summaryrefslogtreecommitdiff
path: root/src/saml2/pack.py
Commit message (Collapse)AuthorAgeFilesLines
* Fixing attributeerror and signature mangling while constructing soap requestsMaximilian Heuwes2021-11-221-1/+1
|
* Check allowed signature and digest algo for the POST bindingIvan Kanakarakis2020-11-231-1/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Create the signer along with the sigalg allowance checkIvan Kanakarakis2020-11-231-9/+15
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Correctly sign an AuthnRequest with Redirect bindingIvan Kanakarakis2020-11-231-0/+5
| | | | | | | | | | | | | | When an AuthnRequest is created with HTTP-Redirect binding, the XML document is not signed, but instead, a signature is calculated and becomes part of the query params of the Redirect-URL, through the Signature and SignAlg params. Previously, when the Redirect binding was requested and signing was enabled but no SignAlg params were defined, the Signature and SignAlg query params would be missing. Now, if no SignAlg is defined, the default is used and the request is correctly created with the proper query params. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* FormattingIvan Kanakarakis2020-11-231-6/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix #242: make sure status code is always returned in http_info dictFlorian Best2020-11-101-5/+8
|
* Replace assert with proper checksassert_deletionIvan Kanakarakis2020-09-111-2/+12
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Escape single and double quotes, alwaysIvan Kanakarakis2019-05-141-3/+7
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Format import statementsIvan Kanakarakis2019-05-141-3/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* DeprecationWarning: cgi.escape is deprecated, use html.escape instead. FixedGiuseppe2019-04-261-4/+7
|
* Use cgi instead of html moduleIvan Kanakarakis2018-12-061-4/+4
| | | | | | | The html module is only available for python3. The cgi module provides almost identical functionality and is present for both python2 and python3. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Reformat using flake8 recommendationsScott Koranda2018-05-251-15/+14
|
* Omit relay state in HTTP-POST response when emptyIvan Kanakarakis2018-05-251-4/+6
| | | | | | Do not send an HTTP-POST SAML response with a non-conforming relay state. This can happen when the incoming <AuthnRequest> does not include relay state information.
* Refactor HTML_FORM_SPEC to be configurableScott Koranda2018-05-251-33/+36
|
* Fix for 459 HTTP_POST form nonconforming and shows submitScott Koranda2017-09-231-14/+35
| | | | | | | | | | | | | | Fix for issue 459 "Form used with HTTP_POST binding nonconforming and shows submit button". The fix introduces an HTML5 DOCTYPE declaration and uses noscript tags appropriately to hide the submit button when Javascript is enabled. Modification of tests were necessary because the tests unecessarily relied on the response being a list of strings with the <form> element being the fourth item in the list, in order to unpack the form and pull out the SAMLResponse and relay state for comparison. The new tests do not require the response to be arbitrarily broken up as a list of strings.
* Fix XXE in XML parsing (related to #366)Florian Rüchel2016-10-311-1/+2
| | | | | | | This fixes XXE issues on anything where pysaml2 parses XML directly as part of issue #366. It doesn't address the xmlsec issues discussed on that ticket as they are out of reach of a direct fix and need the underlying library to fix this issue.
* Clean up4.0.0Roland Hedberg2015-12-111-1/+0
|
* Reworked the security backend so you should now be able to use a HSM again ↵Roland Hedberg2015-12-111-19/+19
| | | | for XML security. Support for non-XML crypto using HSMs are on the way.
* The IdP doing form_post or the SP doing post is two different things.Roland Hedberg2015-11-131-0/+26
|
* Fix paramter passing in logging messagesJozef Knaperek2015-10-151-3/+3
| | | | | | | | Pass parameters into logger calls directly instead of pre-merging with the logger message. This way the logs are easier to maintain and process. The code is also faster when logging is turned off since it doesn't have to evaluate all params and render them into strings.
* Improve support for SigAlg usage in HTTP redirect.Roland Hedberg2015-06-271-4/+5
|
* Fix more pack/sigver python3 incompatibilityClint Byrum2015-05-281-1/+1
| | | | | More strings/bytes issues and another usage of the moved urlencode function.
* Fix more renamed modules/functions for py3Clint Byrum2015-05-281-5/+4
| | | | | | | | | In doing so it was discovered that the 'implements' function has been replaced by a class decorator, which must be used in python3. Also commented out method arguments seem to expose internal py.test problems in python3. Removing them seems fine since we can look in revision history if we need to find the exact way it was used before.
* Fix assertion ID tests for python3Clint Byrum2015-05-281-1/+4
| | | | | | Fixing basic renames reveals that some assumptions about the XML produced by etree need fixing, and there is a need to coerce some strings into bytes before base64.
* Only remove xml header if it is presentClint Byrum2015-05-281-3/+4
| | | | | In python3, etree won't add an XML header if the defaults would suffice. This fixes some python3-only test failures.
* Fix xml issues with python3Clint Byrum2015-05-211-0/+2
| | | | | Some calls in etree will return bytes where they used to return a string type.
* Fix more basestring py3k issuesClint Byrum2015-05-211-3/+4
| | | | basestring has been removed from python 3.
* Fix typo 'unknown'Yo Sub Kwon2015-05-191-1/+1
|
* Deal with renamed modules in python3Clint Byrum2015-05-151-2/+2
| | | | | | | six.moves handles some of the reorganized modules. With dircache, it was simply removed as it has been deprecated for a long time. os.listdir performs fine these days.
* Fix python3 syntax errorsClint Byrum2015-05-151-5/+5
| | | | | Retains python2.7 compatibility for all files. Fixes only syntax errors, tests still fail on python3 for various reasons.
* Fixed making redirect signatureRoland Hedberg2014-12-151-4/+3
|
* PEP-8Roland Hedberg2014-10-021-18/+18
|
* On Copyright statement in one place.Roland Hedberg2014-09-091-13/+0
|
* Submit button added to POST formTomas Pazderka2014-05-291-0/+1
| | | | | Added Submit button to generated POST form to allow manual submit in case user has JS disabled
* Fixed all tests and various bugs that appeared during that process.Roland Hedberg2013-12-131-7/+6
|
* Fix KeyError when signing http_redirect_messagePaul Korzhyk2013-11-041-2/+2
| | | | | | | | | | Without this change I get the following traceback: >>> pack.http_redirect_message(req.to_string(), destination, sigalg=pack.RSA_SHA1, key=rsa) Traceback (most recent call last): File "<redacted>", line 1, in <module> File "<redacted>\pysaml2-1.0.3-py2.7.egg\saml2\pack.py", line 138, in http_redirect_message string = "&".join([urllib.urlencode({k: args[k]}) for k in _order]) KeyError: 'RelayState'
* Make sure it's a base string and not something else.Roland Hedberg2013-09-171-1/+1
|
* Added support for signing/verifying messages when using the HTTP-Redirect ↵Roland Hedberg2013-02-211-86/+7
| | | | binding.
* Added support for signing/verifying messages when using the HTTP-Redirect ↵Roland Hedberg2013-02-211-11/+120
| | | | binding.
* Rewrote to use NameID instances every where where I previously used just the ↵Roland Hedberg2013-02-091-3/+5
| | | | text part of the instance.
* Unnecessary lineRoland Hedberg2013-01-291-1/+0
|
* Final touch to ECPRoland Hedberg2013-01-251-0/+1
| | | | Worked through a NameIDMapping test
* Better replacement codeRoland Hedberg2013-01-191-1/+3
|
* Tracking problemRoland Hedberg2013-01-181-0/+1
|
* Fixed artifact handlingRoland Hedberg2013-01-181-1/+1
|
* All (?) the artifact pieces in place.Roland Hedberg2013-01-071-3/+9
|
* Removed spurious lineRoland Hedberg2013-01-051-0/+3
|
* Request preparation refactoringRoland Hedberg2012-12-291-18/+21
|
* May not always want to b64 encode the messageRoland Hedberg2012-12-221-3/+6
|
* All tests worksRoland Hedberg2012-12-211-25/+19
|