Unit test for logout_responses_signed

maxbes · maxbes · commit 50b2963d136d · 2020-10-07T17:19:25.000+02:00
diff --git a/tests/server_conf.py b/tests/server_conf.py
@@ -14,6 +14,8 @@
             "required_attributes": ["surName", "givenName", "mail"],
             "optional_attributes": ["title"],
             "idp": ["urn:mace:example.com:saml:roland:idp"],
+            "logout_responses_signed": True,
+            "logout_requests_signed": True,
             "requested_attributes": [
                 {
                     "name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.2",
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 
 from base64 import encodebytes as b64encode
+from base64 import decodebytes as b64decode
 import uuid
 import six
 from six.moves.urllib import parse
@@ -51,7 +52,6 @@
     "authn_auth": "http://www.example.com/login"
 }
 
-
 def generate_cert():
     sn = uuid.uuid4().urn
     cert_info = {
@@ -413,6 +413,36 @@ def test_sign_auth_request_0(self):
         except Exception:  # missing certificate
             self.client.sec.verify_signature(ar_str, node_name=class_name(ar))
 
+    def test_logout_response(self):
+        req_id, req = self.server.create_logout_request(
+            "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:sp",
+            name_id=nid, reason="Tired", expire=in_a_while(minutes=15),
+            session_indexes=["_foo"])
+
+        info = self.client.apply_binding(
+            BINDING_HTTP_REDIRECT, req, destination="",
+            relay_state="relay2")
+        loc = info["headers"][0][1]
+        qs = parse.parse_qs(loc[1:])
+        samlreq = qs['SAMLRequest'][0]
+        resphttp = self.client.handle_logout_request(samlreq, nid,
+                BINDING_HTTP_REDIRECT)
+        _dic = unpack_form(resphttp['data'], "SAMLResponse")
+        xml = b64decode(_dic['SAMLResponse'].encode('UTF-8'))
+
+        # Signature found
+        assert xml.decode('UTF-8').find(r"Signature") > 0
+
+        # Try again with logout_responses_signed=False
+        self.client.logout_responses_signed = False
+        resphttp = self.client.handle_logout_request(samlreq, nid,
+                BINDING_HTTP_REDIRECT)
+        _dic = unpack_form(resphttp['data'], "SAMLResponse")
+        xml = b64decode(_dic['SAMLResponse'].encode('UTF-8'))
+
+        # Signature not found
+        assert xml.decode('UTF-8').find(r"Signature") < 0
+
     def test_create_logout_request(self):
         req_id, req = self.client.create_logout_request(
             "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:idp",

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@`
`14`	`14`	`"required_attributes": ["surName", "givenName", "mail"],`
`15`	`15`	`"optional_attributes": ["title"],`
`16`	`16`	`"idp": ["urn:mace:example.com:saml:roland:idp"],`
	`17`	`+ "logout_responses_signed": True,`
	`18`	`+ "logout_requests_signed": True,`
`17`	`19`	`"requested_attributes": [`
`18`	`20`	`{`
`19`	`21`	`"name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.2",`