From 836eada0f4701d9c60794b730a158ad5c60b8329 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 23 Mar 2020 13:24:23 +0100
Subject: [PATCH 1/3] tests: check relaystate forwarding (#40722)

---
 tests/test_idp_saml2.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/test_idp_saml2.py b/tests/test_idp_saml2.py
index 9cf478bb..f0b33ae0 100644
--- a/tests/test_idp_saml2.py
+++ b/tests/test_idp_saml2.py
@@ -140,6 +140,7 @@ class SamlSP(object):
     server = None
     binding = 'post'
     keys = None  # pair of public and private key as PEM
+    relay_state = 'relay-state'
 
     def __init__(self, app, **kwargs):
         self.app = app
@@ -263,10 +264,13 @@ class SamlSP(object):
             policy.format = format
         if sp_name_qualifier is not None:
             policy.spNameQualifier = sp_name_qualifier
+        relay_state = relay_state or self.relay_state
         if relay_state is not None:
             login.msgRelayState = relay_state
         if not name_id_policy:
             request.nameIdPolicy = None
+        if relay_state is not None:
+            login.msgRelayState = force_str(relay_state)
         login.buildAuthnRequestMsg()
         url_parsed = urlparse.urlparse(login.msgUrl)
         assert url_parsed.path == reverse('a2-idp-saml-sso'), 'msgUrl should target the sso endpoint'
@@ -358,6 +362,8 @@ class Scenario(object):
         assert len(response.forms) == 1
         assert response.form.action == '%s/sso/POST' % self.sp.base_url
         assert 'SAMLResponse' in response.form.fields
+        if self.sp.relay_state is not None:
+            assert response.form['RelayState'].value == self.sp.relay_state
         saml_response = response.form['SAMLResponse'].value
         decoded_saml_response = base64.b64decode(saml_response)
         assert b'rsa-sha256' in decoded_saml_response
-- 
2.24.0