Skip to content

Commit 5cdd5c4

Browse files
c00kiemon5terc00kiemon5ter
committed
Formatting
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
1 parent 0e51270 commit 5cdd5c4

File tree

6 files changed

+207
-108
lines changed

6 files changed

+207
-108
lines changed

src/saml2/client.py

Lines changed: 79 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,18 @@ class Saml2Client(Base):
4040
""" The basic pySAML2 service provider class """
4141

4242
def prepare_for_authenticate(
43-
self, entityid=None, relay_state="",
44-
binding=saml2.BINDING_HTTP_REDIRECT, vorg="", nameid_format=None,
45-
scoping=None, consent=None, extensions=None, sign=None,
46-
response_binding=saml2.BINDING_HTTP_POST, **kwargs):
43+
self,
44+
entityid=None,
45+
relay_state="",
46+
binding=saml2.BINDING_HTTP_REDIRECT,
47+
vorg="",
48+
nameid_format=None,
49+
scoping=None,
50+
consent=None, extensions=None,
51+
sign=None,
52+
response_binding=saml2.BINDING_HTTP_POST,
53+
**kwargs,
54+
):
4755
""" Makes all necessary preparations for an authentication request.
4856
4957
:param entityid: The entity ID of the IdP to send the request to
@@ -61,19 +69,19 @@ def prepare_for_authenticate(
6169
:return: session id and AuthnRequest info
6270
"""
6371

64-
reqid, negotiated_binding, info = \
65-
self.prepare_for_negotiated_authenticate(
66-
entityid=entityid,
67-
relay_state=relay_state,
68-
binding=binding,
69-
vorg=vorg,
70-
nameid_format=nameid_format,
71-
scoping=scoping,
72-
consent=consent,
73-
extensions=extensions,
74-
sign=sign,
75-
response_binding=response_binding,
76-
**kwargs)
72+
reqid, negotiated_binding, info = self.prepare_for_negotiated_authenticate(
73+
entityid=entityid,
74+
relay_state=relay_state,
75+
binding=binding,
76+
vorg=vorg,
77+
nameid_format=nameid_format,
78+
scoping=scoping,
79+
consent=consent,
80+
extensions=extensions,
81+
sign=sign,
82+
response_binding=response_binding,
83+
**kwargs,
84+
)
7785

7886
if negotiated_binding != binding:
7987
raise ValueError(
@@ -85,9 +93,19 @@ def prepare_for_authenticate(
8593
return reqid, info
8694

8795
def prepare_for_negotiated_authenticate(
88-
self, entityid=None, relay_state="", binding=None, vorg="",
89-
nameid_format=None, scoping=None, consent=None, extensions=None,
90-
sign=None, response_binding=saml2.BINDING_HTTP_POST, **kwargs):
96+
self,
97+
entityid=None,
98+
relay_state="",
99+
binding=None,
100+
vorg="",
101+
nameid_format=None,
102+
scoping=None,
103+
consent=None,
104+
extensions=None,
105+
sign=None,
106+
response_binding=saml2.BINDING_HTTP_POST,
107+
**kwargs,
108+
):
91109
""" Makes all necessary preparations for an authentication request
92110
that negotiates which binding to use for authentication.
93111
@@ -116,26 +134,37 @@ def prepare_for_negotiated_authenticate(
116134
logger.info("destination to provider: %s", destination)
117135

118136
reqid, request = self.create_authn_request(
119-
destination, vorg, scoping, response_binding, nameid_format,
120-
consent=consent, extensions=extensions, sign=sign,
121-
**kwargs)
137+
destination,
138+
vorg,
139+
scoping,
140+
response_binding,
141+
nameid_format,
142+
consent=consent,
143+
extensions=extensions,
144+
sign=sign,
145+
**kwargs,
146+
)
122147

123148
_req_str = str(request)
124-
125149
logger.info("AuthNReq: %s", _req_str)
126150

127151
try:
128152
args = {'sigalg': kwargs["sigalg"]}
129153
except KeyError:
130154
args = {}
131155

132-
http_info = self.apply_binding(binding, _req_str, destination,
133-
relay_state, sign=sign, **args)
156+
http_info = self.apply_binding(
157+
binding,
158+
_req_str,
159+
destination,
160+
relay_state,
161+
sign=sign,
162+
**args,
163+
)
134164

135165
return reqid, binding, http_info
136166
else:
137-
raise SignOnError(
138-
"No supported bindings available for authentication")
167+
raise SignOnError("No supported bindings available for authentication")
139168

140169
def global_logout(self, name_id, reason="", expire=None, sign=None,
141170
sign_alg=None, digest_alg=None):
@@ -232,43 +261,47 @@ def do_logout(self, name_id, entity_ids, reason, expire, sign=None,
232261
sigalg = None
233262
if sign:
234263
if binding == BINDING_HTTP_REDIRECT:
235-
sigalg = kwargs.get(
236-
"sigalg", ds.DefaultSignature().get_sign_alg())
264+
sigalg = kwargs.get("sigalg", ds.DefaultSignature().get_sign_alg())
237265
# key = kwargs.get("key", self.signkey)
238266
srequest = str(request)
239267
else:
240-
srequest = self.sign(request, sign_alg=sign_alg,
241-
digest_alg=digest_alg)
268+
srequest = self.sign(
269+
request, sign_alg=sign_alg, digest_alg=digest_alg
270+
)
242271
else:
243272
srequest = str(request)
244273

245274
relay_state = self._relay_state(req_id)
246275

247-
http_info = self.apply_binding(binding, srequest, destination,
248-
relay_state, sign=sign, sigalg=sigalg)
276+
http_info = self.apply_binding(
277+
binding,
278+
srequest,
279+
destination,
280+
relay_state,
281+
sign=sign,
282+
sigalg=sigalg,
283+
)
249284

250285
if binding == BINDING_SOAP:
251286
response = self.send(**http_info)
252-
253287
if response and response.status_code == 200:
254288
not_done.remove(entity_id)
255289
response = response.text
256290
logger.info("Response: %s", response)
257-
res = self.parse_logout_request_response(response,
258-
binding)
291+
res = self.parse_logout_request_response(response, binding)
259292
responses[entity_id] = res
260293
else:
261294
logger.info("NOT OK response from %s", destination)
262-
263295
else:
264-
self.state[req_id] = {"entity_id": entity_id,
265-
"operation": "SLO",
266-
"entity_ids": entity_ids,
267-
"name_id": code(name_id),
268-
"reason": reason,
269-
"not_on_or_after": expire,
270-
"sign": sign}
271-
296+
self.state[req_id] = {
297+
"entity_id": entity_id,
298+
"operation": "SLO",
299+
"entity_ids": entity_ids,
300+
"name_id": code(name_id),
301+
"reason": reason,
302+
"not_on_or_after": expire,
303+
"sign": sign,
304+
}
272305
responses[entity_id] = (binding, http_info)
273306
not_done.remove(entity_id)
274307

src/saml2/client_base.py

Lines changed: 30 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -281,13 +281,25 @@ def service_urls(self, binding=BINDING_HTTP_POST):
281281
else:
282282
return None
283283

284-
def create_authn_request(self, destination, vorg="", scoping=None,
285-
binding=saml2.BINDING_HTTP_POST,
286-
nameid_format=None,
287-
service_url_binding=None, message_id=0,
288-
consent=None, extensions=None, sign=None,
289-
allow_create=None, sign_prepare=False, sign_alg=None,
290-
digest_alg=None, requested_attributes=None, **kwargs):
284+
def create_authn_request(
285+
self,
286+
destination,
287+
vorg="",
288+
scoping=None,
289+
binding=BINDING_HTTP_POST,
290+
nameid_format=None,
291+
service_url_binding=None,
292+
message_id=0,
293+
consent=None,
294+
extensions=None,
295+
sign=None,
296+
sign_prepare=False,
297+
sign_alg=None,
298+
digest_alg=None,
299+
allow_create=None,
300+
requested_attributes=None,
301+
**kwargs,
302+
):
291303
""" Creates an authentication request.
292304
293305
:param destination: Where the request should be sent.
@@ -302,6 +314,8 @@ def create_authn_request(self, destination, vorg="", scoping=None,
302314
:param extensions: Possible extensions
303315
:param sign: Whether the request should be signed or not.
304316
:param sign_prepare: Whether the signature should be prepared or not.
317+
:param sign_alg: The request signature algorithm
318+
:param digest_alg: The request digest algorithm
305319
:param allow_create: If the identity provider is allowed, in the course
306320
of fulfilling the request, to create a new identifier to represent
307321
the principal.
@@ -445,11 +459,11 @@ def create_authn_request(self, destination, vorg="", scoping=None,
445459
extensions,
446460
sign,
447461
sign_prepare,
462+
sign_alg=sign_alg,
463+
digest_alg=digest_alg,
448464
protocol_binding=binding,
449465
scoping=scoping,
450466
nsprefix=nsprefix,
451-
sign_alg=sign_alg,
452-
digest_alg=digest_alg,
453467
**args,
454468
)
455469
else:
@@ -461,11 +475,11 @@ def create_authn_request(self, destination, vorg="", scoping=None,
461475
extensions,
462476
sign,
463477
sign_prepare,
478+
sign_alg=sign_alg,
479+
digest_alg=digest_alg,
464480
protocol_binding=binding,
465481
scoping=scoping,
466482
nsprefix=nsprefix,
467-
sign_alg=sign_alg,
468-
digest_alg=digest_alg,
469483
**args,
470484
)
471485

@@ -843,10 +857,12 @@ def create_ecp_authn_request(self, entityid=None, relay_state="",
843857

844858
# The IDP publishes support for ECP by using the SOAP binding on
845859
# SingleSignOnService
846-
_, location = self.pick_binding("single_sign_on_service",
847-
[_binding], entity_id=entityid)
860+
_, location = self.pick_binding(
861+
"single_sign_on_service", [_binding], entity_id=entityid
862+
)
848863
req_id, authn_req = self.create_authn_request(
849-
location, service_url_binding=BINDING_PAOS, **kwargs)
864+
location, service_url_binding=BINDING_PAOS, **kwargs
865+
)
850866

851867
# ----------------------------------------
852868
# The SOAP envelope

0 commit comments

Comments
 (0)