From a42554a640abb4cc57acb988a83444a616c1cba8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Tue, 15 Nov 2016 11:58:40 +0200 Subject: [PATCH 1/7] Rename deprecated assertations --- tests/src/OneLogin/saml2_tests/response_test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/src/OneLogin/saml2_tests/response_test.py b/tests/src/OneLogin/saml2_tests/response_test.py index f8904d3c..e9246577 100644 --- a/tests/src/OneLogin/saml2_tests/response_test.py +++ b/tests/src/OneLogin/saml2_tests/response_test.py @@ -279,7 +279,7 @@ def testCheckOneCondition(self): settings.set_strict(True) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) - self.assertEquals('The Assertion must include a Conditions element', response.get_error()) + self.assertEqual('The Assertion must include a Conditions element', response.get_error()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) @@ -298,7 +298,7 @@ def testCheckOneAuthnStatement(self): settings.set_strict(True) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) - self.assertEquals('The Assertion must include an AuthnStatement element', response.get_error()) + self.assertEqual('The Assertion must include an AuthnStatement element', response.get_error()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) @@ -724,7 +724,7 @@ def testIsInValidDestination(self): message_3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'empty_destination.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, message_3) self.assertFalse(response_4.is_valid(self.get_request_data())) - self.assertEquals('The response has an empty Destination value', response_4.get_error()) + self.assertEqual('The response has an empty Destination value', response_4.get_error()) # No Destination dom.firstChild.removeAttribute('Destination') From e7b17a70dafc02447712c2bca1d9b2756533e25d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Thu, 17 Nov 2016 19:28:47 +0200 Subject: [PATCH 2/7] Make logout request function is_valid support raising exceptions --- src/onelogin/saml2/logout_request.py | 7 ++++++- .../OneLogin/saml2_tests/logout_request_test.py | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/onelogin/saml2/logout_request.py b/src/onelogin/saml2/logout_request.py index c714bffa..6daafe9c 100644 --- a/src/onelogin/saml2/logout_request.py +++ b/src/onelogin/saml2/logout_request.py @@ -212,12 +212,15 @@ def get_session_indexes(request): session_indexes.append(session_index_node.text) return session_indexes - def is_valid(self, request_data): + def is_valid(self, request_data, raises=False): """ Checks if the Logout Request received is valid :param request_data: Request Data :type request_data: dict + :param raises: Optional argument. If true, the function will raise an exception as soon as first validation test fails + :type raises: bool + :return: If the Logout Request is or not valid :rtype: boolean """ @@ -274,6 +277,8 @@ def is_valid(self, request_data): debug = self.__settings.is_debug_active() if debug: print(err) + if raises: + raise return False def get_error(self): diff --git a/tests/src/OneLogin/saml2_tests/logout_request_test.py b/tests/src/OneLogin/saml2_tests/logout_request_test.py index e8f3b1b5..c30bd09d 100644 --- a/tests/src/OneLogin/saml2_tests/logout_request_test.py +++ b/tests/src/OneLogin/saml2_tests/logout_request_test.py @@ -336,3 +336,19 @@ def testIsValid(self): request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) logout_request5 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request5.is_valid(request_data)) + + def testIsValidRaisesExceptionWhenRaisesArgumentIsTrue(self): + request = OneLogin_Saml2_Utils.b64encode('invalid') + request_data = { + 'http_host': 'example.com', + 'script_name': 'index.html', + } + settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) + settings.set_strict(True) + + logout_request = OneLogin_Saml2_Logout_Request(settings, request) + + self.assertFalse(logout_request.is_valid(request_data)) + + with self.assertRaises(Exception): + logout_request.is_valid(request_data, raises=True) From d3549f9f469a748c4d92b453b2a757d5c7ee8f05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Thu, 17 Nov 2016 19:38:44 +0200 Subject: [PATCH 3/7] Improve logout request tests --- .../saml2_tests/logout_request_test.py | 43 ++++++------------- 1 file changed, 13 insertions(+), 30 deletions(-) diff --git a/tests/src/OneLogin/saml2_tests/logout_request_test.py b/tests/src/OneLogin/saml2_tests/logout_request_test.py index c30bd09d..7ab11346 100644 --- a/tests/src/OneLogin/saml2_tests/logout_request_test.py +++ b/tests/src/OneLogin/saml2_tests/logout_request_test.py @@ -121,10 +121,8 @@ def testGetNameIdData(self): self.assertEqual(expected_name_id_data, name_id_data_2) request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) - with self.assertRaises(Exception) as context: + with self.assertRaisesRegexp(Exception, 'Key is required in order to decrypt the NameID'): OneLogin_Saml2_Logout_Request.get_nameid(request_2) - exception = context.exception - self.assertIn("Key is required in order to decrypt the NameID", str(exception)) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() @@ -140,16 +138,12 @@ def testGetNameIdData(self): encrypted_id_nodes = dom_2.getElementsByTagName('saml:EncryptedID') encrypted_data = encrypted_id_nodes[0].firstChild.nextSibling encrypted_id_nodes[0].removeChild(encrypted_data) - with self.assertRaises(Exception) as context: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the Logout Request'): OneLogin_Saml2_Logout_Request.get_nameid(dom_2.toxml(), key) - exception = context.exception - self.assertIn("Not NameID found in the Logout Request", str(exception)) inv_request = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'no_nameId.xml')) - with self.assertRaises(Exception) as context: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the Logout Request'): OneLogin_Saml2_Logout_Request.get_nameid(inv_request) - exception = context.exception - self.assertIn("Not NameID found in the Logout Request", str(exception)) def testGetNameId(self): """ @@ -160,10 +154,8 @@ def testGetNameId(self): self.assertEqual(name_id, 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c') request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) - with self.assertRaises(Exception) as context: + with self.assertRaisesRegexp(Exception, 'Key is required in order to decrypt the NameID'): OneLogin_Saml2_Logout_Request.get_nameid(request_2) - exception = context.exception - self.assertIn("Key is required in order to decrypt the NameID", str(exception)) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() @@ -242,12 +234,9 @@ def testIsInvalidIssuer(self): self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) - try: - logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) - valid = logout_request2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertIn('Invalid issuer in the Logout Request', str(e)) + logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) + with self.assertRaisesRegexp(Exception, 'Invalid issuer in the Logout Request'): + logout_request2.is_valid(request_data, raises=True) def testIsInvalidDestination(self): """ @@ -264,12 +253,9 @@ def testIsInvalidDestination(self): self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) - try: - logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) - valid = logout_request2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertIn('The LogoutRequest was received at', str(e)) + logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) + with self.assertRaisesRegexp(Exception, 'The LogoutRequest was received at'): + logout_request2.is_valid(request_data, raises=True) dom = parseString(request) dom.documentElement.setAttribute('Destination', None) @@ -298,12 +284,9 @@ def testIsInvalidNotOnOrAfter(self): self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) - try: - logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) - valid = logout_request2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertIn('Timing issues (please check your clock settings)', str(e)) + logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) + with self.assertRaisesRegexp(Exception, 'Timing issues \(please check your clock settings\)'): + logout_request2.is_valid(request_data, raises=True) def testIsValid(self): """ From 2965e0091c611edc42df86991f3455bbc8a65270 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Thu, 17 Nov 2016 19:34:41 +0200 Subject: [PATCH 4/7] Make logout response function is_valid support raising exceptions --- src/onelogin/saml2/logout_response.py | 8 +++++++- .../saml2_tests/logout_response_test.py | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/onelogin/saml2/logout_response.py b/src/onelogin/saml2/logout_response.py index 9a12beb8..dd7dc0ee 100644 --- a/src/onelogin/saml2/logout_response.py +++ b/src/onelogin/saml2/logout_response.py @@ -63,11 +63,15 @@ def get_status(self): status = entries[0].attrib['Value'] return status - def is_valid(self, request_data, request_id=None): + def is_valid(self, request_data, request_id=None, raises=False): """ Determines if the SAML LogoutResponse is valid :param request_id: The ID of the LogoutRequest sent by this SP to the IdP :type request_id: string + + :param raises: Optional argument. If true, the function will raise an exception as soon as first validation test fails + :type raises: bool + :return: Returns if the SAML LogoutResponse is or not valid :rtype: boolean """ @@ -111,6 +115,8 @@ def is_valid(self, request_data, request_id=None): debug = self.__settings.is_debug_active() if debug: print(err) + if raises: + raise return False def __query(self, query): diff --git a/tests/src/OneLogin/saml2_tests/logout_response_test.py b/tests/src/OneLogin/saml2_tests/logout_response_test.py index 51ee0f49..c95caf91 100644 --- a/tests/src/OneLogin/saml2_tests/logout_response_test.py +++ b/tests/src/OneLogin/saml2_tests/logout_response_test.py @@ -277,3 +277,20 @@ def testIsValid(self): response_3 = OneLogin_Saml2_Logout_Response(settings, message_3) self.assertTrue(response_3.is_valid(request_data)) + + def testIsValidRaisesExceptionWhenRaisesArgumentIsTrue(self): + message = OneLogin_Saml2_Utils.deflate_and_base64_encode('invalid') + request_data = { + 'http_host': 'example.com', + 'script_name': 'index.html', + 'get_data': {} + } + settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) + settings.set_strict(True) + + response = OneLogin_Saml2_Logout_Response(settings, message) + + self.assertFalse(response.is_valid(request_data)) + + with self.assertRaises(Exception): + response.is_valid(request_data, raises=True) From c3d92fbfe62873e0bfb1bd933c00db36ea82de92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Thu, 17 Nov 2016 20:18:33 +0200 Subject: [PATCH 5/7] Improve logout response tests --- .../saml2_tests/logout_response_test.py | 21 ++++++------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/tests/src/OneLogin/saml2_tests/logout_response_test.py b/tests/src/OneLogin/saml2_tests/logout_response_test.py index c95caf91..7ec22f8b 100644 --- a/tests/src/OneLogin/saml2_tests/logout_response_test.py +++ b/tests/src/OneLogin/saml2_tests/logout_response_test.py @@ -201,11 +201,8 @@ def testIsInValidIssuer(self): settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) - try: - valid = response_2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertIn('Invalid issuer in the Logout Request', str(e)) + with self.assertRaisesRegexp(Exception, 'Invalid issuer in the Logout Request'): + response_2.is_valid(request_data, raises=True) def testIsInValidDestination(self): """ @@ -226,11 +223,8 @@ def testIsInValidDestination(self): settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) - try: - valid = response_2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertIn('The LogoutRequest was received at', str(e)) + with self.assertRaisesRegexp(Exception, 'The LogoutRequest was received at'): + response_2.is_valid(request_data, raises=True) # Empty destination dom = parseString(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) @@ -264,11 +258,8 @@ def testIsValid(self): settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) - try: - valid = response_2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertIn('The LogoutRequest was received at', str(e)) + with self.assertRaisesRegexp(Exception, 'The LogoutRequest was received at'): + response_2.is_valid(request_data, raises=True) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) From 5545e21ad3a680cdcd2a6246ee6f7466e5ec7cd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Tue, 15 Nov 2016 13:05:23 +0200 Subject: [PATCH 6/7] Make response function is_valid support raising exceptions --- src/onelogin/saml2/response.py | 7 ++++++- tests/src/OneLogin/saml2_tests/response_test.py | 15 +++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py index bb6a9b44..c4b0751d 100644 --- a/src/onelogin/saml2/response.py +++ b/src/onelogin/saml2/response.py @@ -47,7 +47,7 @@ def __init__(self, settings, response): self.encrypted = True self.decrypted_document = self.__decrypt_assertion(decrypted_document) - def is_valid(self, request_data, request_id=None): + def is_valid(self, request_data, request_id=None, raises=False): """ Validates the response object. @@ -57,6 +57,9 @@ def is_valid(self, request_data, request_id=None): :param request_id: Optional argument. The ID of the AuthNRequest sent by this SP to the IdP :type request_id: string + :param raises: Optional argument. If true, the function will raise an exception as soon as first validation test fails + :type raises: bool + :returns: True if the SAML Response is valid, False if not :rtype: bool """ @@ -226,6 +229,8 @@ def is_valid(self, request_data, request_id=None): debug = self.__settings.is_debug_active() if debug: print(err) + if raises: + raise return False def check_status(self): diff --git a/tests/src/OneLogin/saml2_tests/response_test.py b/tests/src/OneLogin/saml2_tests/response_test.py index e9246577..06816d06 100644 --- a/tests/src/OneLogin/saml2_tests/response_test.py +++ b/tests/src/OneLogin/saml2_tests/response_test.py @@ -1349,3 +1349,18 @@ def testIsValidWithoutInResponseTo(self): 'http_host': 'pitbulk.no-ip.org', 'script_name': 'newonelogin/demo1/index.php?acs' })) + + def testIsValidRaisesExceptionWhenRaisesArgumentIsTrue(self): + """ + Tests that the internal exception gets raised if the raise parameter + is True. + """ + settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) + settings.set_strict(True) + xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_conditions.xml.base64')) + response = OneLogin_Saml2_Response(settings, xml) + + self.assertFalse(response.is_valid(self.get_request_data())) + + with self.assertRaises(Exception): + response.is_valid(self.get_request_data(), raises=True) From 16e38bed9cb76777c12a310c8bddd634f4008a60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pekka=20P=C3=B6yry?= Date: Tue, 15 Nov 2016 10:58:20 +0200 Subject: [PATCH 7/7] Improve response tests --- .../src/OneLogin/saml2_tests/response_test.py | 201 +++++------------- 1 file changed, 54 insertions(+), 147 deletions(-) diff --git a/tests/src/OneLogin/saml2_tests/response_test.py b/tests/src/OneLogin/saml2_tests/response_test.py index 06816d06..a2d8c65b 100644 --- a/tests/src/OneLogin/saml2_tests/response_test.py +++ b/tests/src/OneLogin/saml2_tests/response_test.py @@ -79,21 +79,15 @@ def testReturnNameId(self): xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_nameid.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_4.get_nameid() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['security']['wantNameId'] = True settings = OneLogin_Saml2_Settings(json_settings) response_5 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_5.get_nameid() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['security']['wantNameId'] = False settings = OneLogin_Saml2_Settings(json_settings) @@ -106,30 +100,21 @@ def testReturnNameId(self): settings = OneLogin_Saml2_Settings(json_settings) response_7 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_7.get_nameid() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['strict'] = True settings = OneLogin_Saml2_Settings(json_settings) xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'wrong_spnamequalifier.xml.base64')) response_8 = OneLogin_Saml2_Response(settings, xml_5) - try: + with self.assertRaisesRegexp(Exception, 'The SPNameQualifier value mistmatch the SP entityID value.'): response_8.get_nameid() - self.assertTrue(False) - except Exception as e: - self.assertIn('The SPNameQualifier value mistmatch the SP entityID value.', str(e)) xml_6 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'empty_nameid.xml.base64')) response_9 = OneLogin_Saml2_Response(settings, xml_6) - try: + with self.assertRaisesRegexp(Exception, 'An empty NameID value found'): response_9.get_nameid() - self.assertTrue(False) - except Exception as e: - self.assertIn('An empty NameID value found', str(e)) def testGetNameIdData(self): """ @@ -168,21 +153,15 @@ def testGetNameIdData(self): xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_nameid.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_4.get_nameid_data() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['security']['wantNameId'] = True settings = OneLogin_Saml2_Settings(json_settings) response_5 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_5.get_nameid_data() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['security']['wantNameId'] = False settings = OneLogin_Saml2_Settings(json_settings) @@ -195,11 +174,8 @@ def testGetNameIdData(self): settings = OneLogin_Saml2_Settings(json_settings) response_7 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_7.get_nameid_data() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['security']['wantNameId'] = False settings = OneLogin_Saml2_Settings(json_settings) @@ -212,30 +188,21 @@ def testGetNameIdData(self): settings = OneLogin_Saml2_Settings(json_settings) response_7 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Not NameID found in the assertion of the Response'): response_7.get_nameid_data() - self.assertTrue(False) - except Exception as e: - self.assertIn('Not NameID found in the assertion of the Response', str(e)) json_settings['strict'] = True settings = OneLogin_Saml2_Settings(json_settings) xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'wrong_spnamequalifier.xml.base64')) response_8 = OneLogin_Saml2_Response(settings, xml_5) - try: + with self.assertRaisesRegexp(Exception, 'The SPNameQualifier value mistmatch the SP entityID value.'): response_8.get_nameid_data() - self.assertTrue(False) - except Exception as e: - self.assertIn('The SPNameQualifier value mistmatch the SP entityID value.', str(e)) xml_6 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'empty_nameid.xml.base64')) response_9 = OneLogin_Saml2_Response(settings, xml_6) - try: + with self.assertRaisesRegexp(Exception, 'An empty NameID value found'): response_9.get_nameid_data() - self.assertTrue(False) - except Exception as e: - self.assertIn('An empty NameID value found', str(e)) def testCheckStatus(self): """ @@ -252,19 +219,13 @@ def testCheckStatus(self): xml_2 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'status_code_responder.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) - try: + with self.assertRaisesRegexp(Exception, 'The status code of the Response was not Success, was Responder'): response_2.check_status() - self.assertTrue(False) - except Exception as e: - self.assertIn('The status code of the Response was not Success, was Responder', str(e)) xml_3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'status_code_responer_and_msg.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) - try: + with self.assertRaisesRegexp(Exception, 'The status code of the Response was not Success, was Responder -> something_is_wrong'): response_3.check_status() - self.assertTrue(False) - except Exception as e: - self.assertIn('The status code of the Response was not Success, was Responder -> something_is_wrong', str(e)) def testCheckOneCondition(self): """ @@ -374,17 +335,13 @@ def testGetIssuers(self): xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_issuer_response.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) - try: + with self.assertRaisesRegexp(Exception, 'Issuer of the Response not found or multiple.'): response_4.get_issuers() - except Exception as e: - self.assertIn('Issuer of the Response not found or multiple.', str(e)) xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_issuer_assertion.xml.base64')) response_5 = OneLogin_Saml2_Response(settings, xml_5) - try: + with self.assertRaisesRegexp(Exception, 'Issuer of the Assertion not found or multiple.'): response_5.get_issuers() - except Exception as e: - self.assertIn('Issuer of the Assertion not found or multiple.', str(e)) def testGetSessionIndex(self): """ @@ -535,11 +492,8 @@ def testValidateVersion(self): settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_saml2.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) - try: - valid = response.is_valid(self.get_request_data()) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('Reference validation failed', str(e)) + with self.assertRaisesRegexp(Exception, 'Unsupported SAML version'): + response.is_valid(self.get_request_data(), raises=True) def testValidateID(self): """ @@ -549,11 +503,8 @@ def testValidateID(self): settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_id.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) - try: - valid = response.is_valid(self.get_request_data()) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('Missing ID attribute on SAML Response', str(e)) + with self.assertRaisesRegexp(Exception, 'Missing ID attribute on SAML Response'): + response.is_valid(self.get_request_data(), raises=True) def testIsInValidReference(self): """ @@ -582,11 +533,8 @@ def testIsInValidExpired(self): settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, xml) - try: - valid = response_2.is_valid(self.get_request_data()) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('Timing issues (please check your clock settings)', str(e)) + with self.assertRaisesRegexp(Exception, 'Timing issues \(please check your clock settings\)'): + response_2.is_valid(self.get_request_data(), raises=True) def testIsInValidNoStatement(self): """ @@ -643,11 +591,8 @@ def testIsInValidNoKey(self): settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_key.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) - try: - valid = response.is_valid(self.get_request_data()) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('Signature validation failed. SAML Response rejected', str(e)) + with self.assertRaisesRegexp(Exception, 'Signature validation failed. SAML Response rejected'): + response.is_valid(self.get_request_data(), raises=True) def testIsInValidMultipleAssertions(self): """ @@ -658,11 +603,8 @@ def testIsInValidMultipleAssertions(self): settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'multiple_assertions.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) - try: - valid = response.is_valid(self.get_request_data()) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('SAML Response must contain 1 assertion', str(e)) + with self.assertRaisesRegexp(Exception, 'SAML Response must contain 1 assertion'): + response.is_valid(self.get_request_data(), raises=True) def testIsInValidEncAttrs(self): """ @@ -677,11 +619,8 @@ def testIsInValidEncAttrs(self): settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, xml) - try: - valid = response_2.is_valid(self.get_request_data()) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('There is an EncryptedAttribute in the Response and this SP not support them', str(e)) + with self.assertRaisesRegexp(Exception, 'There is an EncryptedAttribute in the Response and this SP not support them'): + response_2.is_valid(self.get_request_data(), raises=True) def testIsInValidDuplicatedAttrs(self): """ @@ -691,11 +630,8 @@ def testIsInValidDuplicatedAttrs(self): settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'duplicated_attributes.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) - try: + with self.assertRaisesRegexp(Exception, 'Found an Attribute element with duplicated Name'): response.get_attributes() - self.assertFalse(True) - except Exception as e: - self.assertEqual('Found an Attribute element with duplicated Name', str(e)) def testIsInValidDestination(self): """ @@ -786,18 +722,12 @@ def testIsInValidIssuer(self): settings.set_strict(True) response_3 = OneLogin_Saml2_Response(settings, message) - try: - valid = response_3.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('is not a valid audience for this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'Invalid issuer in the Assertion/Response'): + response_3.is_valid(request_data, raises=True) response_4 = OneLogin_Saml2_Response(settings, message_2) - try: - valid = response_4.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('is not a valid audience for this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'Invalid issuer in the Assertion/Response'): + response_4.is_valid(request_data, raises=True) def testIsInValidSessionIndex(self): """ @@ -821,11 +751,8 @@ def testIsInValidSessionIndex(self): settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, message) - try: - valid = response_2.is_valid(request_data) - self.assertFalse(valid) - except Exception as e: - self.assertEqual('The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response'): + response_2.is_valid(request_data, raises=True) def testDatetimeWithMiliseconds(self): """ @@ -915,40 +842,28 @@ def testIsInValidSubjectConfirmation(self): settings.set_strict(True) response = OneLogin_Saml2_Response(settings, message) - try: - self.assertFalse(response.is_valid(request_data)) - except Exception as e: - self.assertEqual('A valid SubjectConfirmation was not found on this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'A valid SubjectConfirmation was not found on this Response'): + response.is_valid(request_data, raises=True) response_2 = OneLogin_Saml2_Response(settings, message_2) - try: - self.assertFalse(response_2.is_valid(request_data)) - except Exception as e: - self.assertEqual('A valid SubjectConfirmation was not found on this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'A valid SubjectConfirmation was not found on this Response'): + response_2.is_valid(request_data, raises=True) response_3 = OneLogin_Saml2_Response(settings, message_3) - try: - self.assertFalse(response_3.is_valid(request_data)) - except Exception as e: - self.assertEqual('A valid SubjectConfirmation was not found on this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'A valid SubjectConfirmation was not found on this Response'): + response_3.is_valid(request_data, raises=True) response_4 = OneLogin_Saml2_Response(settings, message_4) - try: - self.assertFalse(response_4.is_valid(request_data)) - except Exception as e: - self.assertEqual('A valid SubjectConfirmation was not found on this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'A valid SubjectConfirmation was not found on this Response'): + response_4.is_valid(request_data, raises=True) response_5 = OneLogin_Saml2_Response(settings, message_5) - try: - self.assertFalse(response_5.is_valid(request_data)) - except Exception as e: - self.assertEqual('A valid SubjectConfirmation was not found on this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'A valid SubjectConfirmation was not found on this Response'): + response_5.is_valid(request_data, raises=True) response_6 = OneLogin_Saml2_Response(settings, message_6) - try: - self.assertFalse(response_6.is_valid(request_data)) - except Exception as e: - self.assertEqual('A valid SubjectConfirmation was not found on this Response', str(e)) + with self.assertRaisesRegexp(Exception, 'A valid SubjectConfirmation was not found on this Response'): + response_6.is_valid(request_data, raises=True) def testIsInValidRequestId(self): """ @@ -973,10 +888,8 @@ def testIsInValidRequestId(self): settings.set_strict(True) response = OneLogin_Saml2_Response(settings, message) - try: - self.assertFalse(response.is_valid(request_data, request_id)) - except Exception as e: - self.assertEqual('The InResponseTo of the Response', str(e)) + with self.assertRaisesRegexp(Exception, 'The InResponseTo of the Response'): + response.is_valid(request_data, request_id, raises=True) valid_request_id = '_57bcbf70-7b1f-012e-c821-782bcb13bb38' response.is_valid(request_data, valid_request_id) @@ -1020,10 +933,8 @@ def testIsInValidSignIssues(self): settings_info['security']['wantAssertionsSigned'] = True settings_4 = OneLogin_Saml2_Settings(settings_info) response_4 = OneLogin_Saml2_Response(settings_4, message) - try: - self.assertFalse(response_4.is_valid(request_data)) - except Exception as e: - self.assertEqual('The Assertion of the Response is not signed and the SP require it', str(e)) + with self.assertRaisesRegexp(Exception, 'The Assertion of the Response is not signed and the SP require it'): + response_4.is_valid(request_data, raises=True) settings_info['security']['wantAssertionsSigned'] = False settings_info['strict'] = False @@ -1050,10 +961,8 @@ def testIsInValidSignIssues(self): settings_info['security']['wantMessagesSigned'] = True settings_8 = OneLogin_Saml2_Settings(settings_info) response_8 = OneLogin_Saml2_Response(settings_8, message) - try: - self.assertFalse(response_8.is_valid(request_data)) - except Exception as e: - self.assertEqual('The Message of the Response is not signed and the SP require it', str(e)) + with self.assertRaisesRegexp(Exception, 'The Message of the Response is not signed and the SP require it'): + response_8.is_valid(request_data, raises=True) def testIsInValidEncIssues(self): """ @@ -1134,10 +1043,8 @@ def testIsInValidCert(self): xml = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) - try: - self.assertFalse(response.is_valid(self.get_request_data())) - except Exception as e: - self.assertIn('openssl_x509_read(): supplied parameter cannot be', str(e)) + with self.assertRaisesRegexp(Exception, 'failed to load key'): + response.is_valid(self.get_request_data(), raises=True) def testIsInValidCert2(self): """