Move decoding logic from saml2 backend to SAMLMirrorFrontend

c00kiemon5ter · c00kiemon5ter · commit d0be0a21ec9b · 2018-08-29T14:52:44.000+03:00
The SAMLMirrorFrontend is responsible for the encoding and decoding of
the value that is given to context. The backend cannot and should not
know about it. It expects to use the value from the context/environment
as is.

Signed-off-by: Ivan Kanakarakis &lt;ivan.kanak@gmail.com&gt;
diff --git a/src/satosa/backends/saml2.py b/src/satosa/backends/saml2.py
@@ -5,7 +5,7 @@
 import functools
 import json
 import logging
-from base64 import urlsafe_b64encode, urlsafe_b64decode
+from base64 import urlsafe_b64encode
 from urllib.parse import urlparse
 
 from saml2.client_base import Base
@@ -90,7 +90,7 @@ def start_auth(self, context, internal_req):
 
         target_entity_id = context.get_decoration(Context.KEY_TARGET_ENTITYID)
         if target_entity_id:
-            entity_id = urlsafe_b64decode(target_entity_id).decode()
+            entity_id = target_entity_id
             return self.authn_request(context, entity_id)
 
         # if there is only one IdP in the metadata, bypass the discovery service
diff --git a/src/satosa/frontends/saml2.py b/src/satosa/frontends/saml2.py
@@ -5,6 +5,7 @@
 import functools
 import json
 import logging
+from base64 import urlsafe_b64decode
 from urllib.parse import urlparse
 
 from saml2 import SAMLError, xmldsig
@@ -534,9 +535,10 @@ def handle_authn_request(self, context, binding_in):
         :type binding_in: str
         :rtype: satosa.response.Response
         """
-        context.decorate(
-                Context.KEY_TARGET_ENTITYID,
-                context.target_entity_id_from_path())
+        target_entity_id = context.target_entity_id_from_path()
+        target_entity_id = urlsafe_b64decode(target_entity_id).decode()
+        context.decorate(Context.KEY_TARGET_ENTITYID, target_entity_id)
+
         idp = self._load_idp_dynamic_endpoints(context)
         return self._handle_authn_request(context, binding_in, idp)
 
diff --git a/tests/satosa/backends/test_saml2.py b/tests/satosa/backends/test_saml2.py
@@ -144,9 +144,7 @@ def test_full_flow(self, context, idp_conf, sp_conf):
     def test_start_auth_redirects_directly_to_mirrored_idp(
             self, context, idp_conf):
         entityid = idp_conf["entityid"]
-        entityid_bytes = entityid.encode("utf-8")
-        entityid_b64_str = urlsafe_b64encode(entityid_bytes).decode("utf-8")
-        context.decorate(Context.KEY_TARGET_ENTITYID, entityid_b64_str)
+        context.decorate(Context.KEY_TARGET_ENTITYID, entityid)
 
         resp = self.samlbackend.start_auth(context, InternalRequest(None, None))
         self.assert_redirect_to_idp(resp, idp_conf)
