Merge pull request #926 from amit12297/fix_assertion_sigver_fail_error_log

c00kiemon5ter · web-flow · commit b276d7bd6839 · 2023-09-26T14:30:09.000+03:00
Set error log message when assertion signature verification fails
diff --git a/src/saml2/response.py b/src/saml2/response.py
@@ -791,7 +791,8 @@ def _assertion(self, assertion, verified=False):
                 try:
                     self.sec.check_signature(assertion, class_name(assertion), self.xmlstr)
                 except Exception as exc:
-                    logger.error("correctly_signed_response: %s", exc)
+                    logger.error("The signature on the assertion cannot be verified.")
+                    logger.debug("correctly_signed_response: %s", exc)
                     raise
 
         self.assertion = assertion
diff --git a/tests/test_41_response.py b/tests/test_41_response.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-
+import logging
 from contextlib import closing
 import datetime
 from unittest.mock import Mock
@@ -125,7 +125,8 @@ def test_issuer_none(self):
         assert resp.issuer() == ""
 
     @patch("saml2.time_util.datetime")
-    def test_false_sign(self, mock_datetime):
+    def test_false_sign(self, mock_datetime, caplog):
+        caplog.set_level(logging.ERROR)
         mock_datetime.utcnow = Mock(return_value=datetime.datetime(2016, 9, 4, 9, 59, 39))
         with open(FALSE_ASSERT_SIGNED) as fp:
             xml_response = fp.read()
@@ -145,6 +146,7 @@ def test_false_sign(self, mock_datetime):
         assert isinstance(resp, AuthnResponse)
         with raises(SignatureError):
             resp.verify()
+        assert 'The signature on the assertion cannot be verified.' in caplog.text
 
     def test_other_response(self):
         with open(full_path("attribute_response.xml")) as fp:
