Support HTTP POST binding in FakeSP.make_auth_req.

Rebecka Gulliksson · Rebecka Gulliksson · commit 2e95269a96ac · 2016-08-19T13:01:53.000+02:00
diff --git a/tests/flows/test_saml-oidc.py b/tests/flows/test_saml-oidc.py
@@ -34,8 +34,8 @@ def run_test(self, satosa_config_dict, sp_conf, oidc_backend_config, frontend_co
         fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
 
         # create auth req
-        req = urlparse(fakesp.make_auth_req(frontend_metadata[frontend_config["name"]][0].entity_id))
-        auth_req = req.path + "?" + req.query
+        destination, req_args = fakesp.make_auth_req(frontend_metadata[frontend_config["name"]][0].entity_id)
+        auth_req = urlparse(destination).path + "?" + urlencode(req_args)
 
         # make auth req to proxy
         proxied_auth_req = test_client.get(auth_req)
diff --git a/tests/flows/test_saml-saml.py b/tests/flows/test_saml-saml.py
@@ -31,8 +31,8 @@ def run_test(self, satosa_config_dict, sp_conf, idp_conf, saml_backend_config, f
         fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
 
         # create auth req
-        req = urlparse(fakesp.make_auth_req(frontend_metadata[frontend_config["name"]][0].entity_id))
-        auth_req = req.path + "?" + req.query
+        destination, req_args = fakesp.make_auth_req(frontend_metadata[frontend_config["name"]][0].entity_id)
+        auth_req = urlparse(destination).path + "?" + urlencode(req_args)
 
         # make auth req to proxy
         proxied_auth_req = test_client.get(auth_req)
diff --git a/tests/satosa/backends/test_saml2.py b/tests/satosa/backends/test_saml2.py
@@ -164,8 +164,7 @@ def test_authn_response(self, context, idp_conf, sp_conf):
         response_binding = BINDING_HTTP_REDIRECT
         fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
         fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
-        auth_req = fakesp.make_auth_req(idp_conf["entityid"])
-        request_params = dict(parse_qsl(urlparse(auth_req).query))
+        destination, request_params = fakesp.make_auth_req(idp_conf["entityid"])
         url, auth_resp = fakeidp.handle_auth_req(request_params["SAMLRequest"], request_params["RelayState"],
                                                  BINDING_HTTP_REDIRECT,
                                                  "testuser1", response_binding=response_binding)
diff --git a/tests/satosa/frontends/test_saml2.py b/tests/satosa/frontends/test_saml2.py
@@ -70,8 +70,8 @@ def setup_for_authn_req(self, context, idp_conf, sp_conf, nameid_format=None, re
         sp_conf["metadata"]["inline"].append(idp_metadata_str)
 
         fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
-        context.request = parse.parse_qs(
-            urlparse(fakesp.make_auth_req(samlfrontend.idp_config["entityid"], nameid_format, relay_state)).query)
+        destination, auth_req = fakesp.make_auth_req(samlfrontend.idp_config["entityid"], nameid_format, relay_state)
+        context.request = auth_req
         tmp_dict = {}
         for val in context.request:
             if isinstance(context.request[val], list):
diff --git a/tests/test_requirements.txt b/tests/test_requirements.txt
@@ -1,2 +1,3 @@
 pytest==2.8.5
-responses==0.5.0
+responses==0.5.0
+beautifulsoup4==4.5.1
diff --git a/tests/util.py b/tests/util.py
@@ -7,11 +7,12 @@
 from urllib.parse import parse_qsl, urlparse
 
 from Crypto.PublicKey import RSA
+from bs4 import BeautifulSoup
 from saml2 import server, BINDING_HTTP_POST, BINDING_HTTP_REDIRECT
 from saml2.authn_context import AuthnBroker, authn_context_class_ref, PASSWORD
 from saml2.cert import OpenSSLWrapper
 from saml2.client import Saml2Client
-from saml2.config import config_factory, Config
+from saml2.config import Config
 from saml2.metadata import entity_descriptor
 from saml2.saml import name_id_from_string, NAMEID_FORMAT_TRANSIENT, NAMEID_FORMAT_PERSISTENT
 from saml2.samlp import NameIDPolicy
@@ -34,7 +35,8 @@ def __init__(self, config):
         """
         Saml2Client.__init__(self, config)
 
-    def make_auth_req(self, entity_id, nameid_format=None, relay_state="relay_state", binding=BINDING_HTTP_REDIRECT):
+    def make_auth_req(self, entity_id, nameid_format=None, relay_state="relay_state",
+                      request_binding=BINDING_HTTP_REDIRECT, response_binding=BINDING_HTTP_REDIRECT):
         """
         :type entity_id: str
         :rtype: str
@@ -45,26 +47,23 @@ def make_auth_req(self, entity_id, nameid_format=None, relay_state="relay_state"
         # Picks a binding to use for sending the Request to the IDP
         _binding, destination = self.pick_binding(
             'single_sign_on_service',
-            [binding], 'idpsso',
+            [request_binding], 'idpsso',
             entity_id=entity_id)
-        # Binding here is the response binding that is which binding the
-        # IDP shou  ld use to return the response.
-        acs = self.config.getattr('endpoints', 'sp')[
-            'assertion_consumer_service']
-        # just pick one
-        return_binding = None
-        for i in range(len(acs)):
-            endp, return_binding = acs[i]
-            if return_binding == _binding:
-                break
 
         req_id, req = self.create_authn_request(destination,
-                                                binding=return_binding, nameid_format=nameid_format)
+                                                binding=response_binding, nameid_format=nameid_format)
         ht_args = self.apply_binding(_binding, '%s' % req, destination,
                                      relay_state=relay_state)
 
-        url = ht_args['headers'][0][1]
-        return url
+        if _binding == BINDING_HTTP_POST:
+            form_post_html = "\n".join(ht_args["data"])
+            doctree = BeautifulSoup(form_post_html, "html.parser")
+            saml_request = doctree.find("input", {"name": "SAMLRequest"})["value"]
+            resp = {"SAMLRequest": saml_request, "RelayState": relay_state}
+        elif _binding == BINDING_HTTP_REDIRECT:
+            resp = dict(parse_qsl(urlparse(dict(ht_args["headers"])["Location"]).query))
+
+        return destination, resp
 
 
 class FakeIdP(server.Server):
@@ -120,7 +119,7 @@ def handle_auth_req(self, saml_request, relay_state, binding, userid,
 
         if response_binding == BINDING_HTTP_POST:
             saml_response = base64.b64encode(str(_resp).encode("utf-8"))
-            resp = {'SAMLResponse': saml_response, 'RelayState': relay_state}
+            resp = {"SAMLResponse": saml_response, "RelayState": relay_state}
         elif response_binding == BINDING_HTTP_REDIRECT:
             http_args = self.apply_binding(response_binding, '%s' % _resp,
                                            destination, relay_state, response=True)
