add tests for get_remote_user_id

(Featuring a real SAML response to parse)
master
Richard van der Hoff 5 years ago
parent b07cf7d7b1
commit e3095f7e15

@ -1,15 +1,15 @@
from typing import Tuple
from typing import Optional, Tuple
from matrix_synapse_saml_mozilla import SamlMappingProvider
def create_mapping_provider() -> Tuple[SamlMappingProvider, dict]:
def create_mapping_provider(config_dict: Optional[dict] = None) -> SamlMappingProvider:
# Default configuration
if config_dict is None:
config_dict = {}
# Convert the config dictionary to a SamlMappingProvider.SamlConfig object
config = SamlMappingProvider.parse_config(config_dict)
# Create a new instance of the provider with the specified config
# Return the config dict as well for other test methods to use
return SamlMappingProvider(config, None), config_dict
return SamlMappingProvider(config, None)

@ -18,6 +18,11 @@ import re
import time
import unittest
import pkg_resources
from saml2.config import SPConfig
from saml2.response import AuthnResponse
from saml2.sigver import security_context
from synapse.api.errors import RedirectException
from matrix_synapse_saml_mozilla._sessions import username_mapping_sessions
@ -37,12 +42,40 @@ class FakeResponse:
self.ava["displayName"] = [display_name]
def _load_test_response() -> AuthnResponse:
response_xml = pkg_resources.resource_string(
"tests", "test_saml_response.xml"
).decode("utf-8")
config = SPConfig()
config.load({})
assert config.attribute_converters is not None
response = AuthnResponse(
sec_context=security_context(config),
attribute_converters=config.attribute_converters,
entity_id="https://host/_matrix/saml2/metadata.xml",
allow_unsolicited=True,
# tell it not to check the `destination`
asynchop=False,
)
response.loads(response_xml, decode=False, origxml=response_xml)
response.verify()
return response
class SamlUserAttributeTestCase(unittest.TestCase):
def test_get_remote_user_id_from_name_id(self):
resp = _load_test_response()
provider = create_mapping_provider({"use_name_id_for_remote_uid": True,})
remote_user_id = provider.get_remote_user_id(resp, "",)
self.assertEqual(remote_user_id, "test@domain.com")
def test_redirect(self):
"""Creates a dummy response, feeds it to the provider and checks that it
redirects to the username picker.
"""
provider, config = create_mapping_provider()
provider = create_mapping_provider()
response = FakeResponse(123435, "Jonny")
# we expect this to redirect to the username picker

@ -0,0 +1,110 @@
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_a3ed8d116bec81df2e7d" InResponseTo="id-cV9WyAw0pehGKEkCh" Version="2.0" IssueInstant="2020-01-14T13:35:35.446" Destination="https://host/_matrix/saml2/authn_response">
<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="1234" IssueInstant="2020-01-14T13:35:35.446Z" Version="2.0">
<ns0:Issuer>urn:auth.issuer.com</ns0:Issuer>
<ns0:Subject>
<ns0:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress">test@domain.com</ns0:NameID>
<ns0:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns0:SubjectConfirmationData InResponseTo="id-PKZGwsurIx7JGnIEI" NotOnOrAfter="2020-01-15T13:35:35.446Z" Recipient="https://host/_matrix/saml2/authn_response"/>
</ns0:SubjectConfirmation>
</ns0:Subject>
<ns0:Conditions NotBefore="2020-01-14T13:35:35.446Z" NotOnOrAfter="2020-01-15T13:35:35.446Z">
<ns0:AudienceRestriction>
<ns0:Audience>https://host/_matrix/saml2/metadata.xml</ns0:Audience>
</ns0:AudienceRestriction>
</ns0:Conditions>
<ns0:AuthnStatement AuthnInstant="2020-01-14T13:35:35.446Z" SessionIndex="_session">
<ns0:AuthnContext>
<ns0:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ns0:AuthnContextClassRef>
</ns0:AuthnContext>
</ns0:AuthnStatement>
<ns0:AttributeStatement>
<ns0:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">ad|domain-LDAP|testuser</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">testuser@domain.com</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="displayName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Jan de
Mooij</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Jan</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">de
Mooij</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">everyone</ns0:AttributeValue>
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">group1</ns0:AttributeValue>
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">group2</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">testuser@domain.com</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/identities/default/provider" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">ad</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/identities/default/connection" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">domain-LDAP</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/identities/default/isSocial" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:boolean">false</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/nickname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Jan de
Mooij</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/emails" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">testuser@domain.com</ns0:AttributeValue>
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">other@domain.com</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/dn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">mail=testuser@domain.com,o=com,dc=domain</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/organizationUnits" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">mail=testuser@domain.com,o=com,dc=domain</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/email_aliases" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">other@domain.com</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/_HRData" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:anyType">[object Object]</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/picture" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">http://avatar_url</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/ldap_groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">group1</ns0:AttributeValue>
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">group2</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/aai" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">2FA</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/aal" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">MEDIUM</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/user_is_new" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:boolean">false</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/email_verified" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:boolean">true</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/clientID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">clientID</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/updated_at" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:anyType">Tue Jan 14 2020 13:35:34 GMT+0000 (Coordinated Universal Time)</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/created_at" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:anyType">Fri Jun 16 2017 13:24:53 GMT+0000 (Coordinated Universal Time)</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="http://schemas.auth0.com/multifactor" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">duo</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement>
</ns0:Assertion>
</samlp:Response>
Loading…
Cancel
Save