summaryrefslogtreecommitdiffstats
path: root/python/tests/ServiceProvider.py
diff options
context:
space:
mode:
Diffstat (limited to 'python/tests/ServiceProvider.py')
-rw-r--r--python/tests/ServiceProvider.py139
1 files changed, 68 insertions, 71 deletions
diff --git a/python/tests/ServiceProvider.py b/python/tests/ServiceProvider.py
index 2fd518a3..e23a9cf2 100644
--- a/python/tests/ServiceProvider.py
+++ b/python/tests/ServiceProvider.py
@@ -32,8 +32,8 @@ class ServiceProvider(Provider):
idpSite = None # The identity provider, this service provider will use to authenticate users.
def assertionConsumer(self, handler):
- server = self.getServer()
- login = lasso.Login.new(server)
+ lassoServer = self.getLassoServer()
+ login = lasso.Login.new(lassoServer)
if handler.httpRequest.method == 'GET':
login.init_request(handler.httpRequest.query, lasso.httpMethodRedirect)
@@ -72,66 +72,67 @@ class ServiceProvider(Provider):
else:
return handler.respond(
400,
- 'Bad Request: Method %s not handled by assertionConsumer' % handler.httpRequest.method)
+ 'Bad Request: Method %s not handled by assertionConsumer'
+ % handler.httpRequest.method)
nameIdentifier = login.nameIdentifier
failUnless(nameIdentifier)
# Retrieve session dump, using name identifier or else try to use the client web session.
# If session dump exists, give it to Lasso, so that it updates it.
- webSession = self.getWebSessionFromNameIdentifier(nameIdentifier)
- if webSession is None:
- webSession = self.getWebSession(handler.httpRequest.client)
- if webSession is not None:
- sessionDump = webSession.sessionDump
- if sessionDump is not None:
- login.set_session_from_dump(sessionDump)
+ session = self.getSessionFromNameIdentifier(nameIdentifier)
+ if session is None:
+ session = handler.session
+ if session is not None:
+ lassoSessionDump = session.lassoSessionDump
+ if lassoSessionDump is not None:
+ login.set_session_from_dump(lassoSessionDump)
# Retrieve identity dump, using name identifier or else try to retrieve him from web
# session. If identity dump exists, give it to Lasso, so that it updates it.
- webUser = self.getWebUserFromNameIdentifier(nameIdentifier)
- if webUser is None:
- webUser = self.getWebUserFromWebSession(webSession)
- if webUser is not None:
- identityDump = webUser.identityDump
- if identityDump is not None:
- login.set_identity_from_dump(identityDump)
+ user = self.getUserFromNameIdentifier(nameIdentifier)
+ if user is None:
+ user = self.getUserFromSession(session)
+ if user is not None:
+ lassoIdentityDump = user.lassoIdentityDump
+ if lassoIdentityDump is not None:
+ login.set_identity_from_dump(lassoIdentityDump)
login.accept_sso()
- if webUser is not None and identityDump is None:
+ if user is not None and lassoIdentityDump is None:
failUnless(login.is_identity_dirty())
- identity = login.get_identity()
- failUnless(identity)
- identityDump = identity.dump()
- failUnless(identityDump)
+ lassoIdentity = login.get_identity()
+ failUnless(lassoIdentity)
+ lassoIdentityDump = lassoIdentity.dump()
+ failUnless(lassoIdentityDump)
failUnless(login.is_session_dirty())
- session = login.get_session()
- failUnless(session)
- sessionDump = session.dump()
- failUnless(sessionDump)
+ lassoSession = login.get_session()
+ failUnless(lassoSession)
+ lassoSessionDump = lassoSession.dump()
+ failUnless(lassoSessionDump)
# User is now authenticated.
# If there was no web session yet, create it. Idem for the web user account.
- if webSession is None:
- webSession = self.createWebSession(handler.httpRequest.client)
- if webUser is None:
+ if session is None:
+ session = self.createSession(handler.httpRequest.client)
+ if user is None:
# A real service provider would ask user to login locally to create federation. Or it
# would ask user informations to create a local account.
- webUserId = handler.httpRequest.client.keyring.get(self.url, None)
- userAuthenticated = webUserId in self.webUsers
+ userId = handler.httpRequest.client.keyring.get(self.url, None)
+ userAuthenticated = userId in self.users
if not userAuthenticated:
return handler.respond(401, 'Access Unauthorized: User has no account.')
- webUser = self.webUsers[webUserId]
+ user = self.users[userId]
- webSession.webUserId = webUser.uniqueId
+ session.userId = user.uniqueId
# Store the updated identity dump and session dump.
if login.is_identity_dirty():
- webUser.identityDump = identityDump
- webSession.sessionDump = sessionDump
+ user.lassoIdentityDump = lassoIdentityDump
+ session.lassoSessionDump = lassoSessionDump
- self.webUserIdsByNameIdentifier[nameIdentifier] = webUser.uniqueId
- self.webSessionIdsByNameIdentifier[nameIdentifier] = webSession.uniqueId
+ self.userIdsByNameIdentifier[nameIdentifier] = user.uniqueId
+ self.sessionTokensByNameIdentifier[nameIdentifier] = session.token
return handler.respond()
@@ -139,7 +140,7 @@ class ServiceProvider(Provider):
libertyEnabled = handler.httpRequest.headers.get('Liberty-Enabled', None)
userAgent = handler.httpRequest.headers.get('User-Agent', None)
# FIXME: Lasso should have a function to compute useLecp.
- # Or this should be done in lasso.Login.new(server, libertyEnabled, userAgent)
+ # Or this should be done in lasso.Login.new(lassoServer, libertyEnabled, userAgent)
useLecp = False
if libertyEnabled:
useLecp = 'urn:liberty:iff:2003-08' in libertyEnabled
@@ -154,10 +155,10 @@ class ServiceProvider(Provider):
forceAuthn = handler.httpRequest.getQueryBoolean('forceAuthn', False)
isPassive = handler.httpRequest.getQueryBoolean('isPassive', False)
- server = self.getServer()
+ lassoServer = self.getLassoServer()
if useLecp:
- lecp = lasso.Lecp.new(server)
- lecp.init_authn_request(self.idpSite.providerId) # FIXME: The argument should be None.
+ lecp = lasso.Lecp.new(lassoServer)
+ lecp.init_authn_request()
failUnlessEqual(lecp.request_type, lasso.messageTypeAuthnRequest)
# FIXME: This protocol profile should be set by default by Lasso.
@@ -173,12 +174,8 @@ class ServiceProvider(Provider):
relayState = 'fake'
lecp.request.set_relayState(relayState)
- # FIXME: In my opinion, this method should be the renamed to build_authn_request_msg.
lecp.build_authn_request_envelope_msg()
authnRequestEnvelopeMsg = lecp.msg_body
- # FIXME: I don't understand why authnRequestEnvelopeMsg is base64 encoded.
- import base64
- authnRequestEnvelopeMsg = base64.decodestring(authnRequestEnvelopeMsg)
failUnless(authnRequestEnvelopeMsg)
# FIXME: Lasso should set a lecp.msg_content_type to
# "application/vnd.liberty-request+xml". This should also be done for SOAP, etc, with
@@ -194,8 +191,8 @@ class ServiceProvider(Provider):
},
body = authnRequestEnvelopeMsg)
else:
- login = lasso.Login.new(server)
- login.init_authn_request(self.idpSite.providerId)
+ login = lasso.Login.new(lassoServer)
+ login.init_authn_request()
failUnlessEqual(login.request_type, lasso.messageTypeAuthnRequest)
if forceAuthn:
login.request.set_forceAuthn(forceAuthn)
@@ -205,27 +202,27 @@ class ServiceProvider(Provider):
login.request.set_consent(lasso.libConsentObtained)
relayState = 'fake'
login.request.set_relayState(relayState)
- login.build_authn_request_msg()
+ login.build_authn_request_msg(self.idpSite.providerId)
authnRequestUrl = login.msg_url
failUnless(authnRequestUrl)
return handler.respondRedirectTemporarily(authnRequestUrl)
def logoutUsingSoap(self, handler):
- webSession = self.getWebSession(handler.httpRequest.client)
- if webSession is None:
+ session = handler.session
+ if session is None:
return handler.respond(401, 'Access Unauthorized: User has no session opened.')
- webUser = self.getWebUserFromWebSession(webSession)
- if webUser is None:
+ user = self.getUserFromSession(session)
+ if user is None:
return handler.respond(401, 'Access Unauthorized: User is not logged in.')
- server = self.getServer()
- logout = lasso.Logout.new(server, lasso.providerTypeSp)
- identityDump = self.getIdentityDump(handler.httpRequest.client)
- if identityDump is not None:
- logout.set_identity_from_dump(identityDump)
- sessionDump = self.getSessionDump(handler.httpRequest.client)
- if sessionDump is not None:
- logout.set_session_from_dump(sessionDump)
+ lassoServer = self.getLassoServer()
+ logout = lasso.Logout.new(lassoServer, lasso.providerTypeSp)
+ lassoIdentityDump = self.getIdentityDump(handler.httpRequest.client)
+ if lassoIdentityDump is not None:
+ logout.set_identity_from_dump(lassoIdentityDump)
+ lassoSessionDump = self.getLassoSessionDump(handler.httpRequest.client)
+ if lassoSessionDump is not None:
+ logout.set_session_from_dump(lassoSessionDump)
logout.init_request()
logout.build_request_msg()
@@ -241,24 +238,24 @@ class ServiceProvider(Provider):
failIf(logout.is_identity_dirty())
identity = logout.get_identity()
failUnless(identity)
- identityDump = identity.dump()
- failUnless(identityDump)
+ lassoIdentityDump = identity.dump()
+ failUnless(lassoIdentityDump)
failUnless(logout.is_session_dirty())
- session = logout.get_session()
- if session is None:
+ lassoSession = logout.get_session()
+ if lassoSession is None:
# The user is no more authenticated on any identity provider. Log him out.
- del webSession.sessionDump
- del webSession.webUserId
+ del session.lassoSessionDump
+ del session.userId
# We also delete the session, but it is not mandantory, since the user is logged out
# anyway.
- del self.webSessions[webSession.uniqueId]
+ del self.sessions[session.token]
else:
# The user is still logged in on some other identity providers.
- sessionDump = session.dump()
- failUnless(sessionDump)
- webSession.sessionDump = sessionDump
+ lassoSessionDump = lassoSession.dump()
+ failUnless(lassoSessionDump)
+ session.lassoSessionDump = lassoSessionDump
nameIdentifier = logout.nameIdentifier
failUnless(nameIdentifier)
- del self.webSessionIdsByNameIdentifier[nameIdentifier]
+ del self.sessionTokensByNameIdentifier[nameIdentifier]
return handler.respond()
generated by cgit (git 2.34.1) at 2025-06-18 14:19:08 +0000