authentik.providers.saml.tests.test_logout_request_parser

logout request tests

View Source

 1"""logout request tests"""
 2
 3from django.test import TestCase
 4
 5from authentik.blueprints.tests import apply_blueprint
 6from authentik.common.saml.constants import SAML_NAME_ID_FORMAT_TRANSIENT
 7from authentik.core.tests.utils import create_test_cert, create_test_flow
 8from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
 9from authentik.providers.saml.processors.logout_request_parser import LogoutRequestParser
10from authentik.sources.saml.models import SAMLSource
11
12GET_LOGOUT_REQUEST = (
13    "lJLNauMwEMdfRejuSJbtEIvYsBAWDNlltyk99DaxJ41AllzNGNq3L3Z7CD0EehJo5vf/ENoTjH6yx/gSZ37A1xmJxdvo"
14    "A9ll0sg5BRuBHNkAI5Ll3p5+/Tlas9EWiDCxi0HeINN9ZkqRYx+9FN2hkW7IDEJ+1vllWxfbAvq6wmKAEvKq1PW5HnbY"
15    "V6aqy1KKJ0zkYmik2WgpOqIZu0AMgRtptDGZNpnJH01uC2PL7UbvzLMUByR2AXglr8yTVcrHHvw1Ettaa61gmrzr1xW1"
16    "VFCMxIp8VAkHl7BnJdv1pezqmsTvmEbg+02XGzdkl3XVYmDH77JdVLJFP6Npr240vwz+wojdQSzH/xm8uzhMjbylpDj9"
17    "uzv+eThOEMhhYKnaz1DfvkT7EQAA//8="
18)
19POST_LOGOUT_REQUEST = (
20    "PHNhbWxwOkxvZ291dFJlcXVlc3QgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvb"
21    "iIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9ImlkLWI4ZjRmZDUxZW"
22    "Q0MTA2ZjFlNzgyYjk1ZDUxZDlhZDNmMzg1ZTU4MTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIyLTAyLTI"
23    "xVDIyOjUwOjMzLjk5OVoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDAvYXBwbGljYXRpb24vc2FtbC90"
24    "ZXN0L3Nsby9wb3N0LyI+PHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZ"
25    "C1mb3JtYXQ6ZW50aXR5Ij5zYW1sLXRlc3Qtc3A8L3NhbWw6SXNzdWVyPjxzYW1sOk5hbWVJRCBOYW1lUXVhbGlmaWVyPS"
26    "JzYW1sLXRlc3Qtc3AiIFNQTmFtZVF1YWxpZmllcj0ic2FtbC10ZXN0LXNwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp"
27    "0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCIvPjwvc2FtbHA6TG9nb3V0UmVxdWVzdD4="
28)
29
30
31class TestLogoutRequest(TestCase):
32    """Test LogoutRequest parser"""
33
34    @apply_blueprint("system/providers-saml.yaml")
35    def setUp(self):
36        cert = create_test_cert()
37        self.provider: SAMLProvider = SAMLProvider.objects.create(
38            authorization_flow=create_test_flow(),
39            acs_url="http://testserver/source/saml/provider/acs/",
40            signing_kp=cert,
41            verification_kp=cert,
42        )
43        self.provider.property_mappings.set(SAMLPropertyMapping.objects.all())
44        self.provider.save()
45        self.source = SAMLSource.objects.create(
46            slug="provider",
47            issuer="authentik",
48            pre_authentication_flow=create_test_flow(),
49            signing_kp=cert,
50        )
51
52    def test_static_get(self):
53        """Test static LogoutRequest"""
54        request = LogoutRequestParser(self.provider).parse_detached(GET_LOGOUT_REQUEST)
55        self.assertEqual(request.id, "id-2ea1b01f69363ac95e3da4a15409b9d8ec525944")
56        self.assertEqual(request.issuer, "saml-test-sp")
57        # The GET request has an empty NameID element with transient format
58        self.assertIsNone(request.name_id)  # Empty NameID element returns None
59        self.assertEqual(request.name_id_format, SAML_NAME_ID_FORMAT_TRANSIENT)
60
61    def test_static_post(self):
62        """Test static LogoutRequest"""
63        request = LogoutRequestParser(self.provider).parse(POST_LOGOUT_REQUEST)
64        self.assertEqual(request.id, "id-b8f4fd51ed4106f1e782b95d51d9ad3f385e5816")
65        self.assertEqual(request.issuer, "saml-test-sp")
66        # The POST request has an empty NameID element with transient format
67        self.assertIsNone(request.name_id)  # Empty NameID element returns None
68        self.assertEqual(request.name_id_format, SAML_NAME_ID_FORMAT_TRANSIENT)

GET_LOGOUT_REQUEST = 'lJLNauMwEMdfRejuSJbtEIvYsBAWDNlltyk99DaxJ41AllzNGNq3L3Z7CD0EehJo5vf/ENoTjH6yx/gSZ37A1xmJxdvoA9ll0sg5BRuBHNkAI5Ll3p5+/Tlas9EWiDCxi0HeINN9ZkqRYx+9FN2hkW7IDEJ+1vllWxfbAvq6wmKAEvKq1PW5HnbYV6aqy1KKJ0zkYmik2WgpOqIZu0AMgRtptDGZNpnJH01uC2PL7UbvzLMUByR2AXglr8yTVcrHHvw1Ettaa61gmrzr1xW1VFCMxIp8VAkHl7BnJdv1pezqmsTvmEbg+02XGzdkl3XVYmDH77JdVLJFP6Npr240vwz+wojdQSzH/xm8uzhMjbylpDj9uzv+eThOEMhhYKnaz1DfvkT7EQAA//8='

POST_LOGOUT_REQUEST = 'PHNhbWxwOkxvZ291dFJlcXVlc3QgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9ImlkLWI4ZjRmZDUxZWQ0MTA2ZjFlNzgyYjk1ZDUxZDlhZDNmMzg1ZTU4MTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIyLTAyLTIxVDIyOjUwOjMzLjk5OVoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDAvYXBwbGljYXRpb24vc2FtbC90ZXN0L3Nsby9wb3N0LyI+PHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5zYW1sLXRlc3Qtc3A8L3NhbWw6SXNzdWVyPjxzYW1sOk5hbWVJRCBOYW1lUXVhbGlmaWVyPSJzYW1sLXRlc3Qtc3AiIFNQTmFtZVF1YWxpZmllcj0ic2FtbC10ZXN0LXNwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCIvPjwvc2FtbHA6TG9nb3V0UmVxdWVzdD4='

class TestLogoutRequest(django.test.testcases.TestCase): View Source

32class TestLogoutRequest(TestCase):
33    """Test LogoutRequest parser"""
34
35    @apply_blueprint("system/providers-saml.yaml")
36    def setUp(self):
37        cert = create_test_cert()
38        self.provider: SAMLProvider = SAMLProvider.objects.create(
39            authorization_flow=create_test_flow(),
40            acs_url="http://testserver/source/saml/provider/acs/",
41            signing_kp=cert,
42            verification_kp=cert,
43        )
44        self.provider.property_mappings.set(SAMLPropertyMapping.objects.all())
45        self.provider.save()
46        self.source = SAMLSource.objects.create(
47            slug="provider",
48            issuer="authentik",
49            pre_authentication_flow=create_test_flow(),
50            signing_kp=cert,
51        )
52
53    def test_static_get(self):
54        """Test static LogoutRequest"""
55        request = LogoutRequestParser(self.provider).parse_detached(GET_LOGOUT_REQUEST)
56        self.assertEqual(request.id, "id-2ea1b01f69363ac95e3da4a15409b9d8ec525944")
57        self.assertEqual(request.issuer, "saml-test-sp")
58        # The GET request has an empty NameID element with transient format
59        self.assertIsNone(request.name_id)  # Empty NameID element returns None
60        self.assertEqual(request.name_id_format, SAML_NAME_ID_FORMAT_TRANSIENT)
61
62    def test_static_post(self):
63        """Test static LogoutRequest"""
64        request = LogoutRequestParser(self.provider).parse(POST_LOGOUT_REQUEST)
65        self.assertEqual(request.id, "id-b8f4fd51ed4106f1e782b95d51d9ad3f385e5816")
66        self.assertEqual(request.issuer, "saml-test-sp")
67        # The POST request has an empty NameID element with transient format
68        self.assertIsNone(request.name_id)  # Empty NameID element returns None
69        self.assertEqual(request.name_id_format, SAML_NAME_ID_FORMAT_TRANSIENT)

Test LogoutRequest parser

@apply_blueprint('system/providers-saml.yaml')

def setUp(self): View Source

35    @apply_blueprint("system/providers-saml.yaml")
36    def setUp(self):
37        cert = create_test_cert()
38        self.provider: SAMLProvider = SAMLProvider.objects.create(
39            authorization_flow=create_test_flow(),
40            acs_url="http://testserver/source/saml/provider/acs/",
41            signing_kp=cert,
42            verification_kp=cert,
43        )
44        self.provider.property_mappings.set(SAMLPropertyMapping.objects.all())
45        self.provider.save()
46        self.source = SAMLSource.objects.create(
47            slug="provider",
48            issuer="authentik",
49            pre_authentication_flow=create_test_flow(),
50            signing_kp=cert,
51        )

Hook method for setting up the test fixture before exercising it.

def test_static_get(self): View Source

53    def test_static_get(self):
54        """Test static LogoutRequest"""
55        request = LogoutRequestParser(self.provider).parse_detached(GET_LOGOUT_REQUEST)
56        self.assertEqual(request.id, "id-2ea1b01f69363ac95e3da4a15409b9d8ec525944")
57        self.assertEqual(request.issuer, "saml-test-sp")
58        # The GET request has an empty NameID element with transient format
59        self.assertIsNone(request.name_id)  # Empty NameID element returns None
60        self.assertEqual(request.name_id_format, SAML_NAME_ID_FORMAT_TRANSIENT)

Test static LogoutRequest

def test_static_post(self): View Source

62    def test_static_post(self):
63        """Test static LogoutRequest"""
64        request = LogoutRequestParser(self.provider).parse(POST_LOGOUT_REQUEST)
65        self.assertEqual(request.id, "id-b8f4fd51ed4106f1e782b95d51d9ad3f385e5816")
66        self.assertEqual(request.issuer, "saml-test-sp")
67        # The POST request has an empty NameID element with transient format
68        self.assertIsNone(request.name_id)  # Empty NameID element returns None
69        self.assertEqual(request.name_id_format, SAML_NAME_ID_FORMAT_TRANSIENT)

Test static LogoutRequest