Remove attribute hashing

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

src/satosa/base.py

@@ -13,7 +13,6 @@
 from .context import Context
 from .exception import SATOSAConfigurationError
 from .exception import SATOSAError, SATOSAAuthenticationError, SATOSAUnknownError
-from .internal_data import UserIdHasher
 from .logging_util import satosa_logging
 from .micro_services.account_linking import AccountLinking
 from .micro_services.consent import Consent
@@ -119,7 +118,6 @@ def _auth_req_callback_func(self, context, internal_request):
         satosa_logging(logger, logging.INFO,
                        "Requesting provider: {}".format(internal_request.requester), state)
 
-        UserIdHasher.save_state(internal_request, state)
         if self.request_micro_services:
             return self.request_micro_services[0].process(context, internal_request)
 
@@ -131,15 +129,6 @@ def _auth_req_finish(self, context, internal_request):
         return backend.start_auth(context, internal_request)
 
     def _auth_resp_finish(self, context, internal_response):
-        # re-hash user id since e.g. account linking micro service might have changed it
-        user_id = UserIdHasher.hash_id(
-            self.config["USER_ID_HASH_SALT"],
-            internal_response.user_id,
-            internal_response.requester,
-            context.state)
-        internal_response.user_id = user_id
-        internal_response.user_id_hash_type = UserIdHasher.hash_type(
-            context.state)
         user_id_to_attr = self.config["INTERNAL_ATTRIBUTES"].get("user_id_to_attr", None)
         if user_id_to_attr:
             internal_response.attributes[user_id_to_attr] = [internal_response.user_id]
@@ -187,20 +176,6 @@ def _auth_resp_callback_func(self, context, internal_response):
             ]
             internal_response.user_id = "".join(user_id)
 
-        # The authentication response may not contain a user id. For example
-        # a SAML IdP may not assert a SAML NameID in the subject and we may
-        # not be configured to construct one from asserted attributes.
-        # So only hash the user_id if it is not None.
-        if internal_response.user_id:
-            user_id = UserIdHasher.hash_id(
-                self.config["USER_ID_HASH_SALT"],
-                internal_response.user_id,
-                internal_response.requester,
-                context.state)
-            internal_response.user_id = user_id
-            internal_response.user_id_hash_type = UserIdHasher.hash_type(
-                context.state)
-
         if self.response_micro_services:
             return self.response_micro_services[0].process(
                 context, internal_response)

tests/satosa/test_base.py

@@ -10,7 +10,7 @@
 from satosa import util
 from satosa.base import SATOSABase
 from satosa.exception import SATOSAConfigurationError
-from satosa.internal_data import InternalResponse, AuthenticationInformation, UserIdHasher, InternalRequest
+from satosa.internal_data import InternalResponse, AuthenticationInformation, InternalRequest
 from satosa.micro_services import consent
 from satosa.satosa_config import SATOSAConfig
 
@@ -49,21 +49,10 @@ def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(
         internal_resp.requester = "test_requester"
         context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
         context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
-        UserIdHasher.save_state(InternalRequest(NAMEID_FORMAT_PERSISTENT, ""), context.state)
 
         base._auth_resp_callback_func(context, internal_resp)
 
         expected_user_id = "[email protected]"
-        expected_user_id = UserIdHasher.hash_id(
-                satosa_config["USER_ID_HASH_SALT"],
-                expected_user_id,
-                internal_resp.requester,
-                context.state)
-        expected_user_id = UserIdHasher.hash_id(
-                satosa_config["USER_ID_HASH_SALT"],
-                expected_user_id,
-                internal_resp.requester,
-                context.state)
         assert internal_resp.user_id == expected_user_id
 
     def test_auth_req_callback_stores_state_for_consent(self, context, satosa_config):
@@ -86,7 +75,6 @@ def test_auth_resp_callback_func_hashes_all_specified_attributes(self, context,
         internal_resp = InternalResponse(AuthenticationInformation("", "", ""))
         internal_resp.attributes = copy.copy(attributes)
         internal_resp.user_id = "test_user"
-        UserIdHasher.save_state(InternalRequest(NAMEID_FORMAT_TRANSIENT, ""), context.state)
         context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
         context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
 
@@ -105,7 +93,6 @@ def test_auth_resp_callback_func_respects_user_id_to_attr(self, context, satosa_
         internal_resp.user_id = "user1234"
         context.state[satosa.base.STATE_KEY] = {"requester": "test_requester"}
         context.state[satosa.routing.STATE_KEY] = satosa_config["FRONTEND_MODULES"][0]["name"]
-        UserIdHasher.save_state(InternalRequest(NAMEID_FORMAT_TRANSIENT, ""), context.state)
 
         base._auth_resp_callback_func(context, internal_resp)
         assert internal_resp.attributes["user_id"] == [internal_resp.user_id]