0001-manager-prevent-saml-authenticator-metadata-ambiguit.patch
src/authentic2_auth_saml/models.py | ||
---|---|---|
199 | 199 |
return SAMLAuthenticatorForm |
200 | 200 | |
201 | 201 |
def clean(self): |
202 |
super().clean() |
|
202 | 203 |
if not (self.metadata or self.metadata_path or self.metadata_url): |
203 | 204 |
raise ValidationError(_('One of the metadata fields must be filled.')) |
205 |
if bool(self.metadata) + bool(self.metadata_path) + bool(self.metadata_url) > 1: |
|
206 |
raise ValidationError( |
|
207 |
_('Specify the provider\'s metadata using only one of the three available ways.') |
|
208 |
) |
|
204 | 209 | |
205 | 210 |
def autorun(self, request, block_id): |
206 | 211 |
from .adapters import AuthenticAdapter |
tests/test_manager_authenticators.py | ||
---|---|---|
275 | 275 | |
276 | 276 |
resp = resp.click('Enable').follow() |
277 | 277 |
assert 'Authenticator has been enabled.' in resp.text |
278 | ||
279 | ||
280 |
def test_authenticators_saml_metadata_ambiguity(app, superuser, ou1, ou2): |
|
281 |
resp = login(app, superuser, path='/manage/authenticators/') |
|
282 | ||
283 |
resp = resp.click('Add new authenticator') |
|
284 |
resp.form['name'] = 'Test' |
|
285 |
resp.form['authenticator'] = 'saml' |
|
286 |
resp.form['ou'] = ou1.pk |
|
287 |
resp = resp.form.submit() |
|
288 | ||
289 |
authenticator = SAMLAuthenticator.objects.filter(slug='test').get() |
|
290 |
resp = app.get(authenticator.get_absolute_url()) |
|
291 |
resp = resp.click('Edit') |
|
292 |
resp = resp.form.submit() |
|
293 |
assert 'One of the metadata fields must be filled.' in resp.text |
|
294 | ||
295 |
resp.form['metadata_path'] = '/var/lib/authentic2/metadata.xml' |
|
296 |
resp.form['metadata_url'] = 'https://www.entrouvert.com/metadata.xml' |
|
297 |
with open('tests/metadata.xml') as fd: |
|
298 |
resp.form['metadata'] = fd.read() |
|
299 |
resp = resp.form.submit() |
|
300 |
assert 'one of the three available ways.' in resp.text |
|
301 | ||
302 |
resp.form['metadata_path'] = '' |
|
303 |
resp = resp.form.submit() |
|
304 |
assert 'one of the three available ways.' in resp.text |
|
305 | ||
306 |
resp.form['metadata'] = '' |
|
307 |
resp = resp.form.submit() |
|
308 |
assert 'one of the three available ways.' not in resp.text |
|
278 |
- |