diff options
author | Johan Lundberg <lundberg@sunet.se> | 2020-09-30 10:46:45 +0200 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-10-30 12:55:25 +0200 |
commit | d19febc77caa859193126864486a26055f167250 (patch) | |
tree | ebcee758527a914ec8be71b28c9c9fe73b56cc17 /tests | |
parent | 326705d1e4aa0bb2740ae8d2f5836b7630f58a8f (diff) | |
download | pysaml2-d19febc77caa859193126864486a26055f167250.tar.gz |
Allow registration authorities in policy
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_20_assertion.py | 93 |
1 files changed, 73 insertions, 20 deletions
diff --git a/tests/test_20_assertion.py b/tests/test_20_assertion.py index f617e516..dc501291 100644 --- a/tests/test_20_assertion.py +++ b/tests/test_20_assertion.py @@ -1,8 +1,11 @@ # coding=utf-8 +import copy + from saml2.argtree import add_path from saml2.authn_context import pword from saml2.mdie import to_dict -from saml2 import md, assertion, create_class_from_xml_string +from saml2 import md, assertion, create_class_from_xml_string, config +from saml2.mdstore import MetadataStore from saml2.saml import Attribute from saml2.saml import Issuer from saml2.saml import NAMEID_FORMAT_ENTITY @@ -33,6 +36,15 @@ from saml2 import xmlenc from pathutils import full_path ONTS = [saml, mdui, mdattr, dri, idpdisc, md, xmldsig, xmlenc] +ATTRCONV = ac_factory(full_path("attributemaps")) +sec_config = config.Config() + +METADATACONF = { + "1": [{ + "class": "saml2.mdstore.MetaDataFile", + "metadata": [(full_path("swamid-2.0.xml"),)], + }], +} def _eq(l1, l2): @@ -859,25 +871,66 @@ def test_assertion_with_noop_attribute_conv(): assert attr.attribute_value[0].text == "Roland" -# THis test doesn't work without a MetadataStore instance -# def test_filter_ava_5(): -# policy = Policy({ -# "default": { -# "lifetime": {"minutes": 15}, -# #"attribute_restrictions": None # means all I have -# "entity_categories": ["swamid", "edugain"] -# } -# }) -# -# ava = {"givenName": ["Derek"], "surName": ["Jeter"], -# "mail": ["derek@nyy.mlb.com", "dj@example.com"]} -# -# ava = policy.filter(ava, "urn:mace:example.com:saml:curt:sp", None, [], []) -# -# # using entity_categories means there *always* are restrictions -# # in this case the only allowed attribute is eduPersonTargetedID -# # which isn't available in the ava hence zip is returned. -# assert ava == {} +def test_filter_ava_5(): + mds = MetadataStore(ATTRCONV, sec_config, + disable_ssl_certificate_validation=True) + mds.imp(METADATACONF["1"]) + + policy = Policy({ + "default": { + "lifetime": {"minutes": 15}, + "attribute_restrictions": None, # means all I have + "entity_categories": ["swamid", "edugain"] + } + }) + + ava = {"givenName": ["Derek"], "surName": ["Jeter"], + "mail": ["derek@nyy.mlb.com", "dj@example.com"]} + + ava = policy.filter(ava, "urn:mace:example.com:saml:curt:sp", mdstore=mds, required=[], optional=[]) + + # using entity_categories means there *always* are restrictions + # in this case the only allowed attribute is eduPersonTargetedID + # which isn't available in the ava hence zip is returned. + assert ava == {} + + +def test_filter_ava_registration_authority_1(): + mds = MetadataStore(ATTRCONV, sec_config, + disable_ssl_certificate_validation=True) + mds.imp(METADATACONF["1"]) + config.metadata = mds + + policy = Policy({ + "default": { + "lifetime": {"minutes": 15}, + "attribute_restrictions": None, + }, + "registration_authorities": { + "http://rr.aai.switch.ch/": { + "attribute_restrictions": { + "givenName": None, + "surName": None, + } + } + } + }, config=config) + + attributes = {"givenName": ["Derek"], "surName": ["Jeter"], + "mail": ["derek@nyy.mlb.com", "dj@example.com"]} + + # SP registered with http://rr.aai.switch.ch/ + ava = policy.filter(attributes, "https://aai-idp.unibe.ch/idp/shibboleth", mdstore=mds, required=[], optional=[]) + assert _eq(sorted(list(ava.keys())), ["givenName", "surName"]) + assert ava["givenName"] == ["Derek"] + assert ava["surName"] == ["Jeter"] + + # SP not registered with http://rr.aai.switch.ch/ + ava = policy.filter(attributes, "https://alpha.kib.ki.se/shibboleth", mdstore=mds, required=[], optional=[]) + assert _eq(sorted(list(ava.keys())), ["givenName", "mail", "surName"]) + assert ava["givenName"] == ["Derek"] + assert ava["surName"] == ["Jeter"] + assert ava["mail"] == ["derek@nyy.mlb.com", "dj@example.com"] def test_assertion_with_zero_attributes(): |