o "4gj%@sddlmZmZddlmZmZddlmZddlm Z m Z ddl m Z ddl Z ddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZe jddiidejfdiddiddfdiddide dfdidddddfdddiiddfdddiidejfdiiddfgddZddZ dd Z!d!d"Z"d#d$Z#d%d&Z$d'd(Z%d)d*Z&e jd+d,d-d.d/d0d1igd2d3Z'e jd+d,d-d.d4id-d.d4d5d6id7gd8d9Z(e jd:d;ddUs ztest_acs..urn:dev-123.us.auth0.com dummysamluid)provideruidRolez view-profilezmanage-account-links)rzjohn.doe@email.org)SOCIALACCOUNT_PROVIDERSdictupdate setdefaultrLOGINCONNECTgetfixturevaluepostr status_codeget templatesrobjects extra_datar remail)request idp_initiateddb saml_settingsacs_saml_response_factorymocked_signature_validation expected_url relay_state state_kwargssociallogin_setup_state adv_settingsrprovider_settingsrr is_connectrrstate_idr%resp finish_urlaccountrFr1r1r2test_acssF&       rXcCsZddi}|jtdddid|d}|jdksJ||d }d d d |jDvs+JdS) Nrz bad-responserr r!r"r$r'r(r)csr*r+r,r.r1r1r2r3iz!test_acs_error..)r@rrArBrC)rrIrJr%rUr1r1r2test_acs_errorbsrZcCsN|tdddid}|jdksJ||d}ddd |jDvs%Jd S) zbWHile ACS expects POST, it always redirects and handles the request in the FinishACSView. rr r!r"r'r(r)csr*r+r,r.r1r1r2r3srYztest_acs_get..N)rBrrArCrrIrJrUr1r1r2 test_acs_getlsr\cCs(|tdddid}|jdksJdS)zSLS expects POSTsaml_slsr r!r"iN)rBrrAr[r1r1r2 test_sls_getvsr^cCs2|tdddid}|jdksJt|ddS)N saml_loginr r!r"zsocialaccount/login.html)rBrrAr r[r1r1r2test_login_on_get|sracCs|tdddidd}|jdksJ|d}|dsJtt|j}|d dus/Jt|j t j  d }|d sBJ|j t j |d }|d dd dksVJdS)Nr_r r!r"z?process=connect&next=/foor'r(z3https://dev-123.us.auth0.com/samlp/456?SAMLRequest=rr ONELOGIN_rz/foo)rr%r) r@rrA startswithrrqueryrBlistsessionr STATES_SESSION_KEYkeys)rrIrJrUr( resp_queryrTstater1r1r2 test_loginsrkcCs8|tdddid}|jdksJ|jdsJdS)N saml_metadatar r!r"r`sY JdS) Nz4allauth.account.adapter.DefaultAccountAdapter.logoutr]r r!r"? SAMLRequestr'r(z4https://dev-123.us.auth0.com/samlp/456?SAMLResponse=)rrBrr call_countrArc)rrIrJ user_factorysls_saml_request logout_mockrUr1r1r2test_slss   rvprovider_configidpdummyhttps://idp.org/sso/https://idp.saml.org/slo/cert) entity_idsso_urlslo_urlx509certcCsr|d}t||d}|dddksJ|dddksJ|ddd d iks+J|dd d d iks7JdS) N/r!rxentityIdryrr|singleSignOnServiceurlrzsingleLogoutServicer{)rBr)rfrwrGconfigr1r1r2+test_build_saml_config_without_metadata_urls  r)r} metadata_urlr}zdummy-sp-entity-id)rxspcCs |d}td}ddddiddidd i|_t||d }Wdn1s(wY|dd dks7J|dd dksAJ|dd ddiksMJ|ddddiksYJ|tdd gd}|did}|rz|dd |ksxJdS|dd |ksJdS)NrzPonelogin.saml2.idp_metadata_parser.OneLogin_Saml2_IdPMetadataParser.parse_remoterxryrrzr{r|)rrrrr!rrrrrl)argsrr})rBr return_valuerbuild_absolute_urir)rrwrG parse_mockrr sp_entity_idr1r1r2test_build_saml_configs.  rzdata, result, uidz,urn:oasis:names:tc:SAML:attribute:subject-id123nameid@saml.org)r7rFrFcCsldddddgii|_tjddd}t}||j_d|j_d|j_|||ks+J| ||ks4JdS) Nrrr!r4) client_id provider_id)rGr6rz6urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) r9r get_providerrget_attributesr get_nameidget_nameid_format_extract extract_uid)rIr%resultr7rr6 onelogin_datar1r1r2test_extract_attributess   r)* unittest.mockrr urllib.parserr django.confr django.urlsrrdjango.utils.httpr pytestpytest_django.assertsr allauth.account.modelsr allauth.socialaccount.adapterr allauth.socialaccount.internalr allauth.socialaccount.modelsr.allauth.socialaccount.providers.base.constantsr*allauth.socialaccount.providers.saml.utilsrmark parametrizeLOGIN_REDIRECT_URLrXrZr\r^rarkrnrvrrrr1r1r1r2s           7