Fix ipv6 validation for addresses with brackets

Fix ipv6 validation for addresses that include the brackets,
such as [2001:8003:5555:9999:555a:5555:c77:d5c5]. See
https://tools.ietf.org/html/rfc4038#section-5.1 regarding the inclusion
of brackets in the address. The Shibboleth IdP sends ipv6 addresses
that include the brackets.

Author: skoranda

src/saml2/validate.py

@@ -133,6 +133,7 @@ def valid_ipv4(address):
 IPV6_PATTERN = re.compile(r"""
     ^
     \s*                         # Leading whitespace
+    \[?                         # See https://tools.ietf.org/html/rfc4038#section-5.1
     (?!.*::.*::)                # Only a single wildcard allowed
     (?:(?!:)|:(?=:))            # Colon iff it would be part of a wildcard
     (?:                         # Repeat 6 times:
@@ -153,6 +154,7 @@ def valid_ipv4(address):
             (?:25[0-4]|2[0-4]\d|1\d\d|[1-9]?\d)
         ){3}
     )
+    \]?                         # See https://tools.ietf.org/html/rfc4038#section-5.1
     \s*                         # Trailing whitespace
     $
 """, re.VERBOSE | re.IGNORECASE | re.DOTALL)

tests/test_13_validate.py

@@ -13,6 +13,7 @@
 from saml2.validate import valid_any_uri
 from saml2.validate import NotValid
 from saml2.validate import valid_anytype
+from saml2.validate import valid_address
 
 from pytest import raises
 
@@ -120,3 +121,10 @@ def test_valid_anytype():
     assert valid_anytype("P1Y2M3DT10H30M")
     assert valid_anytype("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
 
+def test_valid_address():
+    assert valid_address("130.239.16.3")
+    assert valid_address("2001:8003:5555:9999:555a:5555:c77:d5c5")
+
+    # See https://tools.ietf.org/html/rfc4038#section-5.1 regarding
+    # the inclusion of brackets in the ipv6 address below.
+    assert valid_address("[2001:8003:5555:9999:555a:5555:c77:d5c5]")