summaryrefslogtreecommitdiffstats
path: root/python
diff options
context:
space:
mode:
authorEmmanuel Raviart <eraviart@entrouvert.com>2004-08-14 08:36:18 +0000
committerEmmanuel Raviart <eraviart@entrouvert.com>2004-08-14 08:36:18 +0000
commite6f7ff0416424afd865bc34f5fe63cb4c691b67b (patch)
tree4f6070a9cc97d502d76047927799628b353e33eb /python
parent8836ee6979c26484bcd31043b2f3ce92ddfb3b8b (diff)
downloadlasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.tar.gz
lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.tar.xz
lasso-e6f7ff0416424afd865bc34f5fe63cb4c691b67b.zip
Added logout to sample Liberty proxy, but it fails because of Lasso bug #259.
Diffstat (limited to 'python')
-rw-r--r--python/tests/IdentityProvider.py21
-rw-r--r--python/tests/LibertyEnabledProxy.py19
-rw-r--r--python/tests/ServiceProvider.py7
-rw-r--r--python/tests/login_tests.py20
4 files changed, 48 insertions, 19 deletions
diff --git a/python/tests/IdentityProvider.py b/python/tests/IdentityProvider.py
index 33431761..7d89f387 100644
--- a/python/tests/IdentityProvider.py
+++ b/python/tests/IdentityProvider.py
@@ -154,7 +154,7 @@ class IdentityProviderMixin(Provider.ProviderMixin):
responseUrl = login.msg_url
failUnless(responseUrl)
return handler.respondRedirectTemporarily(responseUrl)
-
+
def soapEndpoint(self, handler):
soapRequestMsg = handler.httpRequest.body
requestType = lasso.get_request_type_from_soap_msg(soapRequestMsg)
@@ -182,17 +182,21 @@ class IdentityProviderMixin(Provider.ProviderMixin):
nameIdentifier = logout.nameIdentifier
failUnless(nameIdentifier)
- # Retrieve session dump and identity dump using name identifier.
+ # Retrieve session and user using name identifier.
session = self.getSessionFromNameIdentifier(nameIdentifier)
if session is None:
raise Exception('FIXME: Handle the case when there is no web session')
+ user = self.getUserFromNameIdentifier(nameIdentifier)
+ if user is None:
+ raise Exception('FIXME: Handle the case when there is no web user')
+
+ # The identity provider may want to do some things, before logging out.
+ self.soapEndpoint_logout_prepare(handler, session, user)
+
if session.lassoSessionDump is None:
raise Exception(
'FIXME: Handle the case when there is no session dump in web session')
logout.set_session_from_dump(session.lassoSessionDump)
- user = self.getUserFromNameIdentifier(nameIdentifier)
- if user is None:
- raise Exception('FIXME: Handle the case when there is no web user')
if user.lassoIdentityDump is None:
raise Exception(
'FIXME: Handle the case when there is no identity dump in web user')
@@ -243,3 +247,10 @@ class IdentityProviderMixin(Provider.ProviderMixin):
headers = {'Content-Type': 'text/xml'}, body = soapResponseMsg)
else:
raise Exception('Unknown request type: %s' % requestType)
+
+ def soapEndpoint_logout_prepare(self, handler, session, user):
+ """Prepare logout.
+
+ Override this method to do some processing before identity provider logout proceeds.
+ """
+ pass
diff --git a/python/tests/LibertyEnabledProxy.py b/python/tests/LibertyEnabledProxy.py
index 8c5eb2de..3b33e810 100644
--- a/python/tests/LibertyEnabledProxy.py
+++ b/python/tests/LibertyEnabledProxy.py
@@ -33,6 +33,13 @@ class LibertyEnabledProxyMixin(IdentityProviderMixin, ServiceProviderMixin):
ServiceProviderMixin.__init__(self)
IdentityProviderMixin.__init__(self)
+ def assertionConsumer_done(self, handler):
+ # Before, this proxy was considered as a service provider. Now it acts again as an identity
+ # provider.
+ # FIXME: We should retrieve authentication method from session.lassoSessionDump.
+ # FIXME: Handle Liberty ProxyCount.
+ return self.login_done(handler, True, lasso.samlAuthenticationMethodPassword)
+
def login(self, handler):
# Before, this proxy was considered as an identity provider. Now it is a service provider.
# FIXME: Handle Liberty ProxyCount.
@@ -44,9 +51,15 @@ class LibertyEnabledProxyMixin(IdentityProviderMixin, ServiceProviderMixin):
# FIXME: Handle Liberty ProxyCount.
return self.login_done(handler, False, None)
- def assertionConsumer_done(self, handler):
+ def logout_done(self, handler, nameIdentifier):
# Before, this proxy was considered as a service provider. Now it acts again as an identity
# provider.
- # FIXME: We should retrieve authentication method from session.lassoSessionDump.
# FIXME: Handle Liberty ProxyCount.
- return self.login_done(handler, True, lasso.samlAuthenticationMethodPassword)
+
+ # Don't do logout_done actions, because they will be done in soapEndpoint.
+ return None
+
+ def soapEndpoint_logout_prepare(self, handler, session, user):
+ # Before, this proxy was considered as an identity provider. Now it is a service provider.
+ # FIXME: Handle Liberty ProxyCount.
+ return self.logout_do(handler, session, user)
diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py
index 7baea90a..12879d05 100644
--- a/python/tests/ServiceProvider.py
+++ b/python/tests/ServiceProvider.py
@@ -259,14 +259,16 @@ class ServiceProviderMixin(Provider.ProviderMixin):
# Note: The uppercase for RelayState below is not a bug.
return self.callHttpFunction(self.assertionConsumer_done, handler, RelayState = relayState)
- def logoutUsingSoap(self, handler):
+ def logout(self, handler):
session = handler.session
if session is None:
return handler.respond(401, 'Access Unauthorized: User has no session opened.')
user = handler.user
if user is None:
return handler.respond(401, 'Access Unauthorized: User is not logged in.')
+ return self.logout_do(handler, session, user)
+ def logout_do(self, handler, session, user):
lassoServer = self.getLassoServer()
logout = lasso.Logout.new(lassoServer, lasso.providerTypeSp)
if user.lassoIdentityDump is not None:
@@ -305,6 +307,9 @@ class ServiceProviderMixin(Provider.ProviderMixin):
failUnless(lassoSessionDump)
session.lassoSessionDump = lassoSessionDump
nameIdentifier = logout.nameIdentifier
+ return self.logout_done(handler, nameIdentifier)
+
+ def logout_done(self, handler, nameIdentifier):
failUnless(nameIdentifier)
del self.sessionTokensByNameIdentifier[nameIdentifier]
diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py
index 17727750..72735643 100644
--- a/python/tests/login_tests.py
+++ b/python/tests/login_tests.py
@@ -125,7 +125,7 @@ class LoginTestCase(unittest.TestCase):
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
failUnlessEqual(httpResponse.statusCode, 200)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
failIf(spSite.sessions)
failIf(idpSite.sessions)
@@ -144,7 +144,7 @@ class LoginTestCase(unittest.TestCase):
httpResponse = principal.sendHttpRequestToSite(
spSite, 'GET', '/login?RelayState=a_sample_relay_state')
failUnlessEqual(httpResponse.statusCode, 200)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
failIf(spSite.sessions)
failIf(idpSite.sessions)
@@ -162,13 +162,13 @@ class LoginTestCase(unittest.TestCase):
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
failUnlessEqual(httpResponse.statusCode, 200)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
# Once again. Now the principal already has a federation between spSite and idpSite.
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
failUnlessEqual(httpResponse.statusCode, 200)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
# Once again. Do a new passive login between normal login and logout.
@@ -177,7 +177,7 @@ class LoginTestCase(unittest.TestCase):
del principal.keyring[idpSite.url] # Ensure identity provider will be really passive.
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?isPassive=1')
failUnlessEqual(httpResponse.statusCode, 200)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
# Once again, with isPassive and the user having no web session.
@@ -197,7 +197,7 @@ class LoginTestCase(unittest.TestCase):
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
failUnlessEqual(httpResponse.statusCode, 401)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 401)
def test04(self):
@@ -214,7 +214,7 @@ class LoginTestCase(unittest.TestCase):
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login')
failUnlessEqual(httpResponse.statusCode, 401)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 401)
def test05(self):
@@ -244,7 +244,7 @@ class LoginTestCase(unittest.TestCase):
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?forceAuthn=1')
failUnlessEqual(httpResponse.statusCode, 200)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
# Ask user to reauthenticate while he is already logged.
@@ -253,13 +253,13 @@ class LoginTestCase(unittest.TestCase):
del principal.keyring[idpSite.url] # Ensure user can't authenticate.
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?forceAuthn=1')
failUnlessEqual(httpResponse.statusCode, 401)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 200)
# Force authentication, but user won't authenticate.
httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/login?forceAuthn=1')
failUnlessEqual(httpResponse.statusCode, 401)
- httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logoutUsingSoap')
+ httpResponse = principal.sendHttpRequestToSite(spSite, 'GET', '/logout')
failUnlessEqual(httpResponse.statusCode, 401)
def test07(self):
generated by cgit (git 2.34.1) at 2026-01-02 08:37:03 +0000