Merge pull request #37 from its-dirg/requester-name-consent

Use requester_name in the consent module.

Author: RebeckaG

src/satosa/base.py

@@ -102,7 +102,8 @@ def _auth_req_callback_func(self, context, internal_request):
         state = context.state
         state[STATE_KEY] = {"requester": internal_request.requester}
         # TODO consent module should manage any state it needs by itself
-        context.state[consent.STATE_KEY] = {"filter": internal_request.approved_attributes or []}
+        context.state[consent.STATE_KEY] = {"filter": internal_request.approved_attributes or [],
+                                            "requester_name": internal_request.requester_name}
         satosa_logging(logger, logging.INFO,
                        "Requesting provider: {}".format(internal_request.requester), state)
 

src/satosa/micro_services/consent.py

@@ -85,7 +85,7 @@ def _approve_new_consent(self, context, internal_response, id_hash):
             "attr": internal_response.attributes,
             "id": id_hash,
             "redirect_endpoint": "%s/consent%s" % (self.base_url, self.endpoint),
-            "requester_name": internal_response.requester
+            "requester_name": context.state[STATE_KEY]["requester_name"]
         }
         if self.locked_attr:
             consent_args["locked_attrs"] = [self.locked_attr]

tests/satosa/micro_services/test_consent.py

@@ -70,7 +70,7 @@ def assert_redirect(self, redirect_resp, expected_ticket):
         ticket = parsed_url["ticket"][0]
         assert ticket == expected_ticket
 
-    def assert_registration_req(self, request, internal_response, sign_key_path, base_url):
+    def assert_registration_req(self, request, internal_response, sign_key_path, base_url, requester_name):
         split_path = request.path_url.lstrip("/").split("/")
         assert len(split_path) == 2
         jwks = split_path[1]
@@ -83,7 +83,7 @@ def assert_registration_req(self, request, internal_response, sign_key_path, bas
         consent_args = jws.msg
         assert consent_args["attr"] == internal_response.attributes
         assert consent_args["redirect_endpoint"] == base_url + "/consent/handle_consent"
-        assert consent_args["requester_name"] == internal_response.requester
+        assert consent_args["requester_name"] == requester_name
         assert consent_args["locked_attrs"] == [USER_ID_ATTR]
         assert "id" in consent_args
 
@@ -150,7 +150,9 @@ def test_consent_full_flow(self, context, consent_config, internal_response, int
                                consent_verify_endpoint_regex, consent_registration_endpoint_regex):
         expected_ticket = "my_ticket"
 
-        context.state[consent.STATE_KEY] = {"filter": internal_request.approved_attributes}
+        requester_name = [{"lang": "en", "text": "test requester"}]
+        context.state[consent.STATE_KEY] = {"filter": internal_request.approved_attributes,
+                                            "requester_name": requester_name}
 
         with responses.RequestsMock() as rsps:
             rsps.add(responses.GET, consent_verify_endpoint_regex, status=401)
@@ -162,7 +164,8 @@ def test_consent_full_flow(self, context, consent_config, internal_response, int
             self.assert_registration_req(rsps.calls[1].request,
                                          internal_response,
                                          consent_config["sign_key"],
-                                         self.consent_module.base_url)
+                                         self.consent_module.base_url,
+                                         requester_name)
 
         with responses.RequestsMock() as rsps:
             # Now consent has been given, consent service returns 200 OK
@@ -184,15 +187,16 @@ def test_consent_not_given(self, context, consent_config, internal_response, int
         responses.add(responses.GET, consent_registration_endpoint_regex, status=200,
                       body=expected_ticket)
 
-        context.state[consent.STATE_KEY] = {"filter": []}
+        context.state[consent.STATE_KEY] = {"filter": [], "requester_name": None}
 
         resp = self.consent_module.process(context, internal_response)
 
         self.assert_redirect(resp, expected_ticket)
         self.assert_registration_req(responses.calls[1].request,
                                      internal_response,
                                      consent_config["sign_key"],
-                                     self.consent_module.base_url)
+                                     self.consent_module.base_url,
+                                     None)
 
         new_context = Context()
         new_context.state = context.state

tests/satosa/test_base.py

@@ -8,6 +8,7 @@
 from satosa.exception import SATOSAConfigurationError
 from satosa.internal_data import InternalResponse, AuthenticationInformation, UserIdHasher, InternalRequest, \
     UserIdHashType
+from satosa.micro_services import consent
 from satosa.satosa_config import SATOSAConfig
 
 
@@ -56,6 +57,18 @@ def test_auth_resp_callback_func_user_id_from_attrs_is_used_to_override_user_id(
                                                 context.state)
         assert internal_resp.user_id == expected_user_id
 
+    def test_auth_req_callback_stores_state_for_consent(self, context, satosa_config):
+        base = SATOSABase(satosa_config)
+
+        context.target_backend = satosa_config["BACKEND_MODULES"][0]["name"]
+        requester_name = [{"lang": "en", "text": "Test EN"}, {"lang": "sv", "text": "Test SV"}]
+        internal_req = InternalRequest(UserIdHashType.transient, None, requester_name)
+        internal_req.approved_attributes = ["attr1", "attr2"]
+        base._auth_req_callback_func(context, internal_req)
+
+        assert context.state[consent.STATE_KEY]["requester_name"] == internal_req.requester_name
+        assert context.state[consent.STATE_KEY]["filter"] == internal_req.approved_attributes
+
     def test_account_linking_callback_func_hashes_all_specified_attributes(self, context, satosa_config):
         satosa_config["INTERNAL_ATTRIBUTES"]["hash"] = ["user_id", "mail"]
         base = SATOSABase(satosa_config)