diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 6a89202f..ea1872bb 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -39,13 +39,13 @@ jobs: if [ -f requirements.txt ]; then pip install -r requirements.txt; fi pip install -r example_sp/djangosaml2_sp/requirements.txt pip install spid-sp-test>=0.9.2 - pip list -v - #- name: Lint with flake8 - #run: | + pip install flake8 + - name: Lint with flake8 + run: | ## stop the build if there are Python syntax errors or undefined names - #flake8 oidc_provider --count --select=E9,F63,F7,F82 --show-source --statistics + flake8 --count --select=E9,F63,F7,F82 --show-source --statistics example ## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - #flake8 oidc_provider --max-line-length 120 --count --exit-zero --statistics + flake8 --max-line-length 120 --count --exit-zero --statistics example - name: run djangosaml2 sp run: | cd example_sp/djangosaml2_sp/ diff --git a/example/backends/spidsaml2.py b/example/backends/spidsaml2.py index 177dfc69..389f0dde 100644 --- a/example/backends/spidsaml2.py +++ b/example/backends/spidsaml2.py @@ -1,3 +1,4 @@ +import json import logging import re import saml2 @@ -269,7 +270,7 @@ def get_kwargs_sign_dig_algs(self): return kwargs - def check_blacklist(self): + def check_blacklist(self, context, entity_id): # If IDP blacklisting is enabled and the selected IDP is blacklisted, # stop here if self.idp_blacklist_file: @@ -295,14 +296,17 @@ def authn_request(self, context, entity_id): :param entity_id: Target IDP entity id :return: response to the user agent """ - self.check_blacklist() + self.check_blacklist(context, entity_id) kwargs = {} # fetch additional kwargs kwargs.update(self.get_kwargs_sign_dig_algs()) authn_context = self.construct_requested_authn_context(entity_id) - requested_authn_context = authn_context or requested_authn_context(class_ref=self._authn_context) + req_authn_context = ( + authn_context + or requested_authn_context(class_ref=self._authn_context) + ) # force_auth = true only if SpidL >= 2 if 'SpidL1' in authn_context.authn_context_class_ref[0].text: @@ -365,7 +369,7 @@ def authn_request(self, context, entity_id): authn_req.name_id_policy = name_id_policy # TODO: use a parameter instead - authn_req.requested_authn_context = requested_authn_context + authn_req.requested_authn_context = req_authn_context authn_req.protocol_binding = binding assertion_consumer_service_url = client.config._sp_endpoints['assertion_consumer_service'][0][0] @@ -389,7 +393,7 @@ def authn_request(self, context, entity_id): if self.sp.config.getattr('allow_unsolicited', 'sp') is False: if authn_req.id in self.outstanding_queries: - errmsg = "Request with duplicate id {}".format(req_id) + errmsg = "Request with duplicate id {}".format(authn_req.id) logger.debug(errmsg) raise SATOSAAuthenticationError(context.state, errmsg) self.outstanding_queries[authn_req.id] = authn_req_signed diff --git a/example/backends/spidsaml2_validator.py b/example/backends/spidsaml2_validator.py index 261dea05..cfb7fa42 100644 --- a/example/backends/spidsaml2_validator.py +++ b/example/backends/spidsaml2_validator.py @@ -186,7 +186,10 @@ def validate_subject_confirmation_data(self): # 50 if self.recipient != subject_confirmation.subject_confirmation_data.recipient: - msg = f'subject_confirmation_data.recipient not valid: {subject_confirmation_data.recipient}. ' + msg = ( + "subject_confirmation.subject_confirmation_data.recipient not valid:" + f" {subject_confirmation.subject_confirmation_data.recipient}." + ) raise SPIDValidatorException(f'{msg}{_ERROR_TROUBLESHOOT}') # 63 ,64