Add eIDAS SP config sp_type validation

ioparaskev · ioparaskev · commit ff8eba76750f · 2020-02-11T12:30:02.000+02:00
- Adds validation check for eIDAS SP to verify that sp_type has been set
  (MUST be set) and that it is set to a valid value (private/public) as
stated in eIDAS SAML Message Format v.1.2 spec
- Adds tests for the aforementioned checks
diff --git a/src/saml2/config.py b/src/saml2/config.py
@@ -682,7 +682,9 @@ def validate(self):
             "metadata":
                 parse.urlparse(self.entityid).scheme == "https",
             "authn_requests_signed MUST be set to True":
-                getattr(self, "_sp_authn_requests_signed", None) is True
+                getattr(self, "_sp_authn_requests_signed", None) is True,
+            "sp_type MUST be set to 'public' or 'private'":
+                getattr(self, "_sp_sp_type", None) in ("public", "private")
         }
 
         if not all(error_validators.values()):
diff --git a/tests/eidas/test_sp.py b/tests/eidas/test_sp.py
@@ -283,3 +283,13 @@ def test_authn_requests_signed_unassigned(self, config):
 
         self.assert_validation_error(config)
 
+    def test_sp_type_undeclared(self, config):
+        del config["service"]["sp"]["sp_type"]
+
+        self.assert_validation_error(config)
+
+    def test_sp_type_invalid_value(self, config):
+        config["service"]["sp"]["sp_type"] = "test value"
+
+        self.assert_validation_error(config)
+
