Make sure InternalRequest.user_id_hash_type always is set.

Use default values instead of None:
* transient identifier for SAML,
* pairwise identifier for OIDC.

Author: Rebecka Gulliksson

src/satosa/frontends/openid_connect.py

@@ -25,11 +25,10 @@
 
 
 def oidc_subject_type_to_hash_type(subject_type):
-    if subject_type == "pairwise":
-        return UserIdHashType.pairwise
-    elif subject_type == "public":
+    if subject_type == "public":
         return UserIdHashType.public
-    return None
+
+    return UserIdHashType.pairwise
 
 
 class OpenIDConnectFrontend(FrontendModule):

src/satosa/frontends/saml2.py

@@ -27,18 +27,17 @@
 
 def saml_name_id_format_to_hash_type(name_format):
     """
-    Translate pySAML2 name format to statosa format
+    Translate pySAML2 name format to satosa format
 
     :type name_format: str
     :rtype: satosa.internal_data.UserIdHashType
     :param name_format: SAML2 name format
     :return: satosa format
     """
-    if name_format == NAMEID_FORMAT_TRANSIENT:
-        return UserIdHashType.transient
-    elif name_format == NAMEID_FORMAT_PERSISTENT:
+    if name_format == NAMEID_FORMAT_PERSISTENT:
         return UserIdHashType.persistent
-    return None
+
+    return UserIdHashType.transient
 
 
 def hash_type_to_saml_name_id_format(hash_type):

tests/satosa/frontends/test_openid_connect.py

@@ -11,8 +11,8 @@
 
 from satosa.attribute_mapping import AttributeMapper
 from satosa.exception import SATOSAAuthenticationError
-from satosa.frontends.openid_connect import OpenIDConnectFrontend
-from satosa.internal_data import InternalResponse, AuthenticationInformation
+from satosa.frontends.openid_connect import OpenIDConnectFrontend, oidc_subject_type_to_hash_type
+from satosa.internal_data import InternalResponse, AuthenticationInformation, UserIdHashType
 from tests.users import USERS
 
 INTERNAL_ATTRIBUTES = {
@@ -154,3 +154,14 @@ def test_provider_configuration_endpoint(self, context):
         assert all(
             item in provider_config.to_dict().items() for item in expected_capabilities.items())
         assert provider_config["authorization_endpoint"] == "{}/foo_backend/authorization".format(BASE_URL)
+
+
+class TestOidcSubjectTypeToHashType:
+    def test_should_default_to_pairwise(self):
+        assert oidc_subject_type_to_hash_type("foobar") == UserIdHashType.pairwise
+
+    def test_should_map_pairwise(self):
+        assert oidc_subject_type_to_hash_type("pairwise") == UserIdHashType.pairwise
+
+    def test_should_map_pairwise(self):
+        assert oidc_subject_type_to_hash_type("public") == UserIdHashType.public

tests/satosa/frontends/test_saml2.py

@@ -23,6 +23,7 @@
 from satosa.attribute_mapping import AttributeMapper
 from satosa.frontends.saml2 import SAMLFrontend, saml_name_id_format_to_hash_type, SAMLMirrorFrontend
 from satosa.internal_data import InternalResponse, AuthenticationInformation, InternalRequest
+from satosa.internal_data import UserIdHashType
 from satosa.state import State
 from tests.users import USERS
 from tests.util import FakeSP, create_metadata_from_config_dict
@@ -397,4 +398,15 @@ def test_load_idp_dynamic_entity_id(self, idp_conf):
         state = State()
         state[self.frontend.name] = {"target_entity_id": self.TARGET_ENTITY_ID}
         idp = self.frontend._load_idp_dynamic_entity_id(state)
-        assert idp.config.entityid == "{}/{}".format(idp_conf["entityid"], self.TARGET_ENTITY_ID)
+        assert idp.config.entityid == "{}/{}".format(idp_conf["entityid"], self.TARGET_ENTITY_ID)
+
+
+class TestSamlNameIdFormatToHashType:
+    def test_should_default_to_transient(self):
+        assert saml_name_id_format_to_hash_type("foobar") == UserIdHashType.transient
+
+    def test_should_map_transient(self):
+        assert saml_name_id_format_to_hash_type(NAMEID_FORMAT_TRANSIENT) == UserIdHashType.transient
+
+    def test_should_map_persistent(self):
+        assert saml_name_id_format_to_hash_type(NAMEID_FORMAT_PERSISTENT) == UserIdHashType.persistent