diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-12-05 08:48:25 +0100 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-12-05 08:48:25 +0100 |
commit | c2701e9ba2c768d62dd54e171b51229a21135e83 (patch) | |
tree | 62e0952146bb4d9919549d1c6db8ea6187bac267 | |
parent | 94b574c56a7c2fe5b03d7ca948823c4b8af9fb39 (diff) | |
download | pysaml2-c2701e9ba2c768d62dd54e171b51229a21135e83.tar.gz |
If no identity information refrain from constructing an AttributeStatement.
-rw-r--r-- | src/saml2/__init__.py | 16 | ||||
-rw-r--r-- | src/saml2/assertion.py | 5 | ||||
-rw-r--r-- | src/saml2/client.py | 1 | ||||
-rw-r--r-- | tests/test_20_assertion.py | 24 |
4 files changed, 44 insertions, 2 deletions
diff --git a/src/saml2/__init__.py b/src/saml2/__init__.py index bf9af8fc..93c4521c 100644 --- a/src/saml2/__init__.py +++ b/src/saml2/__init__.py @@ -755,6 +755,22 @@ class SamlBase(ExtensionContainer): def verify(self): return valid_instance(self) + def empty(self): + for prop, _typ, _req in self.c_attributes.values(): + if getattr(self, prop, None): + return False + + for prop, klassdef in self.c_children.values(): + if getattr(self, prop): + return False + + for param in ["text", "extension_elements", "extension_attributes"]: + if getattr(self, param): + return False + + return True + + # ---------------------------------------------------------------------------- diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 60535c55..318b7084 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -675,9 +675,9 @@ class Assertion(dict): else: _authn_statement = None + _ass = assertion_factory( issuer=issuer, - attribute_statement=[attr_statement], conditions=conds, subject=factory( saml.Subject, @@ -696,6 +696,9 @@ class Assertion(dict): if _authn_statement: _ass.authn_statement = [_authn_statement] + if not attr_statement.empty(): + _ass.attribute_statement=[attr_statement], + return _ass def apply_policy(self, sp_entity_id, policy, metadata=None): diff --git a/src/saml2/client.py b/src/saml2/client.py index 396f3d20..f5696dfe 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -433,6 +433,7 @@ class Saml2Client(Base): 'method': "POST } """ + logger.info("logout request: %s" % request) _req = self._parse_request(request, LogoutRequest, "single_logout_service", binding) diff --git a/tests/test_20_assertion.py b/tests/test_20_assertion.py index c9ce8ad3..460d4e5a 100644 --- a/tests/test_20_assertion.py +++ b/tests/test_20_assertion.py @@ -315,6 +315,7 @@ def test_assertion_2(): 'urn:oid:2.16.840.1.113730.3.1.241', 'urn:oid:0.9.2342.19200300.100.1.1']) + # ---------------------------------------------------------------------------- @@ -751,5 +752,26 @@ def test_filter_ava_5(): assert ava == {} +def test_assertion_with_zero_attributes(): + ava = {} + ast = Assertion(ava) + policy = Policy({ + "default": { + "lifetime": {"minutes": 240}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI + }, + }) + name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar") + issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY) + msg = ast.construct("sp_entity_id", "in_response_to", "consumer_url", + name_id, [AttributeConverterNOOP(NAME_FORMAT_URI)], + policy, issuer=issuer, authn_decl=ACD , + authn_auth="authn_authn") + + print msg + assert msg.attribute_statement == [] + + if __name__ == "__main__": - test_filter_ava_5()
\ No newline at end of file + test_assertion_with_zero_attributes()
\ No newline at end of file |