From fe4550c5dce24138a9237e5a317cd7804687f9ba Mon Sep 17 00:00:00 2001 From: Josue Kouka Date: Fri, 9 Oct 2015 11:15:09 +0200 Subject: [PATCH] #7879: statusMessage in SAML Response and tests added --- src/authentic2/idp/saml/saml2_endpoints.py | 4 ++-- src/authentic2/idp/saml/tests.py | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/authentic2/idp/saml/saml2_endpoints.py b/src/authentic2/idp/saml/saml2_endpoints.py index a85d783..d6fb5f7 100644 --- a/src/authentic2/idp/saml/saml2_endpoints.py +++ b/src/authentic2/idp/saml/saml2_endpoints.py @@ -594,13 +594,13 @@ def continue_sso(request): if 'cancel' in request.GET: logger.info('login canceled') set_saml2_response_responder_status_code(login.response, - lasso.SAML2_STATUS_CODE_REQUEST_DENIED) + lasso.SAML2_STATUS_CODE_REQUEST_DENIED, _('User canceled login process').encode('utf-8')) return finish_sso(request, login) if consent_answer == 'refused': logger.info("consent answer treatment, the user " "refused, return request denied to the requester") set_saml2_response_responder_status_code(login.response, - lasso.SAML2_STATUS_CODE_REQUEST_DENIED) + lasso.SAML2_STATUS_CODE_REQUEST_DENIED, _('User refused to consent').encode('utf-8')) return finish_sso(request, login) if consent_answer == 'accepted': logger.info("consent answer treatment, the user " diff --git a/src/authentic2/idp/saml/tests.py b/src/authentic2/idp/saml/tests.py index 905ded6..fe8f59f 100644 --- a/src/authentic2/idp/saml/tests.py +++ b/src/authentic2/idp/saml/tests.py @@ -252,12 +252,14 @@ class SamlSSOTestCase(SamlBaseTestCase): self.assertIn('SAMLResponse', doc.forms[0].fields) saml_response = doc.forms[0].fields['SAMLResponse'] try: - base64.b64decode(saml_response) + saml_response_decoded = base64.b64decode(saml_response) except TypeError: self.fail('SAMLResponse is not base64 encoded: %s' % saml_response) with self.assertRaises(lasso.ProfileRequestDeniedError): assertion = self.parse_authn_response(saml_response) + self.assertIn('samlp:StatusMessage', saml_response_decoded) + self.assertIn('User canceled login process', saml_response_decoded) else: response = client.post(url, { 'username': self.email, -- 2.6.1