authentik.enterprise.providers.ws_federation.tests.test_sign_in

View Source

 1import xmlsec
 2from django.test import TestCase
 3from guardian.utils import get_anonymous_user
 4from lxml import etree  # nosec
 5
 6from authentik.core.models import Application
 7from authentik.core.tests.utils import RequestFactory, create_test_cert, create_test_flow
 8from authentik.enterprise.providers.ws_federation.models import WSFederationProvider
 9from authentik.enterprise.providers.ws_federation.processors.constants import (
10    NS_MAP,
11    WS_FED_ACTION_SIGN_IN,
12    WS_FED_POST_KEY_RESULT,
13)
14from authentik.enterprise.providers.ws_federation.processors.sign_in import (
15    SignInProcessor,
16    SignInRequest,
17)
18from authentik.lib.generators import generate_id
19from authentik.lib.xml import lxml_from_string
20
21
22class TestWSFedSignIn(TestCase):
23    def setUp(self):
24        self.flow = create_test_flow()
25        self.cert = create_test_cert()
26        self.provider = WSFederationProvider.objects.create(
27            name=generate_id(),
28            authorization_flow=self.flow,
29            signing_kp=self.cert,
30        )
31        self.app = Application.objects.create(
32            name=generate_id(), slug=generate_id(), provider=self.provider
33        )
34        self.factory = RequestFactory()
35
36    def test_token_gen(self):
37        request = self.factory.get("/", user=get_anonymous_user())
38        proc = SignInProcessor(
39            self.provider,
40            request,
41            SignInRequest(
42                wa=WS_FED_ACTION_SIGN_IN,
43                wtrealm="",
44                wreply="",
45                wctx=None,
46            ),
47        )
48        token = proc.response()[WS_FED_POST_KEY_RESULT]
49
50        root = lxml_from_string(token)
51
52        schema = etree.XMLSchema(
53            etree.parse(source="schemas/ws-trust.xsd", parser=etree.XMLParser())  # nosec
54        )
55        self.assertTrue(schema.validate(etree=root), schema.error_log)
56
57    def test_signature(self):
58        request = self.factory.get("/", user=get_anonymous_user())
59        proc = SignInProcessor(
60            self.provider,
61            request,
62            SignInRequest(
63                wa=WS_FED_ACTION_SIGN_IN,
64                wtrealm="",
65                wreply="",
66                wctx=None,
67            ),
68        )
69        token = proc.response()[WS_FED_POST_KEY_RESULT]
70
71        root = lxml_from_string(token)
72        xmlsec.tree.add_ids(root, ["ID"])
73        signature_nodes = root.xpath("//saml:Assertion/ds:Signature", namespaces=NS_MAP)
74        self.assertEqual(len(signature_nodes), 1)
75
76        signature_node = signature_nodes[0]
77        ctx = xmlsec.SignatureContext()
78        ctx.key = xmlsec.Key.from_memory(
79            self.cert.certificate_data,
80            xmlsec.constants.KeyDataFormatCertPem,
81            None,
82        )
83        ctx.verify(signature_node)

class TestWSFedSignIn(django.test.testcases.TestCase): View Source

23class TestWSFedSignIn(TestCase):
24    def setUp(self):
25        self.flow = create_test_flow()
26        self.cert = create_test_cert()
27        self.provider = WSFederationProvider.objects.create(
28            name=generate_id(),
29            authorization_flow=self.flow,
30            signing_kp=self.cert,
31        )
32        self.app = Application.objects.create(
33            name=generate_id(), slug=generate_id(), provider=self.provider
34        )
35        self.factory = RequestFactory()
36
37    def test_token_gen(self):
38        request = self.factory.get("/", user=get_anonymous_user())
39        proc = SignInProcessor(
40            self.provider,
41            request,
42            SignInRequest(
43                wa=WS_FED_ACTION_SIGN_IN,
44                wtrealm="",
45                wreply="",
46                wctx=None,
47            ),
48        )
49        token = proc.response()[WS_FED_POST_KEY_RESULT]
50
51        root = lxml_from_string(token)
52
53        schema = etree.XMLSchema(
54            etree.parse(source="schemas/ws-trust.xsd", parser=etree.XMLParser())  # nosec
55        )
56        self.assertTrue(schema.validate(etree=root), schema.error_log)
57
58    def test_signature(self):
59        request = self.factory.get("/", user=get_anonymous_user())
60        proc = SignInProcessor(
61            self.provider,
62            request,
63            SignInRequest(
64                wa=WS_FED_ACTION_SIGN_IN,
65                wtrealm="",
66                wreply="",
67                wctx=None,
68            ),
69        )
70        token = proc.response()[WS_FED_POST_KEY_RESULT]
71
72        root = lxml_from_string(token)
73        xmlsec.tree.add_ids(root, ["ID"])
74        signature_nodes = root.xpath("//saml:Assertion/ds:Signature", namespaces=NS_MAP)
75        self.assertEqual(len(signature_nodes), 1)
76
77        signature_node = signature_nodes[0]
78        ctx = xmlsec.SignatureContext()
79        ctx.key = xmlsec.Key.from_memory(
80            self.cert.certificate_data,
81            xmlsec.constants.KeyDataFormatCertPem,
82            None,
83        )
84        ctx.verify(signature_node)

Similar to TransactionTestCase, but use transaction.atomic() to achieve test isolation.

In most situations, TestCase should be preferred to TransactionTestCase as it allows faster execution. However, there are some situations where using TransactionTestCase might be necessary (e.g. testing some transactional behavior).

On database backends with no transaction support, TestCase behaves as TransactionTestCase.

def setUp(self): View Source

24    def setUp(self):
25        self.flow = create_test_flow()
26        self.cert = create_test_cert()
27        self.provider = WSFederationProvider.objects.create(
28            name=generate_id(),
29            authorization_flow=self.flow,
30            signing_kp=self.cert,
31        )
32        self.app = Application.objects.create(
33            name=generate_id(), slug=generate_id(), provider=self.provider
34        )
35        self.factory = RequestFactory()

Hook method for setting up the test fixture before exercising it.

def test_token_gen(self): View Source

37    def test_token_gen(self):
38        request = self.factory.get("/", user=get_anonymous_user())
39        proc = SignInProcessor(
40            self.provider,
41            request,
42            SignInRequest(
43                wa=WS_FED_ACTION_SIGN_IN,
44                wtrealm="",
45                wreply="",
46                wctx=None,
47            ),
48        )
49        token = proc.response()[WS_FED_POST_KEY_RESULT]
50
51        root = lxml_from_string(token)
52
53        schema = etree.XMLSchema(
54            etree.parse(source="schemas/ws-trust.xsd", parser=etree.XMLParser())  # nosec
55        )
56        self.assertTrue(schema.validate(etree=root), schema.error_log)

def test_signature(self): View Source

58    def test_signature(self):
59        request = self.factory.get("/", user=get_anonymous_user())
60        proc = SignInProcessor(
61            self.provider,
62            request,
63            SignInRequest(
64                wa=WS_FED_ACTION_SIGN_IN,
65                wtrealm="",
66                wreply="",
67                wctx=None,
68            ),
69        )
70        token = proc.response()[WS_FED_POST_KEY_RESULT]
71
72        root = lxml_from_string(token)
73        xmlsec.tree.add_ids(root, ["ID"])
74        signature_nodes = root.xpath("//saml:Assertion/ds:Signature", namespaces=NS_MAP)
75        self.assertEqual(len(signature_nodes), 1)
76
77        signature_node = signature_nodes[0]
78        ctx = xmlsec.SignatureContext()
79        ctx.key = xmlsec.Key.from_memory(
80            self.cert.certificate_data,
81            xmlsec.constants.KeyDataFormatCertPem,
82            None,
83        )
84        ctx.verify(signature_node)