Projet

Général

Profil

0001-make-DiscoveryResponse-optional-in-metadata-15260.patch

Benjamin Dauvergne, 01 octobre 2019 12:32

Télécharger (5,15 ko)

Voir les différences: 

Subject: [PATCH] make DiscoveryResponse optional in metadata (#15260)


 mellon/app_settings.py               |  1 +
 mellon/templates/mellon/metadata.xml |  4 +++-
 mellon/utils.py                      | 10 +++++++---
 tests/test_utils.py                  | 22 ++++++++++++++++++++++
 tests/test_views.py                  |  2 +-
 5 files changed, 34 insertions(+), 5 deletions(-)
mellon/app_settings.py
43 43 
        'LOOKUP_BY_ATTRIBUTES': [],
44 44 
        'METADATA_CACHE_TIME': 3600,
45 45 
        'METADATA_HTTP_TIMEOUT': 10,
46 
        'METADATA_PUBLISH_DISCOVERY_RESPONSE': False,
46 47 
    }
47 48 

  		




  48
  49
  
    
    @property

  		












  

    
      mellon/templates/mellon/metadata.xml
    
  





  6
  6
  
    
   AuthnRequestsSigned="true"

  		




  7
  7
  
    
   WantAssertionsSigned="true"

  		




  8
  8
  
    
   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

  		




  
  9
  
    
   {% if discovery_endpoint_url %}

  		




  9
  10
  
    
    <Extensions>

  		




  10
  11
  
    
      <idpdisc:DiscoveryResponse index="1"

  		




  11
  12
  
    
        xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"

  		




  12
  13
  
    
        Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"

  		




  13
  14
  
    
        Location="{{ discovery_endpoint_url }}"/>

  		




  14
  
  
    
   </Extensions>

  		




  
  15
  
    
      </Extensions>

  		




  
  16
  
    
   {% endif %}

  		




  15
  17
  
    
     {% for public_key in public_keys %}

  		




  16
  18
  
    
       <KeyDescriptor>

  		




  17
  19
  
    
           <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

  		












  

    
      mellon/utils.py
    
  





  49
  49
  
    
            public_key = ''.join(content.splitlines()[1:-1])

  		




  50
  50
  
    
        public_keys.append(public_key)

  		




  51
  51
  
    
    name_id_formats = app_settings.NAME_ID_FORMATS

  		




  52
  
  
    
    return render_to_string('mellon/metadata.xml', {

  		




  
  52
  
    
    ctx = {

  		




  
  53
  
    
        'request': request,

  		




  53
  54
  
    
        'entity_id': request.build_absolute_uri(entity_id),

  		




  54
  55
  
    
        'login_url': request.build_absolute_uri(login_url),

  		




  55
  56
  
    
        'logout_url': request.build_absolute_uri(logout_url),

  		




  ......




  58
  59
  
    
        'default_assertion_consumer_binding': app_settings.DEFAULT_ASSERTION_CONSUMER_BINDING,

  		




  59
  60
  
    
        'organization': app_settings.ORGANIZATION,

  		




  60
  61
  
    
        'contact_persons': app_settings.CONTACT_PERSONS,

  		




  61
  
  
    
        'discovery_endpoint_url': request.build_absolute_uri(reverse('mellon_login')),

  		




  62
  
  
    
    })

  		




  
  62
  
    
    }

  		




  
  63
  
    
    if app_settings.METADATA_PUBLISH_DISCOVERY_RESPONSE:

  		




  
  64
  
    
        ctx['discovery_endpoint_url'] = request.build_absolute_uri(

  		




  
  65
  
    
            reverse('mellon_login'))

  		




  
  66
  
    
    return render_to_string('mellon/metadata.xml', ctx)

  		




  63
  67
  
    

  		




  64
  68
  
    

  		




  65
  69
  
    
def create_server(request):

  		












  

    
      tests/test_utils.py
    
  





  35
  35
  
    
    private_settings.MELLON_NAME_ID_FORMATS = [lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED]

  		




  36
  36
  
    
    private_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact'

  		




  37
  37
  
    
    request = rf.get('/')

  		




  
  38
  
    
    with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True):

  		




  
  39
  
    
        metadata = create_metadata(request)

  		




  
  40
  
    
    assert_xml_constraints(

  		




  
  41
  
    
        metadata.encode('utf-8'),

  		




  
  42
  
    
        ('/sm:EntityDescriptor[@entityID="http://testserver/metadata/"]', 1,

  		




  
  43
  
    
         ('/*', 1),

  		




  
  44
  
    
         ('/sm:SPSSODescriptor', 1,

  		




  
  45
  
    
          ('/*', 6),

  		




  
  46
  
    
          ('/sm:NameIDFormat', 1),

  		




  
  47
  
    
          ('/sm:SingleLogoutService', 1),

  		




  
  48
  
    
          ('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']', 1),

  		




  
  49
  
    
          ('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']',

  		




  
  50
  
    
           0),

  		




  
  51
  
    
          ('/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']',

  		




  
  52
  
    
           1),

  		




  
  53
  
    
          ('/sm:KeyDescriptor/ds:KeyInfo/ds:X509Data', 2,

  		




  
  54
  
    
           ('/ds:X509Certificate', 2),

  		




  
  55
  
    
           ('/ds:X509Certificate[text()=\'xxx\']', 1),

  		




  
  56
  
    
           ('/ds:X509Certificate[text()=\'yyy\']', 1)))),

  		




  
  57
  
    
        namespaces=ns)

  		




  
  58
  
    

  		




  
  59
  
    
    private_settings.MELLON_METADATA_PUBLISH_DISCOVERY_RESPONSE = True

  		




  38
  60
  
    
    with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True):

  		




  39
  61
  
    
        metadata = create_metadata(request)

  		




  40
  62
  
    
    assert_xml_constraints(

  		












  

    
      tests/test_views.py
    
  





  112
  112
  
    
        ('/sm:EntityDescriptor[@entityID="http://testserver/metadata/"]', 1,

  		




  113
  113
  
    
         ('/*', 4),

  		




  114
  114
  
    
         ('/sm:SPSSODescriptor', 1,

  		




  115
  
  
    
          ('/*', 7),

  		




  
  115
  
    
          ('/*', 6),

  		




  116
  116
  
    
          ('/sm:NameIDFormat', 1),

  		




  117
  117
  
    
          ('/sm:SingleLogoutService', 1),

  		




  118
  118
  
    
          ('/sm:AssertionConsumerService', None,

  		




  119
  
  
    
-