fix the problem of setting the user environ in SOAP method :

the problem : process_request_msg needs usr environ to verify federation
              and authentication.

a solution :
first load the request msg
get the name identifier of the request
find the user dump from the name identifier and load it in logout object
process the request

see python/examples/logout.py for the methods.

5 files changed, 127 insertions, 40 deletions

diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index 5bb8a529..6a74cafd 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -243,17 +243,25 @@ lasso_logout_init_request(LassoLogout *logout,
   return(0);
 }
 
-gint
-lasso_logout_process_request_msg(LassoLogout      *logout,
-				 gchar            *request_msg,
-				 lassoHttpMethods  request_method)
+gint lasso_logout_load_user_dump(LassoLogout *logout,
+				 gchar       *user_dump)
+{
+  LassoProfileContext *profileContext;
+
+  g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1);
+  g_return_val_if_fail(user_dump!=NULL, -1);
+
+  profileContext = LASSO_PROFILE_CONTEXT(logout);
+
+  profileContext->user = lasso_user_new_from_dump(user_dump);
+
+}
+
+gint lasso_logout_load_request_msg(LassoLogout     *logout,
+				   gchar           *request_msg,
+				   lassoHttpMethods request_method)
 {
   LassoProfileContext *profileContext;
-  LassoIdentity *identity;
-  LassoNode *nameIdentifier, *assertion;
-  LassoNode *statusCode;
-  LassoNodeClass *statusCode_class;
-  xmlChar *remote_providerID;
 
   g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1);
   g_return_val_if_fail(request_msg!=NULL, -2);
@@ -281,15 +289,43 @@ lasso_logout_process_request_msg(LassoLogout      *logout,
     return(-4);
   }
 
+  /* get the NameIdentifier to load user dump */
+  logout->nameIdentifier = lasso_node_get_child_content(profileContext->request,"NameIdentifier", NULL);
+
+  return(0);
+}
+
+gint
+lasso_logout_process_request(LassoLogout *logout)
+{
+  LassoProfileContext *profileContext;
+  LassoIdentity *identity;
+  LassoNode *nameIdentifier, *assertion;
+  LassoNode *statusCode;
+  LassoNodeClass *statusCode_class;
+  xmlChar *remote_providerID;
+
+  g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1);
+
+  profileContext = LASSO_PROFILE_CONTEXT(logout);
+
+  if(profileContext->request==NULL){
+    debug(ERROR, "LogoutRequest not found\n");
+    return(-1);
+  }
+
   /* set the remote provider id from the request */
   remote_providerID = lasso_node_get_child_content(profileContext->request, "ProviderID", NULL);
+  if(remote_providerID==NULL){
+    debug(ERROR, "ProviderID in LogoutRequest not found\n");
+    return(-1);
+  }
   profileContext->remote_providerID = remote_providerID;
 
   /* set LogoutResponse */
   profileContext->response = lasso_logout_response_new(profileContext->server->providerID,
 						       lassoSamlStatusCodeSuccess,
 						       profileContext->request);
-
   if(profileContext->response==NULL){
     message(G_LOG_LEVEL_ERROR, "Error while building response\n");
     return(-5);
@@ -315,6 +351,7 @@ lasso_logout_process_request_msg(LassoLogout      *logout,
   if(profileContext->user==NULL){
     message(G_LOG_LEVEL_WARNING, "User environ not found\n");
     statusCode_class->set_prop(statusCode, "Value", lassoSamlStatusCodeRequestDenied);
+    return(-1);
   }
 
   assertion = lasso_user_get_assertion(profileContext->user, remote_providerID);
@@ -338,6 +375,7 @@ lasso_logout_process_request_msg(LassoLogout      *logout,
     return(-10);
   }
 
+  /* verification is ok, save name identifier in logout object */
   switch(profileContext->provider_type){
   case lassoProviderTypeSp:
     /* at sp, everything is ok, delete the assertion */
@@ -495,20 +533,19 @@ GType lasso_logout_get_type() {
 }
 
 LassoLogout *
-lasso_logout_new(LassoServer        *server,
-		 LassoUser          *user,
-		 lassoProviderTypes  provider_type)
+lasso_logout_new(lassoProviderTypes  provider_type,
+		 LassoServer        *server,
+		 LassoUser          *user)
 {
   LassoLogout *logout;
 
   g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
-  g_return_val_if_fail(LASSO_IS_USER(user), NULL);
 
   /* set the logout object */
   logout = g_object_new(LASSO_TYPE_LOGOUT,
+			"provider_type", provider_type,
 			"server", server,
 			"user", user,
-			"provider_type", provider_type,
 			NULL);
 
   return(logout);
diff --git a/lasso/id-ff/logout.h b/lasso/id-ff/logout.h
index bf86fd26..10ac52b0 100644
--- a/lasso/id-ff/logout.h
+++ b/lasso/id-ff/logout.h
@@ -51,6 +51,8 @@ struct _LassoLogout {
   LassoNode *first_request;
   LassoNode *first_response;
   gchar     *first_remote_providerID;
+
+  gchar *nameIdentifier;
   /*< public >*/
 
   /*< private >*/
@@ -63,9 +65,9 @@ struct _LassoLogoutClass {
 
 LASSO_EXPORT GType        lasso_logout_get_type                (void);
 
-LASSO_EXPORT LassoLogout* lasso_logout_new                     (LassoServer        *server,
-								LassoUser          *user,
-								lassoProviderTypes  provider_type);
+LASSO_EXPORT LassoLogout* lasso_logout_new                     (lassoProviderTypes  provider_type,
+								LassoServer        *server,
+								LassoUser          *user);
  
 LASSO_EXPORT gint         lasso_logout_build_request_msg       (LassoLogout *logout);
 
@@ -78,6 +80,15 @@ LASSO_EXPORT gchar*       lasso_logout_get_next_providerID     (LassoLogout *log
 LASSO_EXPORT gint         lasso_logout_init_request            (LassoLogout *logout,
 								gchar       *remote_providerID);
 
+LASSO_EXPORT gint         lasso_logout_load_user_dump          (LassoLogout *logout,
+								gchar       *user_dump);
+
+LASSO_EXPORT gint         lasso_logout_load_request_msg        (LassoLogout     *logout,
+								gchar           *request_msg,
+								lassoHttpMethods request_method);
+
+LASSO_EXPORT gint         lasso_logout_process_request         (LassoLogout *logout);
+
 LASSO_EXPORT gint         lasso_logout_process_request_msg     (LassoLogout      *logout,
 								gchar            *request_msg,
 								lassoHttpMethods  request_method);
diff --git a/python/environs/py_logout.c b/python/environs/py_logout.c
index 35fa483e..44beca6a 100644
--- a/python/environs/py_logout.c
+++ b/python/environs/py_logout.c
@@ -56,13 +56,15 @@ PyObject *logout_getattr(PyObject *self, PyObject *args) {
 
   if (!strcmp(attr, "__members__"))
     return Py_BuildValue("[ssss]", "user", "msg_url", "msg_body",
-			 "msg_relayState");
+			 "nameIdentifier", "msg_relayState");
   if (!strcmp(attr, "user"))
     return (LassoUser_wrap(LASSO_PROFILE_CONTEXT(logout)->user));
   if (!strcmp(attr, "msg_url"))
     return (charPtrConst_wrap(LASSO_PROFILE_CONTEXT(logout)->msg_url));
   if (!strcmp(attr, "msg_body"))
     return (charPtrConst_wrap(LASSO_PROFILE_CONTEXT(logout)->msg_body));
+  if (!strcmp(attr, "nameIdentifier"))
+    return (charPtrConst_wrap(logout->nameIdentifier));
   if (!strcmp(attr, "msg_relayState"))
     return (charPtrConst_wrap(LASSO_PROFILE_CONTEXT(logout)->msg_relayState));
 
@@ -72,20 +74,20 @@ PyObject *logout_getattr(PyObject *self, PyObject *args) {
 
 
 PyObject *logout_new(PyObject *self, PyObject *args) {
+  gint         provider_type;
   PyObject    *server_obj, *user_obj;
   LassoLogout *logout;
-  gint         provider_type;
 
-  if (CheckArgs(args, "OOI:logout_new")) {
-    if(!PyArg_ParseTuple(args, (char *) "OOi:logout_new",
-			 &server_obj, &user_obj, &provider_type))
+  if (CheckArgs(args, "IOo:logout_new")) {
+    if(!PyArg_ParseTuple(args, (char *) "IO|O:logout_new",
+			 &provider_type, &server_obj, &user_obj))
       return NULL;
   }
   else return NULL;
 
-  logout = lasso_logout_new(LassoServer_get(server_obj),
-			    LassoUser_get(user_obj),
-			    provider_type);
+  logout = lasso_logout_new(provider_type,
+			    LassoServer_get(server_obj),
+			    LassoUser_get(user_obj));
 
   return (LassoLogout_wrap(logout));
 }
@@ -149,12 +151,8 @@ PyObject *logout_get_next_providerID(PyObject *self, PyObject *args) {
   else return NULL;
 
   remote_providerID = lasso_logout_get_next_providerID(LassoLogout_get(logout_obj));
-  if(remote_providerID==NULL){
-    Py_INCREF(Py_None);
-    return (Py_None);
-  }
 
-  return (charPtr_wrap(remote_providerID));
+  return (charPtrConst_wrap(remote_providerID));
 }
 
 PyObject *logout_init_request(PyObject *self, PyObject *args) {
@@ -174,20 +172,54 @@ PyObject *logout_init_request(PyObject *self, PyObject *args) {
   return(int_wrap(codeError));
 }
 
-PyObject *logout_process_request_msg(PyObject *self, PyObject *args) {
+PyObject *logout_load_request_msg(PyObject *self, PyObject *args){
   PyObject *logout_obj;
   gchar    *request_msg;
   gint      request_method;
   gint      codeError;
 
-  if (CheckArgs(args, "OSI:logout_process_request_msg")) {
-    if(!PyArg_ParseTuple(args, (char *) "Osi:logout_process_request_msg",
+  if (CheckArgs(args, "OSI:logout_load_request_msg")) {
+    if(!PyArg_ParseTuple(args, (char *) "Osi:logout_load_request_msg",
 			 &logout_obj, &request_msg, &request_method))
       return NULL;
   }
   else return NULL;
 
-  codeError = lasso_logout_process_request_msg(LassoLogout_get(logout_obj), request_msg, request_method);
+  codeError = lasso_logout_load_request_msg(LassoLogout_get(logout_obj), request_msg, request_method);
+
+  return(int_wrap(codeError));
+}
+
+PyObject *logout_load_user_dump(PyObject *self, PyObject *args){
+  PyObject *logout_obj;
+  gchar    *user_dump;
+  gint      codeError;
+
+  if (CheckArgs(args, "OS:logout_load_request_msg")) {
+    if(!PyArg_ParseTuple(args, (char *) "Os:logout_load_request_msg",
+			 &logout_obj, &user_dump))
+      return NULL;
+  }
+  else return NULL;
+
+  codeError = lasso_logout_load_user_dump(LassoLogout_get(logout_obj), user_dump);
+
+  return(int_wrap(codeError));
+}
+
+
+PyObject *logout_process_request(PyObject *self, PyObject *args) {
+  PyObject *logout_obj;
+  gint      codeError;
+
+  if (CheckArgs(args, "O:logout_process_request_msg")) {
+    if(!PyArg_ParseTuple(args, (char *) "O:logout_process_request_msg",
+			 &logout_obj))
+      return NULL;
+  }
+  else return NULL;
+
+  codeError = lasso_logout_process_request(LassoLogout_get(logout_obj));
 
   return(int_wrap(codeError));
 }
diff --git a/python/environs/py_logout.h b/python/environs/py_logout.h
index 773ec548..8e1f271a 100644
--- a/python/environs/py_logout.h
+++ b/python/environs/py_logout.h
@@ -46,8 +46,10 @@ PyObject *logout_build_response_msg(PyObject *self, PyObject *args);
 PyObject *logout_destroy(PyObject *self, PyObject *args);
 PyObject *logout_get_next_providerID(PyObject *self, PyObject *args);
 PyObject *logout_init_request(PyObject *self, PyObject *args);
+PyObject *logout_load_request_msg(PyObject *self, PyObject *args);
+PyObject *logout_load_user_dump(PyObject *self, PyObject *args);
 PyObject *logout_new(PyObject *self, PyObject *args);
-PyObject *logout_process_request_msg(PyObject *self, PyObject *args);
+PyObject *logout_process_request(PyObject *self, PyObject *args);
 PyObject *logout_process_response_msg(PyObject *self, PyObject *args);
 
 #endif /* __PYLASSO_PY_LOGOUT_H__ */
diff --git a/python/examples/logout.py b/python/examples/logout.py
index c4f13254..60cafe4c 100644
--- a/python/examples/logout.py
+++ b/python/examples/logout.py
@@ -37,7 +37,7 @@ idpuser_dump = "<LassoUser><LassoAssertions><LassoAssertion RemoteProviderID=\"h
 # SP1 build a request :
 sp1user = lasso.User.new_from_dump(sp1user_dump)
 
-sp1logout = lasso.Logout.new(sp1server, sp1user, lasso.providerTypeSp)
+sp1logout = lasso.Logout.new(lasso.providerTypeSp, sp1server, sp1user)
 sp1logout.init_request()
 sp1logout.build_request_msg()
 
@@ -48,8 +48,7 @@ sp1logout.destroy()
 
 # IDP process request and return a response :
 idpuser = lasso.User.new_from_dump(idpuser_dump)
-idplogout = lasso.Logout.new(idpserver, idpuser, lasso.providerTypeIdp)
-
+idplogout = lasso.Logout.new(lasso.providerTypeIdp, idpserver)
 
 if lasso.get_request_type_from_soap_msg(msg_body)==lasso.requestTypeLogout:
     print "it's a logout request !"
@@ -57,7 +56,12 @@ if lasso.get_request_type_from_soap_msg(msg_body)==lasso.requestTypeLogout:
 #fake response, only for test !
 response_msg_body = "<Envelope><LogoutResponse><ProviderID>https://service-provider2:2003/liberty-alliance/metadata</ProviderID><Status><StatusCode Value=\"Samlp:Success\"></StatusCode></Status></LogoutResponse></Envelope>"
 
-idplogout.process_request_msg(msg_body, lasso.httpMethodSoap)
+idplogout.load_request_msg(msg_body, lasso.httpMethodSoap)
+nameIdentifier = idplogout.nameIdentifier
+print "get the user dump from NameIdentifier : ", nameIdentifier
+idplogout.load_user_dump(idpuser_dump)
+idplogout.process_request()
+
 next_provider_id = idplogout.get_next_providerID()
 while next_provider_id:
     idplogout.init_request(next_provider_id)
@@ -69,5 +73,6 @@ while next_provider_id:
 
     next_provider_id = idplogout.get_next_providerID()
 
+idplogout.build_response_msg()
 
 print "End of logout"