Projet

Général

Profil

0001-manager-prevent-saml-authenticator-metadata-ambiguit.patch

Paul Marillonnet, 05 juillet 2022 13:51

Télécharger (2,76 ko)

Voir les différences:

Subject: [PATCH] manager: prevent saml authenticator metadata ambiguity
 (#66986)

 src/authentic2_auth_saml/models.py   |  5 +++++
 tests/test_manager_authenticators.py | 31 ++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
src/authentic2_auth_saml/models.py
199 199
        return SAMLAuthenticatorForm
200 200

  
201 201
    def clean(self):
202
        super().clean()
202 203
        if not (self.metadata or self.metadata_path or self.metadata_url):
203 204
            raise ValidationError(_('One of the metadata fields must be filled.'))
205
        if bool(self.metadata) + bool(self.metadata_path) + bool(self.metadata_url) > 1:
206
            raise ValidationError(
207
                _('Specify the provider\'s metadata using only one of the three available ways.')
208
            )
204 209

  
205 210
    def autorun(self, request, block_id):
206 211
        from .adapters import AuthenticAdapter
tests/test_manager_authenticators.py
275 275

  
276 276
    resp = resp.click('Enable').follow()
277 277
    assert 'Authenticator has been enabled.' in resp.text
278

  
279

  
280
def test_authenticators_saml_metadata_ambiguity(app, superuser, ou1, ou2):
281
    resp = login(app, superuser, path='/manage/authenticators/')
282

  
283
    resp = resp.click('Add new authenticator')
284
    resp.form['name'] = 'Test'
285
    resp.form['authenticator'] = 'saml'
286
    resp.form['ou'] = ou1.pk
287
    resp = resp.form.submit()
288

  
289
    authenticator = SAMLAuthenticator.objects.filter(slug='test').get()
290
    resp = app.get(authenticator.get_absolute_url())
291
    resp = resp.click('Edit')
292
    resp = resp.form.submit()
293
    assert 'One of the metadata fields must be filled.' in resp.text
294

  
295
    resp.form['metadata_path'] = '/var/lib/authentic2/metadata.xml'
296
    resp.form['metadata_url'] = 'https://www.entrouvert.com/metadata.xml'
297
    with open('tests/metadata.xml') as fd:
298
        resp.form['metadata'] = fd.read()
299
    resp = resp.form.submit()
300
    assert 'one of the three available ways.' in resp.text
301

  
302
    resp.form['metadata_path'] = ''
303
    resp = resp.form.submit()
304
    assert 'one of the three available ways.' in resp.text
305

  
306
    resp.form['metadata'] = ''
307
    resp = resp.form.submit()
308
    assert 'one of the three available ways.' not in resp.text
278
-