diff options
Diffstat (limited to 'tests/test_37_entity_categories.py')
-rw-r--r-- | tests/test_37_entity_categories.py | 215 |
1 files changed, 125 insertions, 90 deletions
diff --git a/tests/test_37_entity_categories.py b/tests/test_37_entity_categories.py index 839030fd..a24a4feb 100644 --- a/tests/test_37_entity_categories.py +++ b/tests/test_37_entity_categories.py @@ -25,37 +25,47 @@ def _eq(l1, l2): def test_filter_ava(): - policy = Policy({ + policy_conf = { "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } - }) + } + policy = Policy(policy_conf, MDS) - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "mail": ["derek@nyy.mlb.com", "dj@example.com"], "c": ["USA"]} + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "mail": ["derek@nyy.mlb.com", "dj@example.com"], + "c": ["USA"] + } - ava = policy.filter(ava, "https://connect.sunet.se/shibboleth", MDS) + ava = policy.filter(ava, "https://connect.sunet.se/shibboleth") assert _eq(list(ava.keys()), ['mail', 'givenName', 'sn', 'c']) assert _eq(ava["mail"], ["derek@nyy.mlb.com", "dj@example.com"]) def test_filter_ava2(): - policy = Policy({ + policy_conf = { "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["refeds", "edugain"] } - }) + } + policy = Policy(policy_conf, MDS) - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "mail": ["derek@nyy.mlb.com"], "c": ["USA"], - "eduPersonTargetedID": "foo!bar!xyz"} + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "mail": ["derek@nyy.mlb.com"], + "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz" + } - ava = policy.filter(ava, "https://connect.sunet.se/shibboleth", MDS) + ava = policy.filter(ava, "https://connect.sunet.se/shibboleth") # Mismatch, policy deals with eduGAIN, metadata says SWAMID # So only minimum should come out @@ -63,96 +73,120 @@ def test_filter_ava2(): def test_filter_ava3(): - policy = Policy({ + mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) + mds.imp( + [ + { + "class": "saml2.mdstore.MetaDataFile", + "metadata": [(full_path("entity_cat_sfs_hei.xml"),)] + } + ] + ) + + policy_conf = { "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } - }) + } + policy = Policy(policy_conf, mds) + + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "mail": ["derek@nyy.mlb.com"], + "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz", + "norEduPersonNIN": "19800101134" + } + + ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp") + assert _eq(list(ava.keys()), ['eduPersonTargetedID', "norEduPersonNIN"]) + +def test_filter_ava4(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp([{"class": "saml2.mdstore.MetaDataFile", - "metadata": [(full_path("entity_cat_sfs_hei.xml"),)]}]) - - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "mail": ["derek@nyy.mlb.com"], "c": ["USA"], - "eduPersonTargetedID": "foo!bar!xyz", - "norEduPersonNIN": "19800101134"} - - ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) - - assert _eq(list(ava.keys()), ['eduPersonTargetedID', "norEduPersonNIN"]) - + "metadata": [(full_path("entity_cat_re_nren.xml"),)]}]) -def test_filter_ava4(): - policy = Policy({ + policy_conf = { "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } - }) - - mds = MetadataStore(ATTRCONV, sec_config, - disable_ssl_certificate_validation=True) - mds.imp([{"class": "saml2.mdstore.MetaDataFile", - "metadata": [(full_path("entity_cat_re_nren.xml"),)]}]) + } + policy = Policy(policy_conf, mds) - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "mail": ["derek@nyy.mlb.com"], "c": ["USA"], - "eduPersonTargetedID": "foo!bar!xyz", - "norEduPersonNIN": "19800101134"} + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "mail": ["derek@nyy.mlb.com"], + "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz", + "norEduPersonNIN": "19800101134" + } - ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) - - assert _eq(list(ava.keys()), - ['eduPersonTargetedID', "givenName", "c", "mail", - "sn"]) + ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp") + assert _eq( + list(ava.keys()), ['eduPersonTargetedID', "givenName", "c", "mail", "sn"] + ) def test_filter_ava5(): + mds = MetadataStore(ATTRCONV, sec_config, + disable_ssl_certificate_validation=True) + mds.imp([{"class": "saml2.mdstore.MetaDataFile", + "metadata": [(full_path("entity_cat_re.xml"),)]}]) + policy = Policy({ "default": { "lifetime": {"minutes": 15}, # "attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } - }) + }, mds) - mds = MetadataStore(ATTRCONV, sec_config, - disable_ssl_certificate_validation=True) - mds.imp([{"class": "saml2.mdstore.MetaDataFile", - "metadata": [(full_path("entity_cat_re.xml"),)]}]) - - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "mail": ["derek@nyy.mlb.com"], "c": ["USA"], - "eduPersonTargetedID": "foo!bar!xyz", - "norEduPersonNIN": "19800101134"} + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "mail": ["derek@nyy.mlb.com"], + "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz", + "norEduPersonNIN": "19800101134" + } - ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) + ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp") assert _eq(list(ava.keys()), ['eduPersonTargetedID']) def test_idp_policy_filter(): with closing(Server("idp_conf_ec")) as idp: - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "mail": ["derek@nyy.mlb.com"], "c": ["USA"], - "eduPersonTargetedID": "foo!bar!xyz", - "norEduPersonNIN": "19800101134"} + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "mail": ["derek@nyy.mlb.com"], + "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz", + "norEduPersonNIN": "19800101134" + } policy = idp.config.getattr("policy", "idp") - ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", - idp.metadata) - - print(ava) - assert list(ava.keys()) == [ - "eduPersonTargetedID"] # because no entity category + ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp") + # because no entity category + assert list(ava.keys()) == ["eduPersonTargetedID"] def test_entity_category_import_from_path(): + mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) + # The file entity_cat_rs.xml contains the SAML metadata for an SP + # tagged with the REFEDs R&S entity category. + mds.imp([{"class": "saml2.mdstore.MetaDataFile", + "metadata": [(full_path("entity_cat_rs.xml"),)]}]) + # The entity category module myentitycategory.py is in the tests # directory which is on the standard module search path. # The module uses a custom interpretation of the REFEDs R&S entity category @@ -162,34 +196,35 @@ def test_entity_category_import_from_path(): "lifetime": {"minutes": 15}, "entity_categories": ["myentitycategory"] } - }) - - mds = MetadataStore(ATTRCONV, sec_config, - disable_ssl_certificate_validation=True) - - # The file entity_cat_rs.xml contains the SAML metadata for an SP - # tagged with the REFEDs R&S entity category. - mds.imp([{"class": "saml2.mdstore.MetaDataFile", - "metadata": [(full_path("entity_cat_rs.xml"),)]}]) - - ava = {"givenName": ["Derek"], "sn": ["Jeter"], - "displayName": "Derek Jeter", - "mail": ["derek@nyy.mlb.com"], "c": ["USA"], - "eduPersonTargetedID": "foo!bar!xyz", - "eduPersonUniqueId": "R13ET7UD68K0HGR153KE@my.org", - "eduPersonScopedAffiliation": "member@my.org", - "eduPersonPrincipalName": "user01@my.org", - "norEduPersonNIN": "19800101134"} - - ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) + }, mds) + + ava = { + "givenName": ["Derek"], + "sn": ["Jeter"], + "displayName": "Derek Jeter", + "mail": ["derek@nyy.mlb.com"], + "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz", + "eduPersonUniqueId": "R13ET7UD68K0HGR153KE@my.org", + "eduPersonScopedAffiliation": "member@my.org", + "eduPersonPrincipalName": "user01@my.org", + "norEduPersonNIN": "19800101134" + } + + ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp") # We expect c and norEduPersonNIN to be filtered out since they are not # part of the custom entity category. - assert _eq(list(ava.keys()), - ["eduPersonTargetedID", "eduPersonPrincipalName", - "eduPersonUniqueId", "displayName", "givenName", - "eduPersonScopedAffiliation", "mail", "sn"]) - - -if __name__ == "__main__": - test_filter_ava3() + assert _eq( + list(ava.keys()), + [ + "eduPersonTargetedID", + "eduPersonPrincipalName", + "eduPersonUniqueId", + "displayName", + "givenName", + "eduPersonScopedAffiliation", + "mail", + "sn" + ] + ) |