Add option to raise response validation exceptions #37
Conversation
| @@ -47,7 +47,7 @@ def __init__(self, settings, response): | |||
| self.encrypted = True | |||
| self.decrypted_document = self.__decrypt_assertion(decrypted_document) | |||
|
|
|||
| def is_valid(self, request_data, request_id=None): | |||
| def is_valid(self, request_data, request_id=None, raises=False): | |||
There was a problem hiding this comment.
We should add this functionality to rest of is_valid methods (logoutrequest and logoutresponse)
There was a problem hiding this comment.
That sounds like a good idea. I'll let you know when I have made the changes.
| valid = response.is_valid(self.get_request_data()) | ||
| self.assertFalse(valid) | ||
| except Exception as e: | ||
| self.assertEqual('Missing ID attribute on SAML Response', str(e)) |
There was a problem hiding this comment.
Now that we are able to raise exceptions, why no use them calling
valid = response.is_valid(self.get_request_data(), None, True)
There was a problem hiding this comment.
When I was refactoring these tests I didn't take into consideration the changes that would come from adding the new argument. I wanted to keep the cleaning changes separate from the new feature to keep the commits simple.
I don't have any strong opinion about whether we should run these tests with the raising version. The default code calls these functions without the raises being set, but with the raises set we can more precisely make sure that the function failed with the wanted error.
I can change these functions to use the exception raising if you prefer that.
quantus
force-pushed
the
feature/re-raising-response-validation-exceptions
branch
from
b029a8a to
67b3407
Compare
quantus
force-pushed
the
feature/re-raising-response-validation-exceptions
branch
from
67b3407 to
16e38be
Compare
|
@pitbulk, I have now added the argument to other places and also made the current tests to test the raised exception. There were couple of response tests where the old code incorrectly tried to test that exception with wrong content was being thrown. The tests where I had to change the expected error message were:
I also didn't touch the response test testIsInValidReference, as that test has some other issues. I wrote more about this issue to the issue #38. |
|
Ok thanks for contribute, I will need some time to review |
|
I will merge this on #42 |
The current
OneLogin_Saml2_Response.is_validalways collects the first raised exceptions and creates the error message from the exception content. I am using Raven (+ Sentry) to track all unhandled exceptions, so I would rather have the function just raise the first found validation error. When the exception is raised from the problem source Raven is able to capture local variables from the exception context. In my use case IdP:s can be dynamically added/removed/modified during the program runtime, so getting all the exception information is important to me.This PR adds an optional
raisesargument toOneLogin_Saml2_Response.is_valid. When the argument is truthy, first found exception gets raised. As the option is optional this change is completely backwards compatible.As I wrote test for this feature I noticed some oddness in some test code:
self.assertFalse(True)method to make sure that the exception was thrown. I refactored these tests in a9997f7.