Skip to content

Commit f42c3f8

Browse files
c00kiemon5terc00kiemon5ter
committed
Prevent an Extensions element appearing in the AuthnRequest
Signed-off-by: Ivan Kanakarakis <[email protected]>
1 parent 43bb7ad commit f42c3f8

File tree

1 file changed

+52
-50
lines changed

1 file changed

+52
-50
lines changed

src/saml2/client_base.py

Lines changed: 52 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,52 @@ class NoServiceDefined(SAMLError):
9090
pass
9191

9292

93+
def create_requested_attribute_node(requested_attrs, attribute_converters):
94+
items = []
95+
for attr in requested_attrs:
96+
friendly_name = attr.get('friendly_name')
97+
name = attr.get('name')
98+
name_format = attr.get('name_format')
99+
is_required = str(attr.get('required', False)).lower()
100+
101+
if not name and not friendly_name:
102+
raise ValueError("Missing required attribute: 'name' or 'friendly_name'")
103+
104+
if not name:
105+
for converter in attribute_converters:
106+
try:
107+
name = converter._to[friendly_name.lower()]
108+
except KeyError:
109+
continue
110+
else:
111+
if not name_format:
112+
name_format = converter.name_format
113+
break
114+
115+
if not friendly_name:
116+
for converter in attribute_converters:
117+
try:
118+
friendly_name = converter._fro[name.lower()]
119+
except KeyError:
120+
continue
121+
else:
122+
if not name_format:
123+
name_format = converter.name_format
124+
break
125+
126+
items.append(
127+
RequestedAttribute(
128+
is_required=is_required,
129+
name_format=name_format,
130+
friendly_name=friendly_name,
131+
name=name,
132+
)
133+
)
134+
135+
node = RequestedAttributes(extension_elements=items)
136+
return node
137+
138+
93139
class Base(Entity):
94140
""" The basic pySAML2 service provider class """
95141

@@ -388,57 +434,13 @@ def create_authn_request(self, destination, vorg="", scoping=None,
388434
or self.config.getattr('requested_attributes', 'sp')
389435
or []
390436
)
391-
392-
if not extensions:
393-
extensions = Extensions()
394-
395-
items = []
396-
for attr in requested_attrs:
397-
friendly_name = attr.get('friendly_name')
398-
name = attr.get('name')
399-
name_format = attr.get('name_format')
400-
is_required = str(attr.get('required', False)).lower()
401-
402-
if not name and not friendly_name:
403-
raise ValueError(
404-
"Missing required attribute: '{}' or '{}'".format(
405-
'name', 'friendly_name'
406-
)
407-
)
408-
409-
if not name:
410-
for converter in self.config.attribute_converters:
411-
try:
412-
name = converter._to[friendly_name.lower()]
413-
except KeyError:
414-
continue
415-
else:
416-
if not name_format:
417-
name_format = converter.name_format
418-
break
419-
420-
if not friendly_name:
421-
for converter in self.config.attribute_converters:
422-
try:
423-
friendly_name = converter._fro[name.lower()]
424-
except KeyError:
425-
continue
426-
else:
427-
if not name_format:
428-
name_format = converter.name_format
429-
break
430-
431-
items.append(
432-
RequestedAttribute(
433-
is_required=is_required,
434-
name_format=name_format,
435-
friendly_name=friendly_name,
436-
name=name,
437-
)
437+
if requested_attrs:
438+
req_attrs_node = create_requested_attribute_node(
439+
requested_attrs, self.config.attribute_converters
438440
)
439-
440-
item = RequestedAttributes(extension_elements=items)
441-
extensions.add_extension_element(item)
441+
if not extensions:
442+
extensions = Extensions()
443+
extensions.add_extension_element(req_attrs_node)
442444

443445
force_authn = str(
444446
kwargs.pop("force_authn", None)

0 commit comments

Comments
 (0)