Updated tests to work with new default signing requirements

Ioannis Kakavas · Ioannis Kakavas · commit 303efd969c5d · 2017-08-01T15:24:35.000+03:00
Explicitly allow unsigned responses in tests where we do not
sign them.
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
@@ -389,6 +389,7 @@ def test_response_1(self):
             destination="http://lingon.catalogix.se:8087/",
             sp_entity_id="urn:mace:example.com:saml:roland:sp",
             name_id_policy=nameid_policy,
+            sign_response=True,
             userid="foba0001@example.com",
             authn=AUTHN)
 
@@ -433,6 +434,7 @@ def test_response_1(self):
             in_response_to="id2",
             destination="http://lingon.catalogix.se:8087/",
             sp_entity_id="urn:mace:example.com:saml:roland:sp",
+            sign_response=True,
             name_id_policy=nameid_policy,
             userid="also0001@example.com",
             authn=AUTHN)
@@ -889,7 +891,6 @@ def test_sign_then_encrypt_assertion2(self):
                                      node_id=assertion.id)
 
         sigass = rm_xmltag(sigass)
-
         response = sigver.response_factory(
             in_response_to="_012345",
             destination="http://lingon.catalogix.se:8087/",
@@ -912,6 +913,8 @@ def test_sign_then_encrypt_assertion2(self):
 
         resp_str = base64.encodestring(enctext.encode('utf-8'))
         # Now over to the client side
+        # Explicitely allow unsigned responses for this and the following 2 tests
+        self.client.want_response_signed = False
         resp = self.client.parse_authn_request_response(
             resp_str, BINDING_HTTP_POST,
             {"_012345": "http://foo.example.com/service"})
@@ -1313,6 +1316,9 @@ def test_sign_then_encrypt_assertion_advice_2(self):
 
     def test_signed_redirect(self):
 
+        # Revert configuration change to disallow unsinged responses
+        self.client.want_response_signed = True
+
         msg_str = "%s" % self.client.create_authn_request(
             "http://localhost:8088/sso", message_id="id1")[1]
 
@@ -1544,6 +1550,8 @@ def test_post_sso(self):
         response = self.client.send(**http_args)
         print(response.text)
         _dic = unpack_form(response.text[3], "SAMLResponse")
+        # Explicitly allow unsigned responses for this test
+        self.client.want_response_signed = False
         resp = self.client.parse_authn_request_response(_dic["SAMLResponse"],
                                                         BINDING_HTTP_POST,
                                                         {sid: "/"})
diff --git a/tests/test_60_sp.py b/tests/test_60_sp.py
@@ -46,6 +46,8 @@
 class TestSP():
     def setup_class(self):
         self.sp = make_plugin("rem", saml_conf="server_conf")
+        # Explicitly allow unsigned responses for this test
+        self.sp.saml_client.want_response_signed = False
         self.server = Server(config_file="idp_conf")
 
     def teardown_class(self):
diff --git a/tests/test_63_ecp.py b/tests/test_63_ecp.py
@@ -92,7 +92,7 @@ def test_complete_flow():
                                                 entity_id=sp_entity_id)
 
         resp = idp.create_ecp_authn_request_response(
-            destination, {"eduPersonEntitlement": "Short stop",
+            destination,{"eduPersonEntitlement": "Short stop",
                           "surName": "Jeter",
                           "givenName": "Derek",
                           "mail": "derek.jeter@nyy.mlb.com",
@@ -136,7 +136,8 @@ def test_complete_flow():
                 assert inst.text == "XYZ"
 
         # parse the response
-
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"})
 
         print(resp.response)
diff --git a/tests/test_65_authn_query.py b/tests/test_65_authn_query.py
@@ -92,6 +92,8 @@ def test_flow():
         # ------- @SP ----------
 
         xmlstr = get_msg(hinfo, binding)
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         aresp = sp.parse_authn_request_response(xmlstr, binding,
                                                 {resp.in_response_to: "/"})
 
diff --git a/tests/test_68_assertion_id.py b/tests/test_68_assertion_id.py
@@ -78,7 +78,8 @@ def test_basic_flow():
         # --------- @SP -------------
 
         xmlstr = get_msg(hinfo, binding)
-
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         aresp = sp.parse_authn_request_response(xmlstr, binding,
                                                 {resp.in_response_to: "/"})
 
