Add organization and contact person validations

ioparaskev · ioparaskev · commit c8c7864e4a9a · 2020-02-11T12:30:02.000+02:00
- Adds validation for organization info (name or display name or url)
  and triggers a warning if none is present
- Adds support and technical contact person validation (both should
  exist and have an email address) and triggers a warning if not both
are present
- Adds `not_empty` function to do a shallow truthiness check (aka nested
  values like [{}] will be considered not empty)
- Adds test for the above scenarios
diff --git a/src/saml2/config.py b/src/saml2/config.py
@@ -24,6 +24,7 @@
 from saml2.mdstore import MetadataStore
 from saml2.saml import NAME_FORMAT_URI
 from saml2.virtual_org import VirtualOrg
+from saml2.utility import not_empty
 from saml2.utility.config import ConfigValidationError
 
 logger = logging.getLogger(__name__)
@@ -610,6 +611,15 @@ def validate_application_identifier_format(application_identifier):
         return re.search(r"([a-zA-Z0-9])+:([a-zA-Z0-9():_\-])+:([0-9])+"
                          r"(\.([0-9])+){1,2}", application_identifier)
 
+    @staticmethod
+    def get_type_contact_person(contacts, ctype):
+        return [contact for contact in contacts
+                if contact.get("contact_type") == ctype]
+
+    @staticmethod
+    def contact_has_email_address(contact):
+        return not_empty(contact.get("email_address"))
+
 
 class eIDASSPConfig(SPConfig, eIDASConfig):
     def get_endpoint_element(self, element):
@@ -633,9 +643,21 @@ def validate(self):
             "manage_name_id_service SHOULD NOT be declared":
                 self.get_endpoint_element("manage_name_id_service") is None,
             "application_identifier SHOULD be declared":
-                self.get_application_identifier() is not None,
+                not_empty(self.get_application_identifier()),
             "protocol_version SHOULD be declared":
-                self.get_protocol_version() is not None,
+                not_empty(self.get_protocol_version()),
+            "minimal organization info (name/dname/url) SHOULD be declared":
+                not_empty(self.organization),
+            "contact_person with contact_type 'technical' and at least one "
+            "email_address SHOULD be declared":
+                any(filter(self.contact_has_email_address,
+                           self.get_type_contact_person(self.contact_person,
+                                                        ctype="technical"))),
+            "contact_person with contact_type 'support' and at least one "
+            "email_address SHOULD be declared":
+                any(filter(self.contact_has_email_address,
+                           self.get_type_contact_person(self.contact_person,
+                                                        ctype="support")))
         }
 
         if not all(warning_validators.values()):
diff --git a/src/saml2/utility/__init__.py b/src/saml2/utility/__init__.py
@@ -8,3 +8,12 @@ def make_type(mtype, *args):
 
 def make_list(*args):
     return make_type(list, *args)
+
+
+def not_empty(element):
+    if isinstance(element, bool):
+        return True
+
+    if element:
+        return True
+    return False
diff --git a/tests/eidas/sp_conf.py b/tests/eidas/sp_conf.py
@@ -61,14 +61,22 @@
         "display_name": ("AB Exempel", "se"),
         "url": "http://www.example.org",
     },
-    "contact_person": [{
-        "given_name": "Roland",
-        "sur_name": "Hedberg",
-        "telephone_number": "+46 70 100 0000",
-        "email_address": ["tech@eample.com",
-                          "tech@example.org"],
-        "contact_type": "technical"
-    },
+    "contact_person": [
+        {
+            "given_name": "Roland",
+            "sur_name": "Hedberg",
+            "telephone_number": "+46 70 100 0000",
+            "email_address": ["tech@eample.com",
+                              "tech@example.org"],
+            "contact_type": "technical"
+        },
+        {
+            "given_name": "Roland",
+            "sur_name": "Hedberg",
+            "telephone_number": "+46 70 100 0000",
+            "email_address": ["tech@eample.com",
+                              "tech@example.org"],
+            "contact_type": "support"}
     ],
     "logger": {
         "rotating": {
diff --git a/tests/eidas/test_sp.py b/tests/eidas/test_sp.py
@@ -111,6 +111,20 @@ def test_protocol_version_in_metadata(self, config):
 
 
 class TestSPConfig:
+    @pytest.fixture(scope="function")
+    def technical_contacts(self, config):
+        return [
+            x for x in config["contact_person"]
+            if x["contact_type"] == "technical"
+        ]
+
+    @pytest.fixture(scope="function")
+    def support_contacts(self, config):
+        return [
+            x for x in config["contact_person"]
+            if x["contact_type"] == "support"
+        ]
+
     @pytest.fixture(scope="function")
     def raise_error_on_warning(self, monkeypatch):
         def r(*args, **kwargs):
@@ -182,6 +196,15 @@ def test_no_application_identifier_warning(self, config, raise_error_on_warning)
         with pytest.raises(ConfigValidationError):
             conf.validate()
 
+    def test_empty_application_identifier_warning(self, config, raise_error_on_warning):
+        config["service"]["sp"]["application_identifier"] = ""
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
     def test_application_identifier_wrong_format(self, config):
         config["service"]["sp"]["application_identifier"] = "TEST:Node.1"
 
@@ -191,7 +214,7 @@ def test_application_identifier_wrong_format(self, config):
         with pytest.raises(ConfigValidationError):
             conf.validate()
 
-    def test_application_identifier_ok_format(self, config):
+    def test_application_identifier_ok_format(self, config, raise_error_on_warning):
         conf = eIDASSPConfig()
         conf.load(config)
         conf.validate()
@@ -204,3 +227,112 @@ def test_no_protocol_version_warning(self, config, raise_error_on_warning):
 
         with pytest.raises(ConfigValidationError):
             conf.validate()
+
+    def test_empty_protocol_version_warning(self, config, raise_error_on_warning):
+        config["service"]["sp"]["protocol_version"] = ""
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_no_organization_info_warning(self, config, raise_error_on_warning):
+        del config["organization"]
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_empty_organization_info_warning(self, config, raise_error_on_warning):
+        config["organization"] = {}
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_no_technical_contact_person(self,
+                                         config,
+                                         technical_contacts,
+                                         raise_error_on_warning):
+        for contact in technical_contacts:
+            contact["contact_type"] = "other"
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_technical_contact_person_no_email(self,
+                                               config,
+                                               technical_contacts,
+                                               raise_error_on_warning):
+
+        for contact in technical_contacts:
+            del contact["email_address"]
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_technical_contact_person_empty_email(self,
+                                                  config,
+                                                  technical_contacts,
+                                                  raise_error_on_warning):
+
+        for contact in technical_contacts:
+            del contact["email_address"]
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_no_support_contact_person(self,
+                                       config,
+                                       support_contacts,
+                                       raise_error_on_warning):
+        for contact in support_contacts:
+            contact["contact_type"] = "other"
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_support_contact_person_no_email(self,
+                                             config,
+                                             support_contacts,
+                                             raise_error_on_warning):
+
+        for contact in support_contacts:
+            del contact["email_address"]
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
+
+    def test_support_contact_person_empty_email(self,
+                                                config,
+                                                support_contacts,
+                                                raise_error_on_warning):
+
+        for contact in support_contacts:
+            del contact["email_address"]
+
+        conf = eIDASSPConfig()
+        conf.load(config)
+
+        with pytest.raises(ConfigValidationError):
+            conf.validate()
