Merge pull request #558 from erakli/refactor

Small refactor and indentation

Author: c00kiemon5ter

src/saml2/client.py

@@ -84,8 +84,7 @@ def prepare_for_negotiated_authenticate(
             nameid_format=None, scoping=None, consent=None, extensions=None,
             sign=None, response_binding=saml2.BINDING_HTTP_POST, **kwargs):
         """ Makes all necessary preparations for an authentication request
-        that negotiates
-        which binding to use for authentication.
+        that negotiates which binding to use for authentication.
 
         :param entityid: The entity ID of the IdP to send the request to
         :param relay_state: To where the user should be returned after

src/saml2/client_base.py

@@ -7,6 +7,8 @@
 """
 import threading
 import six
+import time
+import logging
 
 from saml2.entity import Entity
 
@@ -25,7 +27,6 @@
 from saml2.extension import requested_attributes
 
 import saml2
-import time
 from saml2.soap import make_soap_enveloped_saml_thingy
 
 from six.moves.urllib.parse import parse_qs
@@ -51,7 +52,7 @@
 from saml2 import BINDING_HTTP_REDIRECT
 from saml2 import BINDING_HTTP_POST
 from saml2 import BINDING_PAOS
-import logging
+
 
 logger = logging.getLogger(__name__)
 
@@ -94,7 +95,7 @@ class Base(Entity):
     """ The basic pySAML2 service provider class """
 
     def __init__(self, config=None, identity_cache=None, state_cache=None,
-            virtual_organization="", config_file="", msg_cb=None):
+                 virtual_organization="", config_file="", msg_cb=None):
         """
         :param config: A saml2.config.Config instance
         :param identity_cache: Where the class should store identity information
@@ -133,10 +134,13 @@ def __init__(self, config=None, identity_cache=None, state_cache=None,
 
             setattr(self, attr, val)
 
-        if self.entity_type == "sp" and not any([self.want_assertions_signed,
-                                                self.want_response_signed]):
-            logger.warning("The SAML service provider accepts unsigned SAML Responses " +
-                           "and Assertions. This configuration is insecure.")
+        if self.entity_type == "sp" and not any(
+            [self.want_assertions_signed, self.want_response_signed]
+        ):
+            logger.warning(
+                "The SAML service provider accepts unsigned SAML Responses "
+                "and Assertions. This configuration is insecure."
+            )
 
         self.artifact2response = {}
 

src/saml2/config.py

@@ -381,11 +381,11 @@ def _load(self, fil):
 
         return importlib.import_module(tail)
 
-    def load_file(self, config_file, metadata_construction=False):
-        if config_file.endswith(".py"):
-            config_file = config_file[:-3]
+    def load_file(self, config_filename, metadata_construction=False):
+        if config_filename.endswith(".py"):
+            config_filename = config_filename[:-3]
 
-        mod = self._load(config_file)
+        mod = self._load(config_filename)
         return self.load(copy.deepcopy(mod.CONFIG), metadata_construction)
 
     def load_metadata(self, metadata_conf):

src/saml2/ecp_client.py

@@ -33,6 +33,12 @@
 
 
 class Client(Entity):
+    """ECP-aware client that works on the client (application) side.
+
+    You can use this class when you want to login user through
+    ECP-aware SP and IdP.
+    """
+
     def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
                  xmlsec_binary=None, verbose=0, ca_certs="",
                  disable_ssl_certificate_validation=True, key_file=None,
@@ -221,7 +227,8 @@ def ecp_conversation(self, respdict, idp_entity_id=None):
 
         return None
 
-    def add_paos_headers(self, headers=None):
+    @staticmethod
+    def add_paos_headers(headers=None):
         if headers:
             headers = set_list2dict(headers)
             headers["PAOS"] = PAOS_HEADER_INFO
@@ -283,7 +290,7 @@ def operation(self, url, idp_entity_id, op, **opargs):
             # should by now be authenticated so this should go smoothly
             response = self.send(url, op, **opargs)
         except (soap.XmlParseError, AssertionError, KeyError):
-            pass
+            raise
 
         if response.status_code >= 400:
             raise SAMLError("Error performing operation: %s" % (

src/saml2/entity.py

@@ -63,7 +63,6 @@
 from saml2.sigver import security_context
 from saml2.sigver import response_factory
 from saml2.sigver import SigverError
-from saml2.sigver import CryptoBackendXmlSec1
 from saml2.sigver import make_temp
 from saml2.sigver import pre_encryption_part
 from saml2.sigver import pre_signature_part
@@ -554,7 +553,6 @@ def _encrypt_assertion(self, encrypt_cert, sp_entity_id, response,
         _certs = []
 
         if encrypt_cert:
-            _certs = []
             _certs.append(encrypt_cert)
         elif sp_entity_id is not None:
             _certs = self.metadata.certs(sp_entity_id, "any", "encryption")
@@ -1134,12 +1132,11 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
             raise
 
         xmlstr = self.unravel(xmlstr, binding, response_cls.msgtype)
-        origxml = xmlstr
         if not xmlstr:  # Not a valid reponse
             return None
 
         try:
-            response = response.loads(xmlstr, False, origxml=origxml)
+            response = response.loads(xmlstr, False, origxml=xmlstr)
         except SigverError as err:
             logger.error("Signature Error: %s", err)
             raise

src/saml2/population.py

@@ -1,7 +1,8 @@
 import logging
+
 import six
+
 from saml2.cache import Cache
-from saml2.ident import code
 
 logger = logging.getLogger(__name__)
 

src/saml2/s2repoze/plugins/challenge_decider.py

@@ -9,74 +9,78 @@
 import re
 
 _DAV_METHODS = (
-    'OPTIONS',
-    'PROPFIND',
-    'PROPPATCH',
-    'MKCOL',
-    'LOCK',
-    'UNLOCK',
-    'TRACE',
-    'DELETE',
-    'COPY',
-    'MOVE'
-    )
+    "OPTIONS",
+    "PROPFIND",
+    "PROPPATCH",
+    "MKCOL",
+    "LOCK",
+    "UNLOCK",
+    "TRACE",
+    "DELETE",
+    "COPY",
+    "MOVE",
+)
 
 _DAV_USERAGENTS = (
-    'Microsoft Data Access Internet Publishing Provider',
-    'WebDrive',
-    'Zope External Editor',
-    'WebDAVFS',
-    'Goliath',
-    'neon',
-    'davlib',
-    'wsAPI',
-    'Microsoft-WebDAV'
-    )
+    "Microsoft Data Access Internet Publishing Provider",
+    "WebDrive",
+    "Zope External Editor",
+    "WebDAVFS",
+    "Goliath",
+    "neon",
+    "davlib",
+    "wsAPI",
+    "Microsoft-WebDAV",
+)
+
 
 def my_request_classifier(environ):
     """ Returns one of the classifiers 'dav', 'xmlpost', or 'browser',
     depending on the imperative logic below"""
     request_method = REQUEST_METHOD(environ)
     if request_method in _DAV_METHODS:
-        return 'dav'
+        return "dav"
     useragent = USER_AGENT(environ)
     if useragent:
         for agent in _DAV_USERAGENTS:
             if useragent.find(agent) != -1:
-                return 'dav'
-    if request_method == 'POST':
-        if CONTENT_TYPE(environ) == 'text/xml':
-            return 'xmlpost'
+                return "dav"
+    if request_method == "POST":
+        if CONTENT_TYPE(environ) == "text/xml":
+            return "xmlpost"
         elif CONTENT_TYPE(environ) == "application/soap+xml":
-            return 'soap'
-    return 'browser'
+            return "soap"
+    return "browser"
+
 
 zope.interface.directlyProvides(my_request_classifier, IRequestClassifier)
 
+
 class MyChallengeDecider:
     def __init__(self, path_login="", path_logout=""):
         self.path_login = path_login
         self.path_logout = path_logout
+
     def __call__(self, environ, status, _headers):
-        if status.startswith('401 '):
+        if status.startswith("401 "):
             return True
         else:
-            if environ.has_key('samlsp.pending'):
+            if environ.has_key("samlsp.pending"):
                 return True
 
-            uri = environ.get('REQUEST_URI', None)
+            uri = environ.get("REQUEST_URI", None)
             if uri is None:
                 uri = construct_url(environ)
 
             # require and challenge for logout and inform the challenge plugin that it is a logout we want
             for regex in self.path_logout:
                 if regex.match(uri) is not None:
-                    environ['samlsp.logout'] = True
+                    environ["samlsp.logout"] = True
                     return True
 
             # If the user is already authent, whatever happens(except logout),
             #   don't make a challenge
-            if environ.has_key('repoze.who.identity'):
+            if environ.has_key("repoze.who.identity"):
                 return False
 
             # require a challenge for login
@@ -87,27 +91,24 @@ def __call__(self, environ, status, _headers):
         return False
 
 
-
-def make_plugin(path_login = None, path_logout = None):
+def make_plugin(path_login=None, path_logout=None):
     if path_login is None:
-        raise ValueError(
-            'must include path_login in configuration')
+        raise ValueError("must include path_login in configuration")
 
-# make regexp out of string passed via the config file
+    # make regexp out of string passed via the config file
     list_login = []
     for arg in path_login.splitlines():
         carg = arg.lstrip()
-        if carg != '':
+        if carg != "":
             list_login.append(re.compile(carg))
 
     list_logout = []
     if path_logout is not None:
         for arg in path_logout.splitlines():
             carg = arg.lstrip()
-            if carg != '':
+            if carg != "":
                 list_logout.append(re.compile(carg))
 
     plugin = MyChallengeDecider(list_login, list_logout)
 
     return plugin
-

src/saml2/s2repoze/plugins/entitlement.py

@@ -3,9 +3,10 @@
 
 from zope.interface import implements
 
-#from repoze.who.interfaces import IChallenger, IIdentifier, IAuthenticator
+# from repoze.who.interfaces import IChallenger, IIdentifier, IAuthenticator
 from repoze.who.interfaces import IMetadataProvider
 
+
 class EntitlementMetadataProvider(object):
 
     implements(IMetadataProvider)
@@ -43,7 +44,7 @@ def get_entitlement(self, user, virtualorg):
 
     def store_entitlement(self, user, virtualorg, entitlement=None):
         if user not in self._store:
-            self._store[user] = {"entitlement":{}}
+            self._store[user] = {"entitlement": {}}
         elif "entitlement" not in self._store[user]:
             self._store[user]["entitlement"] = {}
 
@@ -53,18 +54,17 @@ def store_entitlement(self, user, virtualorg, entitlement=None):
         self._store.sync()
 
     def add_metadata(self, environ, identity):
-        #logger = environ.get('repoze.who.logger','')
+        # logger = environ.get('repoze.who.logger','')
         try:
-            user = self._store[identity.get('repoze.who.userid')]
+            user = self._store[identity.get("repoze.who.userid")]
         except KeyError:
             return
 
         try:
             vorg = environ["myapp.vo"]
             try:
                 ents = user["entitlement"][vorg]
-                identity["user"] = {
-                            "entitlement": ["%s:%s" % (vorg,e) for e in ents]}
+                identity["user"] = {"entitlement": ["%s:%s" % (vorg, e) for e in ents]}
             except KeyError:
                 pass
         except KeyError:
@@ -73,5 +73,6 @@ def add_metadata(self, environ, identity):
                 res.extend(["%s:%s" % (vorg, e) for e in ents])
             identity["user"] = res
 
+
 def make_plugin(filename, key_attribute=""):
     return EntitlementMetadataProvider(filename, key_attribute)