summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #581 from bmwiedemann/test2020Ivan Kanakarakis2019-02-024-4/+4
|\ | | | | Allow tests to pass after 2020
| * Allow tests to pass after 2020Bernhard M. Wiedemann2019-01-074-4/+4
| | | | | | | | | | This helps to verify reproducible builds. See https://reproducible-builds.org/ for why this matters.
* | Convert exception expectation to with-raises idiomIvan Kanakarakis2019-01-142-60/+33
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Reformat code for test_40_sigverIvan Kanakarakis2019-01-141-49/+74
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Raise XmlsecError if xmlsec1 returns an errorIvan Kanakarakis2019-01-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When xmlsec1 fails, it returns a non-zero returncode. The returncode was checked only for values less than zero, and not greater than zero. This results in situations where xmlsec1 fails to run a command, but the executation continues as nothing failed. This happens to be ok, because, the result we depend upon is coupled to xmlsec1's output stream. When xmlsec1 fails, the output stream is empty and the error stream will have information relevant to the failure cause. Now, the check expects a returncode with value zero, otherwise an XmlsecError exception is raised, to be handled by the caller up the stack. This could have been a major security issue, but we stood lucky. Special thanks to @pjsg for bringing this to our attention. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Remove validate_output parameter from _run_xmlsecIvan Kanakarakis2019-01-111-3/+1
| | | | | | | | | | | | | | All callers set it to false, but one which calls the validation method itself after the call to _run_xmlsec (which means that validation is done twice). Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* | Remove configurable exception typeIvan Kanakarakis2019-01-101-1/+2
|/ | | | | | | | _run_xmlsec function allowed to pass the kind of exception that would be raised in case of error. This was parameter was ignored. As such, it is not needed and is removed completely. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Remove the python-future module and use sixIvan Kanakarakis2018-12-062-18/+16
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Handle non standard response error status codesJohan Lundberg2018-12-051-1/+32
|
* Add a test that client raises the proper exception when parsing an error ↵Andrew Wason2018-11-281-1/+32
| | | | | status response. This test passes in v4.6.3 but is failing in v4.6.4 due to IdentityPython/pysaml2#571
* Pass sign information when calling apply_bindingIvan Kanakarakis2018-11-211-2/+2
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add tests for client signature requirementsScott Koranda2018-11-211-0/+155
| | | | | | Add logic to test client configuration options want_response_signed, want_assertions_signed, and want_assertions_or_response_signed.
* Remove unused code from test_65_authn_queryIvan Kanakarakis2018-10-231-5/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #550 from johanlundberg/non_ascii_ava_encryption_decryptionIvan Kanakarakis2018-10-103-6/+2883
|\ | | | | Support non-ascii attribute values for encryption and decryption
| * Duplicated tests and added non ascii charactersJohan Lundberg2018-10-043-6/+2883
| |
* | Fix test_mixed_attributes_1Martin van Es2018-10-031-1/+1
|/
* Use raises as a context managerIvan Kanakarakis2018-09-041-5/+7
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Update test cases for set_text methodIvan Kanakarakis2018-09-041-10/+43
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add test for multiple attribute statementsIvan Kanakarakis2018-08-291-7/+77
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix test that depended on actual datetimeIvan Kanakarakis2018-08-291-2/+8
| | | | | | | Mock utcnow call used by time_util module to return the same date as the IssueInstant date of the response. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #539 from cmurphy/fix-exceptionIvan Kanakarakis2018-08-241-0/+4
|\ | | | | Raise ValueError for invalid attribute type
| * Raise ValueError for invalid attribute typeColleen Murphy2018-08-151-0/+4
| | | | | | | | | | | | | | | | | | | | | | Without this patch, the AttributeValueBase set_text method checks for a valid xsi:type before setting the text value, but when it gets to the catchall case, instead of raising an exception it simply creates an unassigned ValueError instance and does nothing with it. This is clearly not intentional, and it is a problem because it means it is possible to set an invalid xsi:type for an AttributeValue. This patch corrects the error by raising the ValueError exception rather than letting it disappear into the ether.
* | Test parsing of authentication response with no NameIDScott Koranda2018-08-171-0/+57
|/ | | | | Added a test to test the parsing of an authentication response that does not contain a <NameID> element.
* Add test for okta integrationDaniel Wang2018-08-043-0/+75
| | | | | | | Okta integration requires decryption id_attr to be set to 'Id'. Add SAML2 response generated from okta into test directory, and test that this is successfully decrypted using a properly configured SecurityContext
* Formatting and cleanupIvan Kanakarakis2018-08-041-3/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Retrieve SLO endpoint by the appropriate service typeIvan Kanakarakis2018-08-031-0/+37
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Cleanup Entity _parse_responseIvan Kanakarakis2018-08-031-40/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add tests for AES cipherIvan Kanakarakis2018-08-021-0/+74
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix deprecation and resource warnings.Ivan Kanakarakis2018-08-021-13/+15
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add test coverage reportIvan Kanakarakis2018-06-291-0/+2
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Sort test requirementsIvan Kanakarakis2018-06-291-5/+5
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Rename test requirements fileIvan Kanakarakis2018-06-291-0/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Added test for response relay state for HTTP-POST bindingScott Koranda2018-05-251-0/+100
| | | | | | | | Added tests to check the relay state in the HTML that is returned for a response with the HTTP-POST binding. The tests check that if a relay state is input then it appears in the HTML with the correct value, and that if no relay state or an empty relay state is input that no relay state appears in the HTML.
* Clean up unclosed files causing ResourceWarnings in testsJon Dufresne2017-10-115-9/+21
| | | | | | | * Use better subprocess functions to correctly close pipes. * When opening files, use a context manager to ensure file is closed in a deterministic way. * Close logging handlers
* Removed unused importRoland Hedberg2017-10-111-1/+1
|
* Ordered way to find a local name of an attribute.Roland Hedberg2017-10-111-8/+17
|
* Merge pull request #439 from jkakavas/fix_sane_defaultsRoland Hedberg2017-10-115-3/+17
|\ | | | | Ensure signature checking for SAML Responses is enabled by default
| * Fix failing testIoannis Kakavas2017-09-281-1/+1
| |
| * Merge branch 'master' into fix_sane_defaultsRoland Hedberg2017-09-283-7/+7
| |\
| * | Fix whitespaceIoannis Kakavas2017-08-021-1/+1
| | |
| * | Updated tests to work with new default signing requirementsIoannis Kakavas2017-08-015-4/+18
| | | | | | | | | | | | | | | Explicitly allow unsigned responses in tests where we do not sign them.
* | | Merge branch 'master' into masterRoland Hedberg2017-10-1115-74/+316
|\ \ \
| * | | Add eIDAS RequestedAttributes node supportivan2017-10-082-0/+29
| | | |
| * | | Add eIDAS SPType node supportivan2017-10-082-1/+13
| | | |
| * | | Add eIDAS namespace and attributesivan2017-10-081-24/+71
| | |/ | |/|
| * | Fix for 459 HTTP_POST form nonconforming and shows submitScott Koranda2017-09-233-8/+8
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for issue 459 "Form used with HTTP_POST binding nonconforming and shows submit button". The fix introduces an HTML5 DOCTYPE declaration and uses noscript tags appropriately to hide the submit button when Javascript is enabled. Modification of tests were necessary because the tests unecessarily relied on the response being a list of strings with the <form> element being the fourth item in the list, in order to unpack the form and pull out the SAMLResponse and relay state for comparison. The new tests do not require the response to be arbitrarily broken up as a list of strings.
| * Merge pull request #431 from c00kiemon5ter/feature-force-authn-configurationIvan Kanakarakis2017-07-262-0/+22
| |\ | | | | | | Add force_authn sp configuration option
| | * Add force_authn sp configuration optionivan2017-07-142-0/+22
| | | | | | | | | | | | | | | | | | | | | If the value is truthy, "true" is given as the ForceAuthn value. The value is derived from the 'force_authn' keyword argument as passed to 'create_authn_request()' method otherwise it fallbacks to the configuration value.
| * | Merge pull request #428 from bogdan-ds/remote_encoding_fixIoannis Kakavas2017-07-182-1/+32
| |\ \ | | | | | | | | Using the binary response content of requests to avoid incorrect metadata encoding
| | * | Added certificate file and referenced it in the corresponding test. Patched ↵Bogdan Despotov2017-07-172-1/+23
| | | | | | | | | | | | | | | | MetaDataMDX to avoid same issue there
View Lorry Controller Status