Added new Python test. It works, but see bug #245.

4 files changed, 93 insertions, 69 deletions

diff --git a/python/tests/IdentityProvider.py b/python/tests/IdentityProvider.py
index 046d6f0d..248f5879 100644
--- a/python/tests/IdentityProvider.py
+++ b/python/tests/IdentityProvider.py
@@ -78,21 +78,25 @@ class IdentityProvider(Provider):
             login.set_session_from_dump(sessionDump)
         self.failUnlessEqual(login.protocolProfile, lasso.loginProtocolProfileBrwsArt) # FIXME
         login.build_artifact_msg(
-            userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter",
+            userAuthenticated, authenticationMethod, 'FIXME: reauthenticateOnOrAfter',
             lasso.httpMethodRedirect)
-        webUser = self.getWebUserFromWebSession(webSession)
-        if login.is_identity_dirty():
-            identityDump = login.get_identity().dump()
-            self.failUnless(identityDump)
-            webUser.identityDump = identityDump
-        self.failUnless(login.is_session_dirty())
-        sessionDump = login.get_session().dump()
-        self.failUnless(sessionDump)
-        webSession.sessionDump = sessionDump
-        nameIdentifier = login.nameIdentifier
-        self.failUnless(nameIdentifier)
-        self.webUserIdsByNameIdentifier[nameIdentifier] = webUser.uniqueId
-        self.webSessionIdsByNameIdentifier[nameIdentifier] = webSession.uniqueId
+        if userAuthenticated:
+            webUser = self.getWebUserFromWebSession(webSession)
+            if login.is_identity_dirty():
+                identityDump = login.get_identity().dump()
+                self.failUnless(identityDump)
+                webUser.identityDump = identityDump
+            self.failUnless(login.is_session_dirty())
+            sessionDump = login.get_session().dump()
+            self.failUnless(sessionDump)
+            webSession.sessionDump = sessionDump
+            nameIdentifier = login.nameIdentifier
+            self.failUnless(nameIdentifier)
+            self.webUserIdsByNameIdentifier[nameIdentifier] = webUser.uniqueId
+            self.webSessionIdsByNameIdentifier[nameIdentifier] = webSession.uniqueId
+        else:
+            self.failIf(login.is_identity_dirty())
+            self.failIf(login.is_session_dirty())
         artifact = login.assertionArtifact
         self.failUnless(artifact)
         soapResponseMsg = login.response_dump
@@ -113,7 +117,7 @@ class IdentityProvider(Provider):
             self.failUnless(artifact)
             soapResponseMsg = self.soapResponseMsgs.get(artifact, None)
             if soapResponseMsg is None:
-                raise Exception("FIXME: Handle the case when artifact is wrong")
+                raise Exception('FIXME: Handle the case when artifact is wrong')
             return HttpResponse(200, body = soapResponseMsg)
         elif requestType == lasso.requestTypeLogout:
             server = self.getServer()
@@ -125,19 +129,19 @@ class IdentityProvider(Provider):
             # Retrieve session dump and identity dump using name identifier.
             webSession = self.getWebSessionFromNameIdentifier(nameIdentifier)
             if webSession is None:
-                raise Exception("FIXME: Handle the case when there is no web session")
+                raise Exception('FIXME: Handle the case when there is no web session')
             sessionDump = webSession.sessionDump
             if sessionDump is None:
                 raise Exception(
-                    "FIXME: Handle the case when there is no session dump in web session")
+                    'FIXME: Handle the case when there is no session dump in web session')
             logout.set_session_from_dump(sessionDump)
             webUser = self.getWebUserFromNameIdentifier(nameIdentifier)
             if webUser is None:
-                raise Exception("FIXME: Handle the case when there is no web user")
+                raise Exception('FIXME: Handle the case when there is no web user')
             identityDump = webUser.identityDump
             if identityDump is None:
                 raise Exception(
-                    "FIXME: Handle the case when there is no identity dump in web user")
+                    'FIXME: Handle the case when there is no identity dump in web user')
             logout.set_identity_from_dump(identityDump)
 
             logout.validate_request()
@@ -168,7 +172,7 @@ class IdentityProvider(Provider):
                 self.failUnless(soapEndpoint)
                 soapRequestMsg = logout.msg_body
                 self.failUnless(soapRequestMsg)
-                httpResponse = HttpRequest(self, "POST", soapEndpoint, body = soapRequestMsg).ask()
+                httpResponse = HttpRequest(self, 'POST', soapEndpoint, body = soapRequestMsg).ask()
                 self.failUnlessEqual(httpResponse.statusCode, 200)
                 logout.process_response_msg(httpResponse.body, lasso.httpMethodSoap)
 
@@ -179,4 +183,4 @@ class IdentityProvider(Provider):
             self.failUnless(soapResponseMsg)
             return HttpResponse(200, body = soapResponseMsg)
         else:
-            raise Exception("Unknown request type: %s" % requestType)
+            raise Exception('Unknown request type: %s' % requestType)
diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py
index dbe1c1a3..77520734 100644
--- a/python/tests/ServiceProvider.py
+++ b/python/tests/ServiceProvider.py
@@ -45,9 +45,16 @@ class ServiceProvider(Provider):
         self.failUnless(soapEndpoint)
         soapRequestMsg = login.msg_body
         self.failUnless(soapRequestMsg)
-        httpResponse = HttpRequest(self, "POST", soapEndpoint, body = soapRequestMsg).ask()
+        httpResponse = HttpRequest(self, 'POST', soapEndpoint, body = soapRequestMsg).ask()
         self.failUnlessEqual(httpResponse.statusCode, 200)
-        login.process_response_msg(httpResponse.body)
+        try:
+            login.process_response_msg(httpResponse.body)
+        except lasso.Error, error:
+            if error.code == -7: # FIXME: This will change, he said.
+                return HttpResponse(
+                    401, 'Access Unauthorized: User authentication failed on identity provider.')
+            else:
+                raise
         nameIdentifier = login.nameIdentifier
         self.failUnless(nameIdentifier)
 
@@ -82,8 +89,6 @@ class ServiceProvider(Provider):
         self.failUnless(session)
         sessionDump = session.dump()
         self.failUnless(sessionDump)
-        nameIdentifier = login.nameIdentifier
-        self.failUnless(nameIdentifier)
 
         # User is now authenticated.
 
@@ -96,7 +101,7 @@ class ServiceProvider(Provider):
             webUserId = httpRequest.client.keyring.get(self.url, None)
             userAuthenticated = webUserId in self.webUsers
             if not userAuthenticated:
-                return HttpResponse(401, "Access Unauthorized: User has no account.")
+                return HttpResponse(401, 'Access Unauthorized: User has no account.')
             webSession.webUserId = webUserId
             webUser = self.webUsers[webUserId]
 
@@ -117,7 +122,7 @@ class ServiceProvider(Provider):
         login.request.set_isPassive(False)
         login.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated)
         login.request.set_consent(lasso.libConsentObtained)
-        relayState = "fake"
+        relayState = 'fake'
         login.request.set_relayState(relayState)
         login.build_authn_request_msg()
         authnRequestUrl = login.msg_url
@@ -127,10 +132,10 @@ class ServiceProvider(Provider):
     def logoutUsingSoap(self, httpRequest):
         webSession = self.getWebSession(httpRequest.client)
         if webSession is None:
-            return HttpResponse(401, "Access Unauthorized: User has no session opened.")
+            return HttpResponse(401, 'Access Unauthorized: User has no session opened.')
         webUser = self.getWebUserFromWebSession(webSession)
         if webUser is None:
-            return HttpResponse(401, "Access Unauthorized: User is not logged in.")
+            return HttpResponse(401, 'Access Unauthorized: User is not logged in.')
 
         server = self.getServer()
         logout = lasso.Logout.new(server, lasso.providerTypeSp)
@@ -147,7 +152,7 @@ class ServiceProvider(Provider):
         self.failUnless(soapEndpoint)
         soapRequestMsg = logout.msg_body
         self.failUnless(soapRequestMsg)
-        httpResponse = HttpRequest(self, "POST", soapEndpoint, body = soapRequestMsg).ask()
+        httpResponse = HttpRequest(self, 'POST', soapEndpoint, body = soapRequestMsg).ask()
         self.failUnlessEqual(httpResponse.statusCode, 200)
 
         logout.process_response_msg(httpResponse.body, lasso.httpMethodSoap)
diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py
index 5d9ebc0f..74b9ad2c 100644
--- a/python/tests/login_tests.py
+++ b/python/tests/login_tests.py
@@ -39,19 +39,19 @@ from websimulator import *
 
 class LoginTestCase(unittest.TestCase):
     def generateIdpSite(self, internet):
-        site = IdentityProvider(self, internet, "https://identity-provider/")
-        site.providerId = "https://identity-provider/metadata"
+        site = IdentityProvider(self, internet, 'https://identity-provider/')
+        site.providerId = 'https://identity-provider/metadata'
 
         server = lasso.Server.new(
-            "../../examples/data/idp-metadata.xml",
-            "../../examples/data/idp-public-key.pem",
-            "../../examples/data/idp-private-key.pem",
-            "../../examples/data/idp-crt.pem",
+            '../../examples/data/idp-metadata.xml',
+            '../../examples/data/idp-public-key.pem',
+            '../../examples/data/idp-private-key.pem',
+            '../../examples/data/idp-crt.pem',
             lasso.signatureMethodRsaSha1)
         server.add_provider(
-            "../../examples/data/sp-metadata.xml",
-            "../../examples/data/sp-public-key.pem",
-            "../../examples/data/ca-crt.pem")
+            '../../examples/data/sp-metadata.xml',
+            '../../examples/data/sp-public-key.pem',
+            '../../examples/data/ca-crt.pem')
         site.serverDump = server.dump()
         self.failUnless(site.serverDump)
         server.destroy()
@@ -60,22 +60,23 @@ class LoginTestCase(unittest.TestCase):
         site.addWebUser('Clapies')
         site.addWebUser('Febvre')
         site.addWebUser('Nowicki')
+        # Frederic Peters has no account on identity provider.
         return site
 
     def generateSpSite(self, internet):
-        site = ServiceProvider(self, internet, "https://service-provider/")
-        site.providerId = "https://service-provider/metadata"
+        site = ServiceProvider(self, internet, 'https://service-provider/')
+        site.providerId = 'https://service-provider/metadata'
 
         server = lasso.Server.new(
-            "../../examples/data/sp-metadata.xml",
-            "../../examples/data/sp-public-key.pem",
-            "../../examples/data/sp-private-key.pem",
-            "../../examples/data/sp-crt.pem",
+            '../../examples/data/sp-metadata.xml',
+            '../../examples/data/sp-public-key.pem',
+            '../../examples/data/sp-private-key.pem',
+            '../../examples/data/sp-crt.pem',
             lasso.signatureMethodRsaSha1)
         server.add_provider(
-            "../../examples/data/idp-metadata.xml",
-            "../../examples/data/idp-public-key.pem",
-            "../../examples/data/ca-crt.pem")
+            '../../examples/data/idp-metadata.xml',
+            '../../examples/data/idp-public-key.pem',
+            '../../examples/data/ca-crt.pem')
         site.serverDump = server.dump()
         self.failUnless(site.serverDump)
         server.destroy()
@@ -83,6 +84,8 @@ class LoginTestCase(unittest.TestCase):
         site.addWebUser('Nicolas')
         site.addWebUser('Romain')
         site.addWebUser('Valery')
+        # Christophe Nowicki has no account on service provider.
+        site.addWebUser('Frederic')
         return site
 
 ##     def setUp(self):
@@ -92,45 +95,57 @@ class LoginTestCase(unittest.TestCase):
 ##         pass
 
     def test01(self):
-        """Service provider initiated login using HTTP redirect and service provider initiated
-        logout using SOAP."""
+        """Service provider initiated login using HTTP redirect and service provider initiated logout using SOAP."""
 
         internet = Internet()
         idpSite = self.generateIdpSite(internet)
         spSite = self.generateSpSite(internet)
         spSite.idpSite = idpSite
-        principal = Principal(internet, "Romain Chantereau")
-        principal.keyring[idpSite.url] = "Chantereau"
-        principal.keyring[spSite.url] = "Romain"
+        principal = Principal(internet, 'Romain Chantereau')
+        principal.keyring[idpSite.url] = 'Chantereau'
+        principal.keyring[spSite.url] = 'Romain'
 
-        httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/loginUsingRedirect"))
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/loginUsingRedirect'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/logoutUsingSoap"))
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
 
     def test02(self):
-        """Service provider initiated login using HTTP redirect and service provider initiated
-        logout using SOAP."""
+        """Service provider initiated login using HTTP redirect and service provider initiated logout using SOAP. Done twice."""
 
         internet = Internet()
         idpSite = self.generateIdpSite(internet)
         spSite = self.generateSpSite(internet)
         spSite.idpSite = idpSite
-        principal = Principal(internet, "Romain Chantereau")
-        principal.keyring[idpSite.url] = "Chantereau"
-        principal.keyring[spSite.url] = "Romain"
+        principal = Principal(internet, 'Romain Chantereau')
+        principal.keyring[idpSite.url] = 'Chantereau'
+        principal.keyring[spSite.url] = 'Romain'
 
-        httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/loginUsingRedirect"))
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/loginUsingRedirect'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/logoutUsingSoap"))
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
 
         # Once again, but now the principal already has a federation between spSite and idpSite.
-        httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/loginUsingRedirect"))
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/loginUsingRedirect'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
-        httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/logoutUsingSoap"))
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
         self.failUnlessEqual(httpResponse.statusCode, 200)
 
+    def test03(self):
+        """Service provider initiated login using HTTP redirect, but user fail to authenticate himself on identity provider."""
+
+        internet = Internet()
+        idpSite = self.generateIdpSite(internet)
+        spSite = self.generateSpSite(internet)
+        spSite.idpSite = idpSite
+        principal = Principal(internet, 'Frederic Peters')
+        # Frederic Peters has no account on identity provider.
+        principal.keyring[spSite.url] = 'Frederic'
+
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/loginUsingRedirect'))
+        self.failUnlessEqual(httpResponse.statusCode, 401)
+
 ##     def test06(self):
 ##         """Service provider LECP login."""
 
diff --git a/python/tests/websimulator.py b/python/tests/websimulator.py
index 054d9720..f663623a 100644
--- a/python/tests/websimulator.py
+++ b/python/tests/websimulator.py
@@ -29,7 +29,7 @@ class HttpRequest(object):
     client = None # Principal or web site sending the request.
     body = None
     header = None
-    method = None # "GET" or "POST" or "PUT" or...
+    method = None # 'GET' or 'POST' or 'PUT' or...
     url = None
 
     def __init__(self, client, method, url, body = None):
@@ -71,7 +71,7 @@ class Internet(object):
         for webSiteUrl, webSite in self.webSites.iteritems():
             if url.startswith(webSiteUrl):
                 return webSite
-        raise Exception("Unknown web site: %s" % url)
+        raise Exception('Unknown web site: %s' % url)
 
 
 class Simulation(object):
@@ -118,7 +118,7 @@ class WebClient(object):
 
     def redirect(self, url):
         webSite = self.internet.getWebSite(url)
-        return webSite.doHttpRequest(HttpRequest(self, "GET", url))
+        return webSite.doHttpRequest(HttpRequest(self, 'GET', url))
 
 
 class Principal(WebClient):
@@ -191,12 +191,12 @@ class WebSite(WebClient, Simulation):
         url = httpRequest.url
         if url.startswith(self.url):
             url = url[len(self.url):]
-        methodName = url.split("?", 1)[0].replace("/", "")
+        methodName = url.split('?', 1)[0].replace('/', '')
         method = getattr(self, methodName)
         return method(httpRequest)
 
     def extractQueryFromUrl(self, url):
-        return url.split("?", 1)[1]
+        return url.split('?', 1)[1]
 
     def getIdentityDump(self, principal):
         webSession = self.getWebSession(principal)