Various small refactor

Author: Egor Panfilov

src/saml2/client.py

@@ -84,8 +84,7 @@ def prepare_for_negotiated_authenticate(
             nameid_format=None, scoping=None, consent=None, extensions=None,
             sign=None, response_binding=saml2.BINDING_HTTP_POST, **kwargs):
         """ Makes all necessary preparations for an authentication request
-        that negotiates
-        which binding to use for authentication.
+        that negotiates which binding to use for authentication.
 
         :param entityid: The entity ID of the IdP to send the request to
         :param relay_state: To where the user should be returned after

src/saml2/client_base.py

@@ -7,6 +7,8 @@
 """
 import threading
 import six
+import time
+import logging
 
 from saml2.entity import Entity
 
@@ -25,7 +27,6 @@
 from saml2.extension import requested_attributes
 
 import saml2
-import time
 from saml2.soap import make_soap_enveloped_saml_thingy
 
 from six.moves.urllib.parse import parse_qs
@@ -94,7 +95,7 @@ class Base(Entity):
     """ The basic pySAML2 service provider class """
 
     def __init__(self, config=None, identity_cache=None, state_cache=None,
-            virtual_organization="", config_file="", msg_cb=None):
+                 virtual_organization="", config_file="", msg_cb=None):
         """
         :param config: A saml2.config.Config instance
         :param identity_cache: Where the class should store identity information
@@ -133,10 +134,12 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
 
             setattr(self, attr, val)
 
-        if self.entity_type == "sp" and not any([self.want_assertions_signed,
-                                                self.want_response_signed]):
-            logger.warning("The SAML service provider accepts unsigned SAML Responses " +
-                           "and Assertions. This configuration is insecure.")
+        if (self.entity_type == "sp"
+            and not any([self.want_assertions_signed,
+                         self.want_response_signed])):
+            logger.warning("The SAML service provider accepts unsigned SAML "
+                           "Responses and Assertions. This configuration is "
+                           "insecure.")
 
         self.artifact2response = {}
 

src/saml2/config.py

@@ -381,11 +381,11 @@ def _load(self, fil):
 
         return importlib.import_module(tail)
 
-    def load_file(self, config_file, metadata_construction=False):
-        if config_file.endswith(".py"):
-            config_file = config_file[:-3]
+    def load_file(self, config_filename, metadata_construction=False):
+        if config_filename.endswith(".py"):
+            config_filename = config_filename[:-3]
 
-        mod = self._load(config_file)
+        mod = self._load(config_filename)
         return self.load(copy.deepcopy(mod.CONFIG), metadata_construction)
 
     def load_metadata(self, metadata_conf):

src/saml2/ecp_client.py

@@ -33,6 +33,12 @@
 
 
 class Client(Entity):
+    """ECP-aware client that works on the client (application) side.
+
+    You can use this class when you want to login user through
+    ECP-aware SP and IdP.
+    """
+
     def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
                  xmlsec_binary=None, verbose=0, ca_certs="",
                  disable_ssl_certificate_validation=True, key_file=None,
@@ -221,7 +227,8 @@ def ecp_conversation(self, respdict, idp_entity_id=None):
 
         return None
 
-    def add_paos_headers(self, headers=None):
+    @staticmethod
+    def add_paos_headers(headers=None):
         if headers:
             headers = set_list2dict(headers)
             headers["PAOS"] = PAOS_HEADER_INFO
@@ -283,7 +290,7 @@ def operation(self, url, idp_entity_id, op, **opargs):
             # should by now be authenticated so this should go smoothly
             response = self.send(url, op, **opargs)
         except (soap.XmlParseError, AssertionError, KeyError):
-            pass
+            raise
 
         if response.status_code >= 400:
             raise SAMLError("Error performing operation: %s" % (

src/saml2/entity.py

@@ -63,7 +63,6 @@
 from saml2.sigver import security_context
 from saml2.sigver import response_factory
 from saml2.sigver import SigverError
-from saml2.sigver import CryptoBackendXmlSec1
 from saml2.sigver import make_temp
 from saml2.sigver import pre_encryption_part
 from saml2.sigver import pre_signature_part
@@ -554,7 +553,6 @@ def _encrypt_assertion(self, encrypt_cert, sp_entity_id, response,
         _certs = []
 
         if encrypt_cert:
-            _certs = []
             _certs.append(encrypt_cert)
         elif sp_entity_id is not None:
             _certs = self.metadata.certs(sp_entity_id, "any", "encryption")
@@ -1134,11 +1132,11 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
             raise
 
         xmlstr = self.unravel(xmlstr, binding, response_cls.msgtype)
-        origxml = xmlstr
         if not xmlstr:  # Not a valid reponse
             return None
 
         try:
+            origxml = xmlstr
             response = response.loads(xmlstr, False, origxml=origxml)
         except SigverError as err:
             logger.error("Signature Error: %s", err)

src/saml2/population.py

@@ -1,7 +1,8 @@
 import logging
+
 import six
+
 from saml2.cache import Cache
-from saml2.ident import code
 
 logger = logging.getLogger(__name__)
 

src/saml2/s2repoze/plugins/sp.py

@@ -651,8 +651,7 @@ def make_plugin(remember_name=None,  # plugin for remember
                 sid_store="",
                 identity_cache="",
                 discovery="",
-                idp_query_param=""
-):
+                idp_query_param=""):
     if saml_conf is "":
         raise ValueError(
             'must include saml_conf in configuration')