0001-7879-statusMessage-in-SAML-Response-and-tests-added.patch
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
594 | 594 |
if 'cancel' in request.GET: |
595 | 595 |
logger.info('login canceled') |
596 | 596 |
set_saml2_response_responder_status_code(login.response, |
597 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED) |
|
597 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED, _('User canceled login process').encode('utf-8'))
|
|
598 | 598 |
return finish_sso(request, login) |
599 | 599 |
if consent_answer == 'refused': |
600 | 600 |
logger.info("consent answer treatment, the user " |
601 | 601 |
"refused, return request denied to the requester") |
602 | 602 |
set_saml2_response_responder_status_code(login.response, |
603 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED) |
|
603 |
lasso.SAML2_STATUS_CODE_REQUEST_DENIED, _('User refused to consent').encode('utf-8'))
|
|
604 | 604 |
return finish_sso(request, login) |
605 | 605 |
if consent_answer == 'accepted': |
606 | 606 |
logger.info("consent answer treatment, the user " |
src/authentic2/idp/saml/tests.py | ||
---|---|---|
252 | 252 |
self.assertIn('SAMLResponse', doc.forms[0].fields) |
253 | 253 |
saml_response = doc.forms[0].fields['SAMLResponse'] |
254 | 254 |
try: |
255 |
base64.b64decode(saml_response) |
|
255 |
saml_response_decoded = base64.b64decode(saml_response)
|
|
256 | 256 |
except TypeError: |
257 | 257 |
self.fail('SAMLResponse is not base64 encoded: %s' |
258 | 258 |
% saml_response) |
259 | 259 |
with self.assertRaises(lasso.ProfileRequestDeniedError): |
260 | 260 |
assertion = self.parse_authn_response(saml_response) |
261 |
self.assertIn('samlp:StatusMessage', saml_response_decoded) |
|
262 |
self.assertIn('User canceled login process', saml_response_decoded) |
|
261 | 263 |
else: |
262 | 264 |
response = client.post(url, { |
263 | 265 |
'username': self.email, |
264 |
- |