0001-views-handle-a-nonce-parameter-on-login-view-55953.patch
mellon/views.py | ||
---|---|---|
109 | 109 |
return |
110 | 110 |
self.set_state('next_url', next_url) |
111 | 111 | |
112 |
def set_nonce(self, nonce): |
|
113 |
self.set_state('nonce', nonce) |
|
114 | ||
112 | 115 |
def set_state(self, name, value): |
113 | 116 |
assert self.profile |
114 | 117 |
relay_state = self.get_relay_state(create=True) |
... | ... | |
135 | 138 |
def get_next_url(self, default=None): |
136 | 139 |
return self.get_state('next_url', default=default) |
137 | 140 | |
141 |
def get_nonce(self): |
|
142 |
return self.get_state('nonce') |
|
143 | ||
138 | 144 |
def show_message_status_is_not_success(self, profile, prefix): |
139 | 145 |
status_codes, idp_message = utils.get_status_codes_and_message(profile) |
140 | 146 |
args = ['%s: status is not success codes: %r', prefix, status_codes] |
... | ... | |
251 | 257 |
if content is not None: |
252 | 258 |
values.append(content) |
253 | 259 |
attributes['issuer'] = login.remoteProviderId |
260 |
attributes['nonce'] = self.get_nonce() |
|
254 | 261 |
if login.nameIdentifier: |
255 | 262 |
name_id = login.nameIdentifier |
256 | 263 |
name_id_format = force_text(name_id.format or lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED) |
... | ... | |
491 | 498 |
policy.allowCreate = utils.get_setting(idp, 'NAME_ID_POLICY_ALLOW_CREATE') |
492 | 499 |
policy.format = utils.get_setting(idp, 'NAME_ID_POLICY_FORMAT') |
493 | 500 |
force_authn = utils.get_setting(idp, 'FORCE_AUTHN') |
501 |
# link the nonce to the request-id |
|
502 |
if 'nonce' in request.GET: |
|
503 |
self.set_nonce(request.GET['nonce'][:128]) |
|
494 | 504 |
if force_authn: |
495 | 505 |
authn_request.forceAuthn = True |
496 | 506 |
if request.GET.get('passive') == '1': |
tests/test_sso_slo.py | ||
---|---|---|
732 | 732 |
assert '<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"' in response_text |
733 | 733 |
assert '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"' in response_text |
734 | 734 |
assert 'mellon: created new user _' in response_text |
735 | ||
736 | ||
737 |
def test_nonce(db, app, idp, caplog, sp_settings): |
|
738 |
response = app.get(reverse('mellon_login') + '?nonce=1234') |
|
739 |
url, body, relay_state = idp.process_authn_request_redirect(response['Location']) |
|
740 |
response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state}) |
|
741 |
assert app.session['mellon_session']['nonce'] == '1234' |
|
735 |
- |