0001-saml-add-login-hint-extension-on-backoffice-access-4.patch
tests/test_saml_auth.py | ||
---|---|---|
354 | 354 |
assert ':next_url>http://example.net/backoffice/<' in request.getOriginalXmlnode() |
355 | 355 | |
356 | 356 | |
357 |
def test_saml_login_hint(pub): |
|
358 |
resp = get_app(pub).get('/login/') |
|
359 |
assert resp.status_int == 302 |
|
360 |
assert resp.location.startswith('http://sso.example.net/saml2/sso') |
|
361 |
request = lasso.Samlp2AuthnRequest() |
|
362 |
request.initFromQuery(urlparse.urlparse(resp.location).query) |
|
363 |
assert 'login-hint' not in request.getOriginalXmlnode() |
|
364 | ||
365 |
resp = get_app(pub).get('/backoffice/') |
|
366 |
assert resp.status_int == 302 |
|
367 |
assert resp.location.startswith('http://example.net/login/?next=') |
|
368 |
resp = resp.follow() |
|
369 |
assert resp.location.startswith('http://sso.example.net/saml2/sso') |
|
370 |
request = lasso.Samlp2AuthnRequest() |
|
371 |
request.initFromQuery(urlparse.urlparse(resp.location).query) |
|
372 |
assert ':login-hint>backoffice<' in request.getOriginalXmlnode() |
|
373 | ||
374 | ||
357 | 375 |
def test_saml_register(pub): |
358 | 376 |
get_app(pub).get('/register/', status=404) |
359 | 377 |
pub.cfg['saml_identities'] = {'identity-creation': 'self'} |
wcs/qommon/saml2.py | ||
---|---|---|
173 | 173 |
login.msgRelayState = get_request().form.get('next') |
174 | 174 | |
175 | 175 |
next_url = login.msgRelayState or get_publisher().get_frontoffice_url() |
176 |
backoffice_url = get_publisher().get_backoffice_url() |
|
177 |
# set login-hint only if backoffice is accessed |
|
178 |
if next_url.startswith(backoffice_url): |
|
179 |
login_hint = '<eo:login-hint>backoffice</eo:login-hint>' |
|
180 |
else: |
|
181 |
login_hint = '' |
|
176 | 182 |
samlp_extensions = '''<samlp:Extensions |
177 | 183 |
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" |
178 | 184 |
xmlns:eo="https://www.entrouvert.com/"> |
179 |
<eo:next_url>%s</eo:next_url> |
|
180 |
</samlp:Extensions>''' % escape(next_url) |
|
185 |
<eo:next_url>%s</eo:next_url>''' % escape(next_url) |
|
186 |
if next_url.startswith(backoffice_url): |
|
187 |
samlp_extensions += '<eo:login-hint>backoffice</eo:login-hint>' |
|
188 |
samlp_extensions += '</samlp:Extensions>' |
|
181 | 189 |
# work around lasso bug https://dev.entrouvert.org/issues/23001 |
182 | 190 |
if hasattr(lasso.Samlp2Extensions, 'any'): |
183 | 191 |
login.request.extensions = lasso.Node.newFromXmlNode(samlp_extensions) |
184 |
- |