fix: invalid definitions means bugs

.github/workflows/python-app.yml

@@ -39,13 +39,13 @@ jobs:
         if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
         pip install -r example_sp/djangosaml2_sp/requirements.txt
         pip install spid-sp-test>=0.9.2
-        pip list -v
-    #- name: Lint with flake8
-      #run: |
+        pip install flake8
+    - name: Lint with flake8
+      run: |
         ## stop the build if there are Python syntax errors or undefined names
-        #flake8 oidc_provider --count --select=E9,F63,F7,F82 --show-source --statistics
+        flake8 --count --select=E9,F63,F7,F82 --show-source --statistics example
         ## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-        #flake8 oidc_provider  --max-line-length 120 --count --exit-zero --statistics
+        flake8 --max-line-length 120 --count --exit-zero --statistics example
     - name: run djangosaml2 sp
       run: |
         cd example_sp/djangosaml2_sp/

example/backends/spidsaml2.py

@@ -1,3 +1,4 @@
+import json
 import logging
 import re
 import saml2
@@ -269,7 +270,7 @@ def get_kwargs_sign_dig_algs(self):
         return kwargs
 
 
-    def check_blacklist(self):
+    def check_blacklist(self, context, entity_id):
         # If IDP blacklisting is enabled and the selected IDP is blacklisted,
         # stop here
         if self.idp_blacklist_file:
@@ -295,14 +296,17 @@ def authn_request(self, context, entity_id):
         :param entity_id: Target IDP entity id
         :return: response to the user agent
         """
-        self.check_blacklist()
+        self.check_blacklist(context, entity_id)
 
         kwargs = {}
         # fetch additional kwargs
         kwargs.update(self.get_kwargs_sign_dig_algs())
 
         authn_context = self.construct_requested_authn_context(entity_id)
-        requested_authn_context = authn_context or requested_authn_context(class_ref=self._authn_context)
+        req_authn_context = (
+            authn_context
+            or requested_authn_context(class_ref=self._authn_context)
+        )
 
         # force_auth = true only if SpidL >= 2
         if 'SpidL1' in authn_context.authn_context_class_ref[0].text:
@@ -365,7 +369,7 @@ def authn_request(self, context, entity_id):
             authn_req.name_id_policy  = name_id_policy
 
             # TODO: use a parameter instead
-            authn_req.requested_authn_context = requested_authn_context
+            authn_req.requested_authn_context = req_authn_context
             authn_req.protocol_binding = binding
 
             assertion_consumer_service_url = client.config._sp_endpoints['assertion_consumer_service'][0][0]
@@ -389,7 +393,7 @@ def authn_request(self, context, entity_id):
 
             if self.sp.config.getattr('allow_unsolicited', 'sp') is False:
                 if authn_req.id in self.outstanding_queries:
-                    errmsg = "Request with duplicate id {}".format(req_id)
+                    errmsg = "Request with duplicate id {}".format(authn_req.id)
                     logger.debug(errmsg)
                     raise SATOSAAuthenticationError(context.state, errmsg)
                 self.outstanding_queries[authn_req.id] = authn_req_signed

example/backends/spidsaml2_validator.py

@@ -186,7 +186,10 @@ def validate_subject_confirmation_data(self):
 
                 # 50
                 if self.recipient != subject_confirmation.subject_confirmation_data.recipient:
-                    msg = f'subject_confirmation_data.recipient not valid: {subject_confirmation_data.recipient}. '
+                    msg = (
+                        "subject_confirmation.subject_confirmation_data.recipient not valid:"
+                        f" {subject_confirmation.subject_confirmation_data.recipient}."
+                    )
                     raise SPIDValidatorException(f'{msg}{_ERROR_TROUBLESHOOT}')
 
                 # 63 ,64