Added logout to sample Liberty proxy, but it fails because of Lasso bug #259.

author: Emmanuel Raviart <eraviart@entrouvert.com> 2004-08-14 08:36:18 +0000
committer: Emmanuel Raviart <eraviart@entrouvert.com> 2004-08-14 08:36:18 +0000
commit: e6f7ff0416424afd865bc34f5fe63cb4c691b67b (patch)
tree: 4f6070a9cc97d502d76047927799628b353e33eb /python/tests
parent: 8836ee6979c26484bcd31043b2f3ce92ddfb3b8b (diff)
download: lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.tar.gz
lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.tar.xz
lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.zip
4 files changed, 48 insertions, 19 deletions
diff --git a/python/tests/IdentityProvider.py b/python/tests/IdentityProvider.py
index 33431761..7d89f387 100644
--- a/python/tests/IdentityProvider.py
+++ b/python/tests/IdentityProvider.py
@@ -154,7 +154,7 @@ class IdentityProviderMixin(Provider.ProviderMixin):
         responseUrl = login.msg_url
         failUnless(responseUrl)
         return handler.respondRedirectTemporarily(responseUrl)
-        
+
     def soapEndpoint(self, handler):
         soapRequestMsg = handler.httpRequest.body
         requestType = lasso.get_request_type_from_soap_msg(soapRequestMsg)
@@ -182,17 +182,21 @@ class IdentityProviderMixin(Provider.ProviderMixin):
             nameIdentifier = logout.nameIdentifier
             failUnless(nameIdentifier)
 
-            # Retrieve session dump and identity dump using name identifier.
+            # Retrieve session and user using name identifier.
             session = self.getSessionFromNameIdentifier(nameIdentifier)
             if session is None:
                 raise Exception('FIXME: Handle the case when there is no web session')
+            user = self.getUserFromNameIdentifier(nameIdentifier)
+            if user is None:
+                raise Exception('FIXME: Handle the case when there is no web user')
+
+            # The identity provider may want to do some things, before logging out.
+            self.soapEndpoint_logout_prepare(handler, session, user)
+
             if session.lassoSessionDump is None:
                 raise Exception(
                     'FIXME: Handle the case when there is no session dump in web session')
             logout.set_session_from_dump(session.lassoSessionDump)
-            user = self.getUserFromNameIdentifier(nameIdentifier)
-            if user is None:
-                raise Exception('FIXME: Handle the case when there is no web user')
             if user.lassoIdentityDump is None:
                 raise Exception(
                     'FIXME: Handle the case when there is no identity dump in web user')
@@ -243,3 +247,10 @@ class IdentityProviderMixin(Provider.ProviderMixin):
                 headers = {'Content-Type': 'text/xml'}, body = soapResponseMsg)
         else:
             raise Exception('Unknown request type: %s' % requestType)
+
+    def soapEndpoint_logout_prepare(self, handler, session, user):
+        """Prepare logout.
+
+        Override this method to do some processing before identity provider logout proceeds.
+        """
+        pass
diff --git a/python/tests/LibertyEnabledProxy.py b/python/tests/LibertyEnabledProxy.py
index 8c5eb2de..3b33e810 100644
--- a/python/tests/LibertyEnabledProxy.py
+++ b/python/tests/LibertyEnabledProxy.py
@@ -33,6 +33,13 @@ class LibertyEnabledProxyMixin(IdentityProviderMixin, ServiceProviderMixin):
         ServiceProviderMixin.__init__(self)
         IdentityProviderMixin.__init__(self)
 
+    def assertionConsumer_done(self, handler):
+        # Before, this proxy was considered as a service provider. Now it acts again as an identity
+        # provider.
+        # FIXME: We should retrieve authentication method from session.lassoSessionDump.
+        # FIXME: Handle Liberty ProxyCount.
+        return self.login_done(handler, True, lasso.samlAuthenticationMethodPassword)
+
     def login(self, handler):
         # Before, this proxy was considered as an identity provider. Now it is a service provider.
         # FIXME: Handle Liberty ProxyCount.
@@ -44,9 +51,15 @@ class LibertyEnabledProxyMixin(IdentityProviderMixin, ServiceProviderMixin):
         # FIXME: Handle Liberty ProxyCount.
         return self.login_done(handler, False, None)
 
-    def assertionConsumer_done(self, handler):
+    def logout_done(self, handler, nameIdentifier):
         # Before, this proxy was considered as a service provider. Now it acts again as an identity
         # provider.
-        # FIXME: We should retrieve authentication method from session.lassoSessionDump.
         # FIXME: Handle Liberty ProxyCount.
-        return self.login_done(handler, True, lasso.samlAuthenticationMethodPassword)
+
+        # Don't do logout_done actions, because they will be done in soapEndpoint.
+        return None
+
+    def soapEndpoint_logout_prepare(self, handler, session, user):
+        # Before, this proxy was considered as an identity provider. Now it is a service provider.
+        # FIXME: Handle Liberty ProxyCount.
+        return self.logout_do(handler, session, user)
diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py
index 7baea90a..12879d05 100644
--- a/python/tests/ServiceProvider.py
+++ b/python/tests/ServiceProvider.py
@@ -259,14 +259,16 @@ class ServiceProviderMixin(Provider.ProviderMixin):
         # Note: The uppercase for RelayState below is not a bug.
         return self.callHttpFunction(self.assertionConsumer_done, handler, RelayState = relayState)
 
-    def logoutUsingSoap(self, handler):
+    def logout(self, handler):
         session = handler.session
         if session is None:
             return handler.respond(401, 'Access Unauthorized: User has no session opened.')
         user = handler.user
         if user is None:
             return handler.respond(401, 'Access Unauthorized: User is not logged in.')
+        return self.logout_do(handler, session, user)
 
+    def logout_do(self, handler, session, user):
         lassoServer = self.getLassoServer()
         logout = lasso.Logout.new(lassoServer, lasso.providerTypeSp)
         if user.lassoIdentityDump is not None:
@@ -305,6 +307,9 @@ class ServiceProviderMixin(Provider.ProviderMixin):
             failUnless(lassoSessionDump)
             session.lassoSessionDump = lassoSessionDump
         nameIdentifier = logout.nameIdentifier
+        return self.logout_done(handler, nameIdentifier)
+
+    def logout_done(self, handler, nameIdentifier):
         failUnless(nameIdentifier)
         del self.sessionTokensByNameIdentifier[nameIdentifier]
 
diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py
index 17727750..72735643 100644
--- a/python/tests/login_tests.py
+++ b/python/tests/login_tests.py
@@ -125,7 +125,7 @@ class LoginTestCase(unittest.TestCase):
 
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
         failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
         failIf(spSite.sessions)
         failIf(idpSite.sessions)
@@ -144,7 +144,7 @@ class LoginTestCase(unittest.TestCase):
         httpResponse = principal.sendHttpRequestToSite(
             spSite, 'GET', '/login?RelayState=a_sample_relay_state')
         failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
         failIf(spSite.sessions)
         failIf(idpSite.sessions)
@@ -162,13 +162,13 @@ class LoginTestCase(unittest.TestCase):
 
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
         failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
 
         # Once again. Now the principal already has a federation between spSite and idpSite.
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
         failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
 
         # Once again. Do a new passive login between normal login and logout.
@@ -177,7 +177,7 @@ class LoginTestCase(unittest.TestCase):
         del principal.keyring[idpSite.url] # Ensure identity provider will be really passive.
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?isPassive=1')
         failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
 
         # Once again, with isPassive and the user having no web session.
@@ -197,7 +197,7 @@ class LoginTestCase(unittest.TestCase):
 
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
         failUnlessEqual(httpResponse.statusCode, 401)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 401)
 
     def test04(self):
@@ -214,7 +214,7 @@ class LoginTestCase(unittest.TestCase):
 
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
         failUnlessEqual(httpResponse.statusCode, 401)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 401)
 
     def test05(self):
@@ -244,7 +244,7 @@ class LoginTestCase(unittest.TestCase):
 
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?forceAuthn=1')
         failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
 
         # Ask user to reauthenticate while he is already logged.
@@ -253,13 +253,13 @@ class LoginTestCase(unittest.TestCase):
         del principal.keyring[idpSite.url] # Ensure user can't authenticate.
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?forceAuthn=1')
         failUnlessEqual(httpResponse.statusCode, 401)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 200)
 
         # Force authentication, but user won't authenticate.
         httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?forceAuthn=1')
         failUnlessEqual(httpResponse.statusCode, 401)
-        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+        httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
         failUnlessEqual(httpResponse.statusCode, 401)
 
     def test07(self):
author	Emmanuel Raviart <eraviart@entrouvert.com>	2004-08-14 08:36:18 +0000
committer	Emmanuel Raviart <eraviart@entrouvert.com>	2004-08-14 08:36:18 +0000
commit	e6f7ff0416424afd865bc34f5fe63cb4c691b67b (patch)
tree	4f6070a9cc97d502d76047927799628b353e33eb /python/tests
parent	8836ee6979c26484bcd31043b2f3ce92ddfb3b8b (diff)
download	lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.tar.gz lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.tar.xz lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.zip