From 1055b7bc810139d1e6ee3c225bcfba7b88e7aeab Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 9 Apr 2015 15:11:39 -0400
Subject: Add test for per-SP allowed and mapping attributes

This buidls up a specific global mapping and allowed attributes then
creates an SP-specific configuration which differs enough to confirm
that it is in fact overriding the default. It finishes by removing the
per-SP configuration and ensuring that it falls back to the IdP-default.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 tests/helpers/http.py | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

(limited to 'tests/helpers/http.py')

diff --git a/tests/helpers/http.py b/tests/helpers/http.py
index d8c56b3..dc7fbd5 100755
--- a/tests/helpers/http.py
+++ b/tests/helpers/http.py
@@ -282,6 +282,51 @@ class HttpSessions(object):
         if r.status_code != 200:
             raise ValueError('Failed to post SP data [%s]' % repr(r))
 
+    # pylint: disable=dangerous-default-value
+    def set_attributes_and_mapping(self, idp, mapping=[], attrs=[],
+                                   spname=None):
+        """
+        Set allowed attributes and mapping in the IDP or the SP. In the
+        case of the SP both allowed attributes and the mapping need to
+        be provided. An empty option for either means delete all values.
+
+        mapping is a list of list of rules of the form:
+           [['from-1', 'to-1'], ['from-2', 'from-2']]
+
+        ex. [['*', '*'], ['fullname', 'namefull']]
+
+        attrs is the list of attributes that will be allowed:
+           ['fullname', 'givenname', 'surname']
+        """
+        idpsrv = self.servers[idp]
+        idpuri = idpsrv['baseuri']
+        if spname:  # per-SP setting
+            url = '%s/%s/admin/providers/saml2/admin/sp/%s' % (
+                idpuri, idp, spname)
+            mapname = 'Attribute Mapping'
+            attrname = 'Allowed Attributes'
+        else:  # global default
+            url = '%s/%s/admin/providers/saml2' % (idpuri, idp)
+            mapname = 'default attribute mapping'
+            attrname = 'default allowed attributes'
+
+        headers = {'referer': url}
+        headers['content-type'] = 'application/x-www-form-urlencoded'
+        payload = {'submit': 'Submit'}
+        count = 0
+        for m in mapping:
+            payload['%s %s-from' % (mapname, count)] = m[0]
+            payload['%s %s-to' % (mapname, count)] = m[1]
+            count += 1
+        count = 0
+        for attr in attrs:
+            payload['%s %s-name' % (attrname, count)] = attr
+            count += 1
+        r = idpsrv['session'].post(url, headers=headers,
+                                   data=payload)
+        if r.status_code != 200:
+            raise ValueError('Failed to post IDP data [%s]' % repr(r))
+
     def fetch_rest_page(self, idpname, uri):
         """
         idpname - the name of the IDP to fetch the page from
-- 
cgit