django-saml2-idp

Merge ~quantifics/django-saml2-idp/+git/stable:master into ~ubuntuone-pqm-team/django-saml2-idp/+git/stable:master

  1. Git
  2. lp:~quantifics/django-saml2-idp/+git/stable
  3. master
  4. Merge into master
Proposed by John Paraskevopoulos
Status: Merged
Approved by: John Paraskevopoulos
Approved revision: 69376e9f87a54faac5abed7f306656868708b0d0
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~quantifics/django-saml2-idp/+git/stable:master
Merge into: ~ubuntuone-pqm-team/django-saml2-idp/+git/stable:master
Diff against target: 236 lines (+58/-26)
6 files modified
idptest/saml2idp/base.py (+11/-3)
idptest/saml2idp/codex.py (+6/-4)
idptest/saml2idp/tests/test_salesforce.py (+2/-2)
idptest/saml2idp/tests/test_signing.py (+4/-4)
idptest/saml2idp/xml_signing.py (+34/-12)
setup.py (+1/-1)
Reviewer Review Type Date Requested Status
Wouter van Bommel (community) Approve
Review via email: mp+419586@code.launchpad.net

Commit message

Replace six.b with six.ensure_binary

Description of the change

- Replaces six.b with six.ensure_binary because six.b tries to encode to
latin instead of utf-8. So this was causing some failures in SSO in test
cases where we used utf-8 values
- Adds forgotten `ensure_str`

To post a comment you must log in.
Revision history for this message
Wouter van Bommel (woutervb) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/idptest/saml2idp/base.py b/idptest/saml2idp/base.py
2index 4e2c7c7..5b51191 100644
3--- a/idptest/saml2idp/base.py
4+++ b/idptest/saml2idp/base.py
5@@ -9,7 +9,7 @@ from bs4 import BeautifulSoup
6 from django.core.exceptions import ImproperlyConfigured
7 # local app imports:
8 from saml2idp import codex
9-from six import b, ensure_str
10+from six import ensure_binary, ensure_str
11 from saml2idp import exceptions
12 from saml2idp import saml2idp_metadata
13 from saml2idp import xml_render
14@@ -83,7 +83,11 @@ class Processor(object):
15 """
16 Decodes _request_xml from _saml_request.
17 """
18- self._request_xml = ensure_str(base64.b64decode(b(self._saml_request)))
19+ self._request_xml = ensure_str(
20+ base64.b64decode(
21+ ensure_binary(self._saml_request)
22+ )
23+ )
24
25 def _determine_assertion_id(self):
26 """
27@@ -118,7 +122,11 @@ class Processor(object):
28 """
29 Encodes _response_xml to _encoded_xml.
30 """
31- self._saml_response = ensure_str(codex.nice64(b(self._response_xml)))
32+ self._saml_response = ensure_str(
33+ codex.nice64(
34+ ensure_binary(self._response_xml)
35+ )
36+ )
37
38 def _extract_saml_request(self):
39 """
40diff --git a/idptest/saml2idp/codex.py b/idptest/saml2idp/codex.py
41index 1fe80f3..effec3d 100644
42--- a/idptest/saml2idp/codex.py
43+++ b/idptest/saml2idp/codex.py
44@@ -4,18 +4,20 @@ from __future__ import absolute_import
45 import zlib
46 import base64
47 import sys
48-from six import b, ensure_str
49+from six import ensure_binary, ensure_str
50
51
52 def decode_base64_and_inflate(b64string):
53- decoded_data = base64.b64decode(b(b64string))
54+ decoded_data = base64.b64decode(ensure_binary(b64string))
55 return ensure_str(zlib.decompress(decoded_data, -15))
56
57+
58 def deflate_and_base64_encode(string_val):
59- zlibbed_str = zlib.compress(b(string_val))
60+ zlibbed_str = zlib.compress(ensure_binary(string_val))
61 compressed_string = zlibbed_str[2:-4]
62 return ensure_str(base64.b64encode(compressed_string))
63
64+
65 def nice64(src):
66 """ Returns src base64-encoded and formatted nicely for our XML. """
67- return base64.b64encode(src).replace(b('\n'), b(''))
68+ return base64.b64encode(src).replace(ensure_binary('\n'), ensure_binary(''))
69diff --git a/idptest/saml2idp/tests/test_salesforce.py b/idptest/saml2idp/tests/test_salesforce.py
70index 65c3ebe..199f146 100644
71--- a/idptest/saml2idp/tests/test_salesforce.py
72+++ b/idptest/saml2idp/tests/test_salesforce.py
73@@ -6,14 +6,14 @@ from __future__ import absolute_import
74 import base64
75 # local imports:
76 from saml2idp.tests import base
77-from six import ensure_str, b
78+from six import ensure_str, ensure_binary
79
80 SALESFORCE_ACS = 'https://login.salesforce.com'
81
82
83 def get_saml_request(acs_url=SALESFORCE_ACS):
84 return ensure_str(base64.b64encode(
85- b(
86+ ensure_binary(
87 '<?xml version="1.0" encoding="UTF-8"?>'
88 '<samlp:AuthnRequest '
89 'AssertionConsumerServiceURL="{ACS_URL}" '
90diff --git a/idptest/saml2idp/tests/test_signing.py b/idptest/saml2idp/tests/test_signing.py
91index 7b9335b..8a3c633 100644
92--- a/idptest/saml2idp/tests/test_signing.py
93+++ b/idptest/saml2idp/tests/test_signing.py
94@@ -19,7 +19,7 @@ from saml2idp.xml_templates import (
95 ASSERTION_SALESFORCE,
96 RESPONSE,
97 )
98-from six import b, ensure_str
99+from six import ensure_binary, ensure_str
100 from django.conf import settings
101
102 import sys
103@@ -123,9 +123,9 @@ class XmlTest(unittest.TestCase):
104 default_cert = settings.SAML2IDP_CONFIG['certificate_file']
105 with open(default_cert, "rb") as cert:
106 self.default_certificate_flat = ensure_str(cert.read().replace(
107- b("-----BEGIN CERTIFICATE-----"), b("")).replace(
108- b("-----END CERTIFICATE-----"), b("")).replace(
109- b("\n"), b("")))
110+ b"-----BEGIN CERTIFICATE-----", b"").replace(
111+ b"-----END CERTIFICATE-----", b"").replace(
112+ b"\n", b""))
113
114 def _test(self, got, exp):
115 # TODO: Maybe provide more meaningful output. YAGNI?
116diff --git a/idptest/saml2idp/xml_signing.py b/idptest/saml2idp/xml_signing.py
117index ba4eb54..bf0821a 100644
118--- a/idptest/saml2idp/xml_signing.py
119+++ b/idptest/saml2idp/xml_signing.py
120@@ -12,14 +12,16 @@ from OpenSSL import crypto
121 from cryptography.hazmat.primitives.serialization import Encoding
122 # this app:
123 from saml2idp import saml2idp_metadata
124-from six import b, ensure_str
125+from six import ensure_binary, ensure_str
126 from saml2idp.codex import nice64
127 from saml2idp.xml_templates import SIGNED_INFO, SIGNATURE
128
129+
130 def load_cert_data(certificate_file):
131 """Backward-compatible alias for load_cert_data_from_file."""
132 return load_cert_data_from_file(certificate_file)
133
134+
135 def load_cert_data_from_file(certificate_file):
136 """
137 Returns the certificate data out of the certificate_file.
138@@ -29,15 +31,23 @@ def load_cert_data_from_file(certificate_file):
139
140 return cert_data
141
142+
143 def load_cert_data_from_string(certificate):
144 """
145 Returns the certificate data out of the certificate string.
146 """
147- cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate).to_cryptography()
148- cert_data = ''.join(ensure_str(cert.public_bytes(Encoding.PEM)).split('\n')[1:-2])
149+ cert = crypto.load_certificate(
150+ crypto.FILETYPE_PEM, certificate
151+ ).to_cryptography()
152+ cert_data = ''.join(
153+ ensure_str(
154+ cert.public_bytes(Encoding.PEM)
155+ ).split('\n')[1:-2]
156+ )
157
158 return cert_data
159
160+
161 def get_signature_xml(
162 subject, reference_uri, certificate=None, signing_algorithm=None):
163 """
164@@ -59,9 +69,9 @@ def get_signature_xml(
165 logging.debug('get_signature_xml - Begin.')
166 logging.debug('Using private key file: ' + private_key_file)
167 if certificate:
168- logging.debug('Using certificate data: ' + certificate)
169+ logging.debug('Using certificate data: ' + ensure_str(certificate))
170 else:
171- logging.debug('Using certificate file: ' + certificate_file)
172+ logging.debug('Using certificate file: ' + ensure_str(certificate_file))
173 logging.debug('Subject: ' + subject)
174
175 algorithms = {
176@@ -86,7 +96,7 @@ def get_signature_xml(
177
178 # Hash the subject.
179 subject_hash = hash_method()
180- subject_hash.update(b(subject))
181+ subject_hash.update(ensure_binary(subject))
182 subject_digest = nice64(subject_hash.digest())
183 logging.debug('Subject digest: ' + ensure_str(subject_digest))
184
185@@ -103,12 +113,22 @@ def get_signature_xml(
186 # RSA-sign the signed_info.
187 with open(private_key_file, "r") as prkf:
188 if algo_key == "sha1":
189- private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, prkf.read())
190+ private_key = crypto.load_privatekey(
191+ crypto.FILETYPE_PEM, prkf.read()
192+ )
193 else:
194- private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, prkf.read(), passphrase_callback)
195-
196-
197- rsa_signature = nice64(crypto.sign(private_key, signed_info, digest=algo_key))
198+ private_key = crypto.load_privatekey(
199+ crypto.FILETYPE_PEM, prkf.read(),
200+ passphrase_callback
201+ )
202+
203+ rsa_signature = nice64(
204+ crypto.sign(
205+ private_key,
206+ signed_info,
207+ digest=algo_key
208+ )
209+ )
210 logging.debug('RSA Signature: ' + ensure_str(rsa_signature))
211
212 # Load the certificate.
213@@ -117,7 +137,9 @@ def get_signature_xml(
214 else:
215 cert_data = load_cert_data_from_file(certificate_file)
216 # Put the signed_info and rsa_signature into the XML signature.
217- signed_info_short = signed_info.replace(' xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', '')
218+ signed_info_short = signed_info.replace(
219+ ' xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', ''
220+ )
221 signature_xml = string.Template(SIGNATURE).substitute({
222 'RSA_SIGNATURE': ensure_str(rsa_signature),
223 'SIGNED_INFO': signed_info_short,
224diff --git a/setup.py b/setup.py
225index c879a8c..4dc8719 100644
226--- a/setup.py
227+++ b/setup.py
228@@ -2,7 +2,7 @@ from setuptools import setup
229
230 setup(
231 name = 'saml2idp',
232- version = '1.1',
233+ version = '1.2',
234 author = 'John Samuel Anderson',
235 author_email = 'john@andersoninnovative.com',
236 description = 'SAML 2.0 IdP for Django',

Subscribers

People subscribed via source and target branches