Allow any number of decimal places for seconds on SAML datetimes

pitbulk · pitbulk · commit 5f162dc9947b · 2019-11-20T10:20:46.000+01:00
diff --git a/src/onelogin/saml2/utils.py b/src/onelogin/saml2/utils.py
@@ -65,6 +65,10 @@ class OneLogin_Saml2_Utils(object):
     RESPONSE_SIGNATURE_XPATH = '/samlp:Response/ds:Signature'
     ASSERTION_SIGNATURE_XPATH = '/samlp:Response/saml:Assertion/ds:Signature'
 
+    TIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
+    TIME_FORMAT_2 = "%Y-%m-%dT%H:%M:%S.%fZ"
+    TIME_FORMAT_WITH_FRAGMENT = re.compile(r'^(\d{4,4}-\d{2,2}-\d{2,2}T\d{2,2}:\d{2,2}:\d{2,2})(\.\d*)?Z?$')
+
     @staticmethod
     def escape_url(url, lowercase_urlencoding=False):
         """
@@ -401,7 +405,7 @@ def parse_time_to_SAML(time):
         :rtype: string
         """
         data = datetime.utcfromtimestamp(float(time))
-        return data.strftime('%Y-%m-%dT%H:%M:%SZ')
+        return data.strftime(OneLogin_Saml2_Utils.TIME_FORMAT)
 
     @staticmethod
     def parse_SAML_to_time(timestr):
@@ -416,9 +420,16 @@ def parse_SAML_to_time(timestr):
         :rtype: int
         """
         try:
-            data = datetime.strptime(timestr, '%Y-%m-%dT%H:%M:%SZ')
+            data = datetime.strptime(timestr, OneLogin_Saml2_Utils.TIME_FORMAT)
         except ValueError:
-            data = datetime.strptime(timestr, '%Y-%m-%dT%H:%M:%S.%fZ')
+            try:
+                data = datetime.strptime(timestr, OneLogin_Saml2_Utils.TIME_FORMAT_2)
+            except ValueError:
+                elem = OneLogin_Saml2_Utils.TIME_FORMAT_WITH_FRAGMENT.match(timestr)
+                if not elem:
+                    raise Exception("time data %s does not match format %s" % (timestr, r'yyyy-mm-ddThh:mm:ss(\.s+)?Z'))
+                data = datetime.strptime(elem.groups()[0] + "Z", OneLogin_Saml2_Utils.TIME_FORMAT)
+
         return calendar.timegm(data.utctimetuple())
 
     @staticmethod
diff --git a/tests/src/OneLogin/saml2_tests/utils_test.py b/tests/src/OneLogin/saml2_tests/utils_test.py
@@ -450,6 +450,14 @@ def testParseSAML2Time(self):
         saml_time2 = '2013-12-10T04:39:31.120Z'
         self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time2))
 
+        # Now test if toolkit supports microseconds
+        saml_time3 = '2013-12-10T04:39:31.120240Z'
+        self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time3))
+
+        # Now test if toolkit supports nanoseconds
+        saml_time4 = '2013-12-10T04:39:31.120240360Z'
+        self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time4))
+
     def testParseTime2SAML(self):
         """
         Tests the parse_time_to_SAML method of the OneLogin_Saml2_Utils
