee2734ea2fd32d131a2d908e38aa2919f076 (diff) | |
download | pysaml2-f6a47025f034fc030a6cbb8b7ec901399b58118d.tar.gz |
Ordered way to find a local name of an attribute.
-rw-r--r-- | src/saml2/assertion.py | 38 | ||||
-rw-r--r-- | tests/test_20_assertion.py | 25 |
2 files changed, 42 insertions, 21 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 0db4b723..8984db59 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -8,12 +8,15 @@ import six from saml2 import saml from saml2 import xmlenc -from saml2.attribute_converter import from_local, get_local_name +from saml2.attribute_converter import from_local, ac_factory +from saml2.attribute_converter import get_local_name from saml2.s_utils import assertion_factory from saml2.s_utils import factory -from saml2.s_utils import sid, MissingValue +from saml2.s_utils import sid +from saml2.s_utils import MissingValue from saml2.saml import NAME_FORMAT_URI -from saml2.time_util import instant, in_a_while +from saml2.time_util import instant +from saml2.time_util import in_a_while logger = logging.getLogger(__name__) @@ -78,15 +81,22 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None, """ def _match_attr_name(attr, ava): - - local_name = get_local_name(acs, attr["name"], attr["name_format"]) - if not local_name: - try: - local_name = attr["friendly_name"] - except KeyError: - pass + local_name = None + + for a in ['name_format', 'friendly_name']: + _val = attr.get(a) + if _val: + if a == 'name_format': + local_name = get_local_name(acs, attr['name'], _val) + else: + local_name = _val + break + + if local_name: + _fn = _match(local_name, ava) + else: + _fn = None - _fn = _match(local_name, ava) if not _fn: # In the unlikely case that someone has provided us with # URIs as attribute names _fn = _match(attr["name"], ava) @@ -117,8 +127,7 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None, if _fn: _apply_attr_value_restrictions(attr, res, True) elif fail_on_unfulfilled_requirements: - desc = "Required attribute missing: '%s' (%s)" % (attr["name"], - _fn) + desc = "Required attribute missing: '%s'" % (attr["name"]) raise MissingValue(desc) if optional is None: @@ -502,6 +511,9 @@ class Policy(object): _ava = None + if not self.acs: # acs MUST have a value, fall back to default. + self.acs = ac_factory() + _rest = self.get_entity_categories(sp_entity_id, mdstore, required) if _rest: _ava = filter_attribute_value_assertions(ava.copy(), _rest) diff --git a/tests/test_20_assertion.py b/tests/test_20_assertion.py index 5fc36f6b..1c04f18a 100644 --- a/tests/test_20_assertion.py +++ b/tests/test_20_assertion.py @@ -130,6 +130,17 @@ def test_filter_on_attributes_with_missing_optional_attribute(): assert filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) == {} +def test_filter_on_attributes_with_missing_name_format(): + ava = {"eduPersonTargetedID": "test@example.com", + "eduPersonAffiliation": "test", + "extra": "foo"} + eptid = to_dict(Attribute(friendly_name="eduPersonTargetedID", + name="urn:myown:eptid", + name_format=''), ONTS) + ava = filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) + assert ava['eduPersonTargetedID'] == "test@example.com" + + # ---------------------------------------------------------------------- def test_lifetime_1(): @@ -148,6 +159,7 @@ def test_lifetime_1(): }} r = Policy(conf) + assert r is not None assert r.get_lifetime("urn:mace:umu.se:saml:roland:sp") == {"minutes": 5} @@ -215,25 +227,22 @@ def test_ava_filter_2(): "lifetime": {"minutes": 5}, "attribute_restrictions": { "givenName": None, - "surName": None, + "sn": None, "mail": [".*@.*\.umu\.se"], } }} policy = Policy(conf) - ava = {"givenName": "Derek", - "surName": "Jeter", - "mail": "derek@example.com"} + ava = {"givenName": "Derek", "sn": "Jeter", "mail": "derek@example.com"} # mail removed because it doesn't match the regular expression _ava = policy.filter(ava, 'urn:mace:umu.se:saml:roland:sp', None, [mail], [gn, sn]) - assert _eq(sorted(list(_ava.keys())), ["givenName", "surName"]) + assert _eq(sorted(list(_ava.keys())), ["givenName", 'sn']) - ava = {"givenName": "Derek", - "surName": "Jeter"} + ava = {"givenName": "Derek", "sn": "Jeter"} # it wasn't there to begin with try: @@ -746,7 +755,7 @@ def test_req_opt(): is_required="false"), ONTS)] policy = Policy() - ava = {'givenname': 'Roland', 'surname': 'Hedberg', + ava = {'givenname': 'Roland', 'sn': 'Hedberg', 'uid': 'rohe0002', 'edupersonaffiliation': 'staff'} sp_entity_id = "urn:mace:example.com:saml:curt:sp" |