diff options
| author | Emmanuel Raviart <eraviart@entrouvert.com> | 2004-08-06 21:38:01 +0000 |
|---|---|---|
| committer | Emmanuel Raviart <eraviart@entrouvert.com> | 2004-08-06 21:38:01 +0000 |
| commit | ff605a8ca2a1116eb2dbcc03bd01454f445c2f78 (patch) | |
| tree | 91882bb30bb1740208ba95dbf8852fc85463b61e /python | |
| parent | f71f68877fb706158493fba8c8102b8d03b51430 (diff) | |
| download | lasso-ff605a8ca2a1116eb2dbcc03bd01454f445c2f78.tar.gz lasso-ff605a8ca2a1116eb2dbcc03bd01454f445c2f78.tar.xz lasso-ff605a8ca2a1116eb2dbcc03bd01454f445c2f78.zip | |
Added tests for forceAuthn. Light will still be green.
Diffstat (limited to 'python')
| -rw-r--r-- | python/tests/ServiceProvider.py | 7 | ||||
| -rw-r--r-- | python/tests/login_tests.py | 35 |
2 files changed, 41 insertions, 1 deletions
diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py index 699c96b3..4ecff2df 100644 --- a/python/tests/ServiceProvider.py +++ b/python/tests/ServiceProvider.py @@ -120,7 +120,12 @@ class ServiceProvider(Provider): login = lasso.Login.new(server) login.init_authn_request(self.idpSite.providerId) self.failUnlessEqual(login.request_type, lasso.messageTypeAuthnRequest) - login.request.set_isPassive(httpRequest.getQueryBoolean('isPassive', False)) + forceAuthn = httpRequest.getQueryBoolean('forceAuthn', False) + if forceAuthn: + login.request.set_forceAuthn(forceAuthn) + isPassive = httpRequest.getQueryBoolean('isPassive', False) + if not isPassive: + login.request.set_isPassive(isPassive) login.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated) login.request.set_consent(lasso.libConsentObtained) relayState = 'fake' diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py index ff25037d..75b00aad 100644 --- a/python/tests/login_tests.py +++ b/python/tests/login_tests.py @@ -197,6 +197,41 @@ class LoginTestCase(unittest.TestCase): principal, 'GET', '/loginUsingRedirect?isPassive=1')) self.failUnlessEqual(httpResponse.statusCode, 401) + def test06(self): + """Testing forceAuthn flag.""" + + internet = Internet() + idpSite = self.generateIdpSite(internet) + spSite = self.generateSpSite(internet) + spSite.idpSite = idpSite + principal = Principal(internet, 'Romain Chantereau') + principal.keyring[idpSite.url] = 'Chantereau' + principal.keyring[spSite.url] = 'Romain' + + httpResponse = spSite.doHttpRequest(HttpRequest( + principal, 'GET', '/loginUsingRedirect?forceAuthn=1')) + self.failUnlessEqual(httpResponse.statusCode, 200) + httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap')) + self.failUnlessEqual(httpResponse.statusCode, 200) + + # Ask user to reauthenticate while he is already logged. + httpResponse = spSite.doHttpRequest(HttpRequest( + principal, 'GET', '/loginUsingRedirect?forceAuthn=1')) + self.failUnlessEqual(httpResponse.statusCode, 200) + del principal.keyring[idpSite.url] # Ensure user can't authenticate. + httpResponse = spSite.doHttpRequest(HttpRequest( + principal, 'GET', '/loginUsingRedirect?forceAuthn=1')) + self.failUnlessEqual(httpResponse.statusCode, 401) + httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap')) + self.failUnlessEqual(httpResponse.statusCode, 200) + + # Force authentication, but user won't authenticate. + httpResponse = spSite.doHttpRequest(HttpRequest( + principal, 'GET', '/loginUsingRedirect?forceAuthn=1')) + self.failUnlessEqual(httpResponse.statusCode, 401) + httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap')) + self.failUnlessEqual(httpResponse.statusCode, 401) + ## def test06(self): ## """Service provider LECP login.""" |