Merge pull request #193 from skoranda/email_and_unspecified_nameid

Support emailAddress and unspecified nameid-formats with the appropriate hashing

Author: c00kiemon5ter

src/satosa/frontends/saml2.py

@@ -16,7 +16,9 @@
 from saml2.config import IdPConfig
 from saml2.extension.ui import NAMESPACE as UI_NAMESPACE
 from saml2.metadata import create_metadata_string
-from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT, NAMEID_FORMAT_PERSISTENT
+from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT, \
+    NAMEID_FORMAT_PERSISTENT, NAMEID_FORMAT_EMAILADDRESS, \
+    NAMEID_FORMAT_UNSPECIFIED
 from saml2.samlp import name_id_policy_from_string
 from saml2.server import Server
 
@@ -45,6 +47,10 @@ def saml_name_id_format_to_hash_type(name_format):
     """
     if name_format == NAMEID_FORMAT_PERSISTENT:
         return UserIdHashType.persistent
+    elif name_format == NAMEID_FORMAT_EMAILADDRESS:
+        return UserIdHashType.emailaddress
+    elif name_format == NAMEID_FORMAT_UNSPECIFIED:
+        return UserIdHashType.unspecified
 
     return UserIdHashType.transient
 
@@ -62,6 +68,11 @@ def hash_type_to_saml_name_id_format(hash_type):
         return NAMEID_FORMAT_TRANSIENT
     elif hash_type is UserIdHashType.persistent:
         return NAMEID_FORMAT_PERSISTENT
+    elif hash_type is UserIdHashType.emailaddress:
+        return NAMEID_FORMAT_EMAILADDRESS
+    elif hash_type is UserIdHashType.unspecified:
+        return NAMEID_FORMAT_UNSPECIFIED
+
     return NAMEID_FORMAT_PERSISTENT
 
 

src/satosa/internal_data.py

@@ -6,7 +6,6 @@
 import hashlib
 from enum import Enum
 
-
 class UserIdHashType(Enum):
     """
     All different user id hash types
@@ -15,6 +14,8 @@ class UserIdHashType(Enum):
     persistent = 2
     pairwise = 3
     public = 4
+    emailaddress = 5
+    unspecified = 6
 
     @classmethod
     def from_string(cls, str):
@@ -66,7 +67,8 @@ def hash_type(state):
     @staticmethod
     def hash_id(salt, user_id, requester, state):
         """
-        Sets a user id to the internal_response, in the format specified by the internal response
+        Sets a user id to the internal_response,
+        in the format specified by the internal response
 
         :type salt: str
         :type user_id: str
@@ -83,11 +85,16 @@ def hash_id(salt, user_id, requester, state):
         hash_type = UserIdHasher.hash_type(state)
         if hash_type == UserIdHashType.transient:
             timestamp = datetime.datetime.now().time()
-            user_id = "{req}{time}{id}".format(req=requester, time=timestamp, id=user_id)
-        elif hash_type == UserIdHashType.persistent or hash_type == UserIdHashType.pairwise:
+            user_id = "{req}{time}{id}".format(req=requester, time=timestamp,
+                                               id=user_id)
+        elif (hash_type == UserIdHashType.persistent or
+              hash_type == UserIdHashType.pairwise):
             user_id = "{req}{id}".format(req=requester, id=user_id)
         elif hash_type == UserIdHashType.public:
             user_id = "{id}".format(id=user_id)
+        elif (hash_type == UserIdHashType.emailaddress or
+              hash_type == UserIdHashType.unspecified):
+            return user_id
         else:
             raise ValueError("Unknown hash type: '{}'".format(hash_type))
 

tests/satosa/frontends/test_saml2.py

@@ -14,7 +14,9 @@
 from saml2.entity_category.edugain import COCO
 from saml2.entity_category.refeds import RESEARCH_AND_SCHOLARSHIP
 from saml2.entity_category.swamid import SFS_1993_1153, RESEARCH_AND_EDUCATION, EU, HEI, NREN
-from saml2.saml import NAMEID_FORMAT_PERSISTENT, NAMEID_FORMAT_TRANSIENT
+from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT, \
+    NAMEID_FORMAT_PERSISTENT, NAMEID_FORMAT_EMAILADDRESS, \
+    NAMEID_FORMAT_UNSPECIFIED
 from saml2.samlp import NameIDPolicy
 
 from satosa.attribute_mapping import AttributeMapper
@@ -358,10 +360,21 @@ def test_load_idp_dynamic_entity_id(self, idp_conf):
 
 class TestSamlNameIdFormatToHashType:
     def test_should_default_to_transient(self):
-        assert saml_name_id_format_to_hash_type("foobar") == UserIdHashType.transient
+        assert (saml_name_id_format_to_hash_type("foobar") ==
+                UserIdHashType.transient)
 
     def test_should_map_transient(self):
-        assert saml_name_id_format_to_hash_type(NAMEID_FORMAT_TRANSIENT) == UserIdHashType.transient
+        assert (saml_name_id_format_to_hash_type(NAMEID_FORMAT_TRANSIENT) ==
+                UserIdHashType.transient)
 
     def test_should_map_persistent(self):
-        assert saml_name_id_format_to_hash_type(NAMEID_FORMAT_PERSISTENT) == UserIdHashType.persistent
+        assert (saml_name_id_format_to_hash_type(NAMEID_FORMAT_PERSISTENT) ==
+                UserIdHashType.persistent)
+
+    def test_should_map_email(self):
+        assert (saml_name_id_format_to_hash_type(NAMEID_FORMAT_EMAILADDRESS) ==
+                UserIdHashType.emailaddress)
+
+    def test_should_map_unspecified(self):
+        assert (saml_name_id_format_to_hash_type(NAMEID_FORMAT_UNSPECIFIED) ==
+                UserIdHashType.unspecified)