Added Python simulation for isPassive and corrected some simulation bugs.

Added isPassive tests.
author: Emmanuel Raviart <eraviart@entrouvert.com> 2004-08-06 20:48:24 +0000
committer: Emmanuel Raviart <eraviart@entrouvert.com> 2004-08-06 20:48:24 +0000
commit: f71f68877fb706158493fba8c8102b8d03b51430 (patch)
tree: 1cf4f96648acf33cecf012b0edf3ce66d498c222 /python/tests
parent: e1c8d45f13552ebfbbc33763a8fcca96078eab45 (diff)
download: lasso-f71f68877fb706158493fba8c8102b8d03b51430.tar.gz
lasso-f71f68877fb706158493fba8c8102b8d03b51430.tar.xz
lasso-f71f68877fb706158493fba8c8102b8d03b51430.zip
4 files changed, 109 insertions, 33 deletions
diff --git a/python/tests/IdentityProvider.py b/python/tests/IdentityProvider.py
index 248f5879..e1cfef5b 100644
--- a/python/tests/IdentityProvider.py
+++ b/python/tests/IdentityProvider.py
@@ -41,17 +41,22 @@ class IdentityProvider(Provider):
     def singleSignOn(self, httpRequest):
         server = self.getServer()
         login = lasso.Login.new(server)
-        identityDump = self.getIdentityDump(httpRequest.client)
-        if identityDump is not None:
-            login.set_identity_from_dump(identityDump)
-        sessionDump = self.getSessionDump(httpRequest.client)
-        if sessionDump is not None:
-            login.set_session_from_dump(sessionDump)
-        authnRequestQuery = self.extractQueryFromUrl(httpRequest.url)
-        login.init_from_authn_request_msg(authnRequestQuery, lasso.httpMethodRedirect)
-
-        self.failUnless(login.must_authenticate()) # FIXME: To improve.
         webSession = self.getWebSession(httpRequest.client)
+        webUser = None
+        if webSession is not None:
+            if webSession.sessionDump is not None:
+                login.set_session_from_dump(webSession.sessionDump)
+            webUser = self.getWebUserFromWebSession(webSession)
+            if webUser is not None and webUser.identityDump is not None:
+                login.set_identity_from_dump(webUser.identityDump)
+        login.init_from_authn_request_msg(httpRequest.query, lasso.httpMethodRedirect)
+
+        if not login.must_authenticate():
+            userAuthenticated = webUser is not None
+            authenticationMethod = lasso.samlAuthenticationMethodPassword # FIXME
+            return self.singleSignOn_part2(
+                httpRequest, login, webSession, webUser, userAuthenticated, authenticationMethod)
+
         if webSession is None:
             webSession = self.createWebSession(httpRequest.client)
         webSession.loginDump = login.dump()
@@ -70,18 +75,22 @@ class IdentityProvider(Provider):
         del webSession.loginDump
         login = lasso.Login.new_from_dump(server, loginDump)
         # Set identity & session in login, because loginDump doesn't contain them.
-        identityDump = self.getIdentityDump(httpRequest.client)
-        if identityDump is not None:
-            login.set_identity_from_dump(identityDump)
-        sessionDump = self.getSessionDump(httpRequest.client)
-        if sessionDump is not None:
-            login.set_session_from_dump(sessionDump)
+        if webSession.sessionDump is not None:
+            login.set_session_from_dump(webSession.sessionDump)
+        webUser = self.getWebUserFromWebSession(webSession)
+        if webUser is not None and webUser.identityDump is not None:
+            login.set_identity_from_dump(webUser.identityDump)
+
+        return self.singleSignOn_part2(
+            httpRequest, login, webSession, webUser, userAuthenticated, authenticationMethod)
+
+    def singleSignOn_part2(self, httpRequest, login, webSession, webUser, userAuthenticated,
+                           authenticationMethod):
         self.failUnlessEqual(login.protocolProfile, lasso.loginProtocolProfileBrwsArt) # FIXME
         login.build_artifact_msg(
             userAuthenticated, authenticationMethod, 'FIXME: reauthenticateOnOrAfter',
             lasso.httpMethodRedirect)
         if userAuthenticated:
-            webUser = self.getWebUserFromWebSession(webSession)
             if login.is_identity_dirty():
                 identityDump = login.get_identity().dump()
                 self.failUnless(identityDump)
@@ -151,13 +160,15 @@ class IdentityProvider(Provider):
             identityDump = identity.dump()
             self.failUnless(identityDump)
             self.failUnless(logout.is_session_dirty())
-            session = logout.get_session()
-            if session is None:
-                del webSession.sessionDump
-            else:
-                sessionDump = session.dump()
-                self.failUnless(sessionDump)
-                webSession.sessionDump = sessionDump
+
+            # Log the user out.
+            # It is done before logout from other service providers, since we don't want to
+            # accept passive login connections inbetween.
+            del webSession.sessionDump
+            del webSession.webUserId
+            # We also delete the session, but it is not mandantory, since the user is logged out
+            # anyway.
+            del self.webSessions[webSession.uniqueId] 
             nameIdentifier = logout.nameIdentifier
             self.failUnless(nameIdentifier)
             del self.webSessionIdsByNameIdentifier[nameIdentifier]
diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py
index 77520734..699c96b3 100644
--- a/python/tests/ServiceProvider.py
+++ b/python/tests/ServiceProvider.py
@@ -37,8 +37,7 @@ class ServiceProvider(Provider):
     def assertionConsumer(self, httpRequest):
         server = self.getServer()
         login = lasso.Login.new(server)
-        responseQuery = self.extractQueryFromUrl(httpRequest.url)
-        login.init_request(responseQuery, lasso.httpMethodRedirect)
+        login.init_request(httpRequest.query, lasso.httpMethodRedirect)
         login.build_request_msg()
 
         soapEndpoint = login.msg_url
@@ -102,13 +101,15 @@ class ServiceProvider(Provider):
             userAuthenticated = webUserId in self.webUsers
             if not userAuthenticated:
                 return HttpResponse(401, 'Access Unauthorized: User has no account.')
-            webSession.webUserId = webUserId
             webUser = self.webUsers[webUserId]
 
+        webSession.webUserId = webUser.uniqueId
+
         # Store the updated identity dump and session dump.
         if login.is_identity_dirty():
             webUser.identityDump = identityDump
         webSession.sessionDump = sessionDump
+
         self.webUserIdsByNameIdentifier[nameIdentifier] = webUser.uniqueId
         self.webSessionIdsByNameIdentifier[nameIdentifier] = webSession.uniqueId
 
@@ -119,7 +120,7 @@ class ServiceProvider(Provider):
         login = lasso.Login.new(server)
         login.init_authn_request(self.idpSite.providerId)
         self.failUnlessEqual(login.request_type, lasso.messageTypeAuthnRequest)
-        login.request.set_isPassive(False)
+        login.request.set_isPassive(httpRequest.getQueryBoolean('isPassive', False))
         login.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated)
         login.request.set_consent(lasso.libConsentObtained)
         relayState = 'fake'
@@ -164,8 +165,14 @@ class ServiceProvider(Provider):
         self.failUnless(logout.is_session_dirty())
         session = logout.get_session()
         if session is None:
+            # The user is no more authenticated on any identity provider. Log him out.
             del webSession.sessionDump
+            del webSession.webUserId
+            # We also delete the session, but it is not mandantory, since the user is logged out
+            # anyway.
+            del self.webSessions[webSession.uniqueId] 
         else:
+            # The user is still logged in on some other identity providers.
             sessionDump = session.dump()
             self.failUnless(sessionDump)
             webSession.sessionDump = sessionDump
diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py
index e5f4e405..ff25037d 100644
--- a/python/tests/login_tests.py
+++ b/python/tests/login_tests.py
@@ -109,9 +109,11 @@ class LoginTestCase(unittest.TestCase):
         self.failUnlessEqual(httpResponse.statusCode, 200)
         httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
+        self.failIf(spSite.webSessions)
+        self.failIf(idpSite.webSessions)
 
     def test02(self):
-        """Service provider initiated login using HTTP redirect and service provider initiated logout using SOAP. Done twice."""
+        """Service provider initiated login using HTTP redirect and service provider initiated logout using SOAP. Done three times."""
 
         internet = Internet()
         idpSite = self.generateIdpSite(internet)
@@ -126,12 +128,27 @@ class LoginTestCase(unittest.TestCase):
         httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
 
-        # Once again, but now the principal already has a federation between spSite and idpSite.
+        # Once again. Now the principal already has a federation between spSite and idpSite.
         httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/loginUsingRedirect'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
         httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
 
+        # Once again. Do a new passive login between normal login and logout.
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/loginUsingRedirect'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+        del principal.keyring[idpSite.url] # Ensure identity provider will be really passive.
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?isPassive=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+
+        # Once again, with isPassive and the user having no web session.
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?isPassive=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 401)
+
     def test03(self):
         """Service provider initiated login using HTTP redirect, but user fail to authenticate himself on identity provider. Then logout, with same problem."""
 
@@ -165,6 +182,21 @@ class LoginTestCase(unittest.TestCase):
         httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 401)
 
+    def test05(self):
+        """Service provider initiated login using HTTP redirect with isPassive for a user without federation yet."""
+
+        internet = Internet()
+        idpSite = self.generateIdpSite(internet)
+        spSite = self.generateSpSite(internet)
+        spSite.idpSite = idpSite
+        principal = Principal(internet, 'Romain Chantereau')
+        principal.keyring[idpSite.url] = 'Chantereau'
+        principal.keyring[spSite.url] = 'Romain'
+
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?isPassive=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 401)
+
 ##     def test06(self):
 ##         """Service provider LECP login."""
 
diff --git a/python/tests/websimulator.py b/python/tests/websimulator.py
index f663623a..806b5dd5 100644
--- a/python/tests/websimulator.py
+++ b/python/tests/websimulator.py
@@ -43,6 +43,35 @@ class HttpRequest(object):
         webSite = self.client.internet.getWebSite(self.url)
         return webSite.doHttpRequest(self)
 
+    def getQueryBoolean(self, name, default = 'none'):
+        try:
+            fieldValue = self.getQueryField(name)
+        except KeyError:
+            if default == 'none':
+                raise
+            return default
+        return fieldValue.lower not in ('', '0', 'false')
+
+    def getQuery(self):
+        splitedUrl = self.url.split('?', 1)
+        if len(splitedUrl) > 1:
+            return splitedUrl[1]
+        else:
+            return ''
+
+    def getQueryField(self, name, default = 'none'):
+        query = self.query
+        if query:
+            for field in self.query.split('&'):
+                fieldName, fieldValue = field.split('=')
+                if name == fieldName:
+                    return fieldValue
+        if default == 'none':
+            raise KeyError(name)
+        return default
+
+    query = property(getQuery)
+
 
 class HttpResponse(object):
     body = None
@@ -195,9 +224,6 @@ class WebSite(WebClient, Simulation):
         method = getattr(self, methodName)
         return method(httpRequest)
 
-    def extractQueryFromUrl(self, url):
-        return url.split('?', 1)[1]
-
     def getIdentityDump(self, principal):
         webSession = self.getWebSession(principal)
         webUser = self.getWebUserFromWebSession(webSession)
author	Emmanuel Raviart <eraviart@entrouvert.com>	2004-08-06 20:48:24 +0000
committer	Emmanuel Raviart <eraviart@entrouvert.com>	2004-08-06 20:48:24 +0000
commit	f71f68877fb706158493fba8c8102b8d03b51430 (patch)
tree	1cf4f96648acf33cecf012b0edf3ce66d498c222 /python/tests
parent	e1c8d45f13552ebfbbc33763a8fcca96078eab45 (diff)
download	lasso-f71f68877fb706158493fba8c8102b8d03b51430.tar.gz lasso-f71f68877fb706158493fba8c8102b8d03b51430.tar.xz lasso-f71f68877fb706158493fba8c8102b8d03b51430.zip