0001-7879-statusMessage-in-SAML-Response-and-tests-added.patch
| src/authentic2/idp/saml/saml2_endpoints.py | ||
|---|---|---|
| 594 | 594 |
if 'cancel' in request.GET: |
| 595 | 595 |
logger.info('login canceled')
|
| 596 | 596 |
set_saml2_response_responder_status_code(login.response, |
| 597 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED) |
|
| 597 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED, _('User canceled login process').encode('utf-8'))
|
|
| 598 | 598 |
return finish_sso(request, login) |
| 599 | 599 |
if consent_answer == 'refused': |
| 600 | 600 |
logger.info("consent answer treatment, the user "
|
| 601 | 601 |
"refused, return request denied to the requester") |
| 602 | 602 |
set_saml2_response_responder_status_code(login.response, |
| 603 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED) |
|
| 603 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED, _('User refused to consent').encode('utf-8'))
|
|
| 604 | 604 |
return finish_sso(request, login) |
| 605 | 605 |
if consent_answer == 'accepted': |
| 606 | 606 |
logger.info("consent answer treatment, the user "
|
| src/authentic2/idp/saml/tests.py | ||
|---|---|---|
| 252 | 252 |
self.assertIn('SAMLResponse', doc.forms[0].fields)
|
| 253 | 253 |
saml_response = doc.forms[0].fields['SAMLResponse'] |
| 254 | 254 |
try: |
| 255 |
base64.b64decode(saml_response) |
|
| 255 |
saml_response_decoded = base64.b64decode(saml_response)
|
|
| 256 | 256 |
except TypeError: |
| 257 | 257 |
self.fail('SAMLResponse is not base64 encoded: %s'
|
| 258 | 258 |
% saml_response) |
| 259 | 259 |
with self.assertRaises(lasso.ProfileRequestDeniedError): |
| 260 | 260 |
assertion = self.parse_authn_response(saml_response) |
| 261 |
self.assertIn('samlp:StatusMessage', saml_response_decoded)
|
|
| 262 |
self.assertIn('User canceled login process', saml_response_decoded)
|
|
| 261 | 263 |
else: |
| 262 | 264 |
response = client.post(url, {
|
| 263 | 265 |
'username': self.email, |
| 264 |
- |
|