diff options
-rwxr-xr-x | tests/testlogout.py | 207 |
1 files changed, 110 insertions, 97 deletions
diff --git a/tests/testlogout.py b/tests/testlogout.py index dad1019..efc4934 100755 --- a/tests/testlogout.py +++ b/tests/testlogout.py @@ -44,17 +44,42 @@ sp_a = {'hostname': '${ADDRESS}:${PORT}', 'httpd_user': '${TEST_USER}'} -sp2_g = {'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d', - 'SAML2_TEMPLATE': '${TESTDIR}/templates/install/saml2/sp.conf', - 'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf', - 'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'} +sp_b = {'hostname': '${ADDRESS}:${PORT}', + 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata', + 'saml_secure_setup': 'False', + 'no_saml_soap_logout': 'True', + 'saml_auth': '/sp', + 'httpd_user': '${TEST_USER}'} -sp2_a = {'hostname': '${ADDRESS}:${PORT}', - 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata', - 'saml_secure_setup': 'False', - 'saml_auth': '/sp', - 'httpd_user': '${TEST_USER}'} +# Global list of SP's +splist = [ + { + 'nameid': 'sp1', + 'addr': '127.0.0.11', + 'port': '45081', + }, + { + 'nameid': 'sp2', + 'addr': '127.0.0.11', + 'port': '45082', + }, + { + 'nameid': 'sp3', + 'addr': '127.0.0.11', + 'port': '45083', + }, + { + 'nameid': 'sp4', + 'addr': '127.0.0.11', + 'port': '45084', + }, + { + 'nameid': 'sp5', + 'addr': '127.0.0.11', + 'port': '45085', + }, +] def fixup_sp_httpd(httpdir): @@ -87,7 +112,7 @@ Alias /open ${HTTPDIR}/open f.write(logged_out) -def ensure_logout(session, idp_name, spurl): +def ensure_logout(session, idp_name, sp_url): """ Fetch the secure page without following redirects. If we get a 303 then we should be redirected to the IDP for authentication @@ -96,7 +121,7 @@ def ensure_logout(session, idp_name, spurl): Returns nothing or raises exception on error """ try: - logout_page = session.fetch_page(idp_name, spurl, + logout_page = session.fetch_page(idp_name, sp_url, follow_redirect=False) if logout_page.result.status_code != 303: raise ValueError('Still logged into url') @@ -122,40 +147,41 @@ class IpsilonTest(IpsilonTestBase): print "Starting IDP's httpd server" self.start_http_server(conf, env) - print "Installing SP server" - name = 'sp1' - addr = '127.0.0.11' - port = '45081' - sp = self.generate_profile(sp_g, sp_a, name, addr, port) - conf = self.setup_sp_server(sp, name, addr, port, env) - fixup_sp_httpd(os.path.dirname(conf)) - - print "Starting SP's httpd server" - self.start_http_server(conf, env) - - print "Installing second SP server" - name = 'sp2' - addr = '127.0.0.10' - port = '45082' - sp2 = self.generate_profile(sp2_g, sp2_a, name, addr, port) - conf = self.setup_sp_server(sp2, name, addr, port, env) - fixup_sp_httpd(os.path.dirname(conf)) - - print "Starting SP's httpd server" - self.start_http_server(conf, env) + for spdata in splist: + nameid = spdata['nameid'] + addr = spdata['addr'] + port = spdata['port'] + print "Installing SP server %s" % nameid + + # Configure sp3 and sp4 for only HTTP Redirect to test + # that a mix of SOAP and HTTP Redirect will play nice + # together. + if nameid in ['sp3', 'sp4']: + sp_prof = self.generate_profile( + sp_g, sp_b, nameid, addr, str(port), nameid + ) + else: + sp_prof = self.generate_profile( + sp_g, sp_a, nameid, addr, str(port), nameid + ) + conf = self.setup_sp_server(sp_prof, nameid, addr, str(port), env) + fixup_sp_httpd(os.path.dirname(conf)) + + print "Starting SP's httpd server" + self.start_http_server(conf, env) if __name__ == '__main__': idpname = 'idp1' - spname = 'sp1' - sp2name = 'sp2' user = pwd.getpwuid(os.getuid())[0] sess = HttpSessions() sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon') - sess.add_server(spname, 'http://127.0.0.11:45081') - sess.add_server(sp2name, 'http://127.0.0.10:45082') + for sp in splist: + spname = sp['nameid'] + spurl = 'http://%s:%s' % (sp['addr'], sp['port']) + sess.add_server(spname, spurl) print "testlogout: Authenticate to IDP ...", try: @@ -165,21 +191,15 @@ if __name__ == '__main__': sys.exit(1) print " SUCCESS" - print "testlogout: Add SP Metadata to IDP ...", - try: - sess.add_sp_metadata(idpname, spname) - except Exception, e: # pylint: disable=broad-except - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" - - print "testlogout: Add second SP Metadata to IDP ...", - try: - sess.add_sp_metadata(idpname, sp2name) - except Exception, e: # pylint: disable=broad-except - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" + for sp in splist: + spname = sp['nameid'] + print "testlogout: Add SP Metadata for %s to IDP ..." % spname, + try: + sess.add_sp_metadata(idpname, spname) + except Exception, e: # pylint: disable=broad-except + print >> sys.stderr, " ERROR: %s" % repr(e) + sys.exit(1) + print " SUCCESS" print "testlogout: Logout without logging into SP ...", try: @@ -231,50 +251,43 @@ if __name__ == '__main__': sys.exit(1) print " SUCCESS" - print "testlogout: Access SP Protected Area of SP1...", - try: - page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/') - page.expected_value('text()', 'WORKS!') - except ValueError, e: - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" - - print "testlogout: Access SP Protected Area of SP2...", - try: - page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/') - page.expected_value('text()', 'WORKS!') - except ValueError, e: - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" - - print "testlogout: Logout from both ...", - try: - page = sess.fetch_page(idpname, '%s/%s?%s' % ( - 'http://127.0.0.11:45081', 'saml2/logout', - 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html')) - page.expected_value('text()', 'Logged out') - except ValueError, e: - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" - - print "testlogout: Ensure logout of SP1 ...", - try: - ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/') - except ValueError, e: - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" - - print "testlogout: Ensure logout of SP2 ...", - try: - ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/') - except ValueError, e: - print >> sys.stderr, " ERROR: %s" % repr(e) - sys.exit(1) - print " SUCCESS" + # Test logout from each of the SP's in the list to ensure that the + # order of logout doesn't matter. + for sporder in splist: + print "testlogout: Access SP Protected Area of each SP ...", + for sp in splist: + spname = sp['nameid'] + spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port']) + try: + page = sess.fetch_page(idpname, spurl) + page.expected_value('text()', 'WORKS!') + except ValueError, e: + print >> sys.stderr, " ERROR: %s" % repr(e) + sys.exit(1) + print " SUCCESS" + + print "testlogout: Initiate logout from %s ..." % sporder['nameid'], + try: + logouturl = 'http://%s:%s' % (sp['addr'], sp['port']) + page = sess.fetch_page(idpname, '%s/%s?%s' % ( + logouturl, 'saml2/logout', + 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html')) + page.expected_value('text()', 'Logged out') + except ValueError, e: + print >> sys.stderr, " ERROR: %s" % repr(e) + sys.exit(1) + print " SUCCESS" + + print "testlogout: Ensure logout of each SP ...", + for sp in splist: + spname = sp['nameid'] + spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port']) + try: + ensure_logout(sess, idpname, spurl) + except ValueError, e: + print >> sys.stderr, " ERROR: %s" % repr(e) + sys.exit(1) + print " SUCCESS" # Test IdP-initiated logout print "testlogout: Access SP Protected Area of SP1...", @@ -288,7 +301,7 @@ if __name__ == '__main__': print "testlogout: Access SP Protected Area of SP2...", try: - page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/') + page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/') page.expected_value('text()', 'WORKS!') except ValueError, e: print >> sys.stderr, " ERROR: %s" % repr(e) @@ -325,7 +338,7 @@ if __name__ == '__main__': print "testlogout: Ensure logout of SP2 ...", try: - ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/') + ensure_logout(sess, idpname, 'http://127.0.0.11:45082/sp/') except ValueError, e: print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) |