diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-03-27 11:12:41 +0100 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-03-27 11:12:41 +0100 |
commit | eeb4b5d694f4b0cce199a778a8f90f595cd51075 (patch) | |
tree | 7c00b973d56e741726cd64a1889f474578e21ea1 /src/saml2/assertion.py | |
parent | e28cf613a2f6500d770175019a651e22ba097d02 (diff) | |
download | pysaml2-eeb4b5d694f4b0cce199a778a8f90f595cd51075.tar.gz |
Fixed a problem with filtering assertion by required/optional attributes.
Diffstat (limited to 'src/saml2/assertion.py')
-rw-r--r-- | src/saml2/assertion.py | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 1057ca41..0ed30570 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -24,7 +24,7 @@ import xmlenc from saml2 import saml from saml2.time_util import instant, in_a_while -from saml2.attribute_converter import from_local +from saml2.attribute_converter import from_local, get_local_name from saml2.s_utils import sid, MissingValue from saml2.s_utils import factory from saml2.s_utils import assertion_factory @@ -78,7 +78,7 @@ def _match(attr, ava): return None -def filter_on_attributes(ava, required=None, optional=None): +def filter_on_attributes(ava, required=None, optional=None, acs=None): """ Filter :param ava: An attribute value assertion as a dictionary @@ -98,18 +98,23 @@ def filter_on_attributes(ava, required=None, optional=None): nform = "" for nform in ["friendly_name", "name"]: try: - _fn = _match(attr[nform], ava) + _name = attr[nform] except KeyError: - pass - else: - if _fn: - try: - values = [av["text"] for av in attr["attribute_value"]] - except KeyError: - values = [] - res[_fn] = _filter_values(ava[_fn], values, True) - found = True - break + if nform == "friendly_name": + _name = get_local_name(acs, attr["name"], + attr["name_format"]) + else: + continue + + _fn = _match(_name, ava) + if _fn: + try: + values = [av["text"] for av in attr["attribute_value"]] + except KeyError: + values = [] + res[_fn] = _filter_values(ava[_fn], values, True) + found = True + break if not found: raise MissingValue("Required attribute missing: '%s'" % ( @@ -311,7 +316,8 @@ class Policy(object): self.compile(restrictions) else: self._restrictions = None - + self.acs = [] + def compile(self, restrictions): """ This is only for IdPs or AAs, and it's about limiting what is returned to the SP. @@ -484,7 +490,8 @@ class Policy(object): ava = filter_attribute_value_assertions(ava, _rest) if required or optional: - ava = filter_on_attributes(ava, required, optional) + logger.debug("required: %s, optional: %s" % (required, optional)) + ava = filter_on_attributes(ava, required, optional, self.acs) return ava @@ -540,7 +547,8 @@ class Assertion(dict): def __init__(self, dic=None): dict.__init__(self, dic) - + self.acs = [] + @staticmethod def _authn_context_decl(decl, authn_auth=None): """ @@ -727,6 +735,8 @@ class Assertion(dict): :param metadata: Metadata to use :return: The resulting AVA after the policy is applied """ + + policy.acs = self.acs ava = policy.restrict(self, sp_entity_id, metadata) self.update(ava) return ava
\ No newline at end of file |