Extend get_last_request_xml and get_last_response_xml to retrieve also Logout messages. Refactoring

Author: pitbulk

README.md

@@ -827,13 +827,13 @@ Main class of OneLogin Python Toolkit
 * ***get_last_error_reason*** Returns the reason of the last error
 * ***get_sso_url*** Gets the SSO url.
 * ***get_slo_url*** Gets the SLO url.
-* ***get_last_request_id*** The ID of the last Request SAML message generated.
+* ***get_last_request_id*** The ID of the last Request SAML message generated (AuthNRequest, LogoutRequest).
 * ***build_request_signature*** Builds the Signature of the SAML Request.
 * ***build_response_signature*** Builds the Signature of the SAML Response.
 * ***get_settings*** Returns the settings info.
 * ***set_strict*** Set the strict mode active/disable.
-* ***get_last_request_xml*** Returns the most recently-constructed XML request
-* ***get_last_response_xml*** Returns the most recently-decrypted XML response
+* ***get_last_request_xml*** Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)
+* ***get_last_response_xml*** Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML.
 
 ####OneLogin_Saml2_Auth - authn_request.py####
 

src/onelogin/saml2/auth.py

@@ -58,8 +58,8 @@ def __init__(self, request_data, old_settings=None, custom_base_path=None):
         self.__errors = []
         self.__error_reason = None
         self.__last_request_id = None
-        self.__last_request_xml = None
-        self.__last_response_xml = None
+        self.__last_request = None
+        self.__last_response = None
 
     def get_settings(self):
         """
@@ -93,7 +93,7 @@ def process_response(self, request_id=None):
         if 'post_data' in self.__request_data and 'SAMLResponse' in self.__request_data['post_data']:
             # AuthnResponse -- HTTP_POST Binding
             response = OneLogin_Saml2_Response(self.__settings, self.__request_data['post_data']['SAMLResponse'])
-            self.__last_response_xml = response.get_xml_document()
+            self.__last_response = response.get_xml_document()
             if response.is_valid(self.__request_data, request_id):
                 self.__attributes = response.get_attributes()
                 self.__nameid = response.get_nameid()
@@ -128,6 +128,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
 
         if 'get_data' in self.__request_data and 'SAMLResponse' in self.__request_data['get_data']:
             logout_response = OneLogin_Saml2_Logout_Response(self.__settings, self.__request_data['get_data']['SAMLResponse'])
+            self.__logout_response = logout_response.get_xml()
             if not logout_response.is_valid(self.__request_data, request_id):
                 self.__errors.append('invalid_logout_response')
                 self.__error_reason = logout_response.get_error()
@@ -138,6 +139,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
 
         elif 'get_data' in self.__request_data and 'SAMLRequest' in self.__request_data['get_data']:
             logout_request = OneLogin_Saml2_Logout_Request(self.__settings, self.__request_data['get_data']['SAMLRequest'])
+            self.__last_request = logout_request.get_xml()
             if not logout_request.is_valid(self.__request_data):
                 self.__errors.append('invalid_logout_request')
                 self.__error_reason = logout_request.get_error()
@@ -148,6 +150,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
                 in_response_to = logout_request.id
                 response_builder = OneLogin_Saml2_Logout_Response(self.__settings)
                 response_builder.build(in_response_to)
+                self.__logout_response = response_builder.get_xml()
                 logout_response = response_builder.get_response()
 
                 parameters = {'SAMLResponse': logout_response}
@@ -288,12 +291,11 @@ def login(self, return_to=None, force_authn=False, is_passive=False, set_nameid_
         :rtype: string
         """
         authn_request = OneLogin_Saml2_Authn_Request(self.__settings, force_authn, is_passive, set_nameid_policy)
-
+        self.__last_request = authn_request.get_xml()
         self.__last_request_id = authn_request.get_id()
-
         saml_request = authn_request.get_request()
+
         parameters = {'SAMLRequest': saml_request}
-        self.__last_request_xml = authn_request.get_request_as_xml()
         if return_to is not None:
             parameters['RelayState'] = return_to
         else:
@@ -339,9 +341,8 @@ def logout(self, return_to=None, name_id=None, session_index=None, nq=None):
             session_index=session_index,
             nq=nq
         )
-
+        self.__last_request = logout_request.get_xml()
         self.__last_request_id = logout_request.id
-
         saml_request = logout_request.get_request()
 
         parameters = {'SAMLRequest': logout_request.get_request()}
@@ -455,15 +456,21 @@ def __build_signature(self, saml_data, relay_state, saml_type, sign_algorithm=On
         signature = dsig_ctx.signBinary(str(msg), sign_algorithm_transform)
         return b64encode(signature)
 
-    def get_last_response_xml(self):
+    def get_last_response_xml(self, pretty_print_if_possible=False):
         """
-        Retrieves the decrypted XML of the last SAML response
+        Retrieves the raw XML (decrypted) of the last SAML response,
+        or the last Logout Response generated or processed
 
         :returns: SAML response XML
         :rtype: string|None
         """
-        if self.__last_response_xml:
-            return etree.tostring(self.__last_response_xml, pretty_print=True)
+        response = None
+        if self.__last_response:
+            if isinstance(self.__last_response, basestring):
+                response = self.__last_response
+            else:
+                response = etree.tostring(self.__last_response, pretty_print=pretty_print_if_possible)
+        return response
 
     def get_last_request_xml(self):
         """
@@ -472,5 +479,4 @@ def get_last_request_xml(self):
         :returns: SAML request XML
         :rtype: string|None
         """
-        if self.__last_request_xml:
-            return self.__last_request_xml
+        return self.__last_request or None

src/onelogin/saml2/authn_request.py

@@ -150,9 +150,9 @@ def get_id(self):
         """
         return self.__id
 
-    def get_request_as_xml(self):
+    def get_xml(self):
         """
-        Return the XML document that will be sent as part of the request
+        Returns the XML that will be sent as part of the request
         :return: XML request body
         :rtype: string
         """

src/onelogin/saml2/logout_request.py

@@ -130,6 +130,15 @@ def get_request(self, deflate=True):
             request = b64encode(self.__logout_request)
         return request
 
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the request
+        or that was received at the SP
+        :return: XML request body
+        :rtype: string
+        """
+        return self.__logout_request
+
     @staticmethod
     def get_id(request):
         """

src/onelogin/saml2/logout_response.py

@@ -205,6 +205,15 @@ def get_response(self, deflate=True):
             response = b64encode(self.__logout_response)
         return response
 
+    def get_xml(self):
+        """
+        Returns the XML that will be sent as part of the response
+        or that was received at the SP
+        :return: XML response body
+        :rtype: string
+        """
+        return self.__logout_response
+
     def get_error(self):
         """
         After executing a validation process, if it fails this method returns the cause

…valid_encrypted_assertion.xml.base64.xml …/decrypted_valid_encrypted_assertion.xmltests/data/responses/decrypted_valid_encrypted_assertion.xml.base64.xml renamed to tests/data/responses/decrypted_valid_encrypted_assertion.xml tests/data/responses/decrypted_valid_encrypted_assertion.xml.base64.xml renamed to tests/data/responses/decrypted_valid_encrypted_assertion.xml

@@ -916,8 +916,10 @@ def testGetLastDecryptedResponse(self):
         message_wrapper = {'post_data': {'SAMLResponse': message}}
         auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings)
         auth.process_response()
-        decrypted_response = self.file_contents(join(self.data_path, 'responses', 'pretty_decrypted_valid_encrypted_assertion.xml.base64.xml'))
-        self.assertEqual(auth.get_last_response_xml(), decrypted_response)
+        decrypted_response = self.file_contents(join(self.data_path, 'responses', 'decrypted_valid_encrypted_assertion.xml'))
+        self.assertEqual(auth.get_last_response_xml(False), decrypted_response)
+        decrypted_response = self.file_contents(join(self.data_path, 'responses', 'pretty_decrypted_valid_encrypted_assertion.xml'))
+        self.assertEqual(auth.get_last_response_xml(True), decrypted_response)
 
     def testGetLastSentRequest(self):
         settings = self.loadSettingsJSON()

…valid_encrypted_assertion.xml.base64.xml …_decrypted_valid_encrypted_assertion.xmltests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml.base64.xml renamed to tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml.base64.xml renamed to tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml

@@ -80,15 +80,15 @@ def testGetRequestXML(self):
         }
 
         authn_request = OneLogin_Saml2_Authn_Request(settings)
-        inflated = authn_request.get_request_as_xml()
+        inflated = authn_request.get_xml()
         self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest')
         self.assertNotIn('ProviderName="SP test"', inflated)
 
         saml_settings['organization'] = {}
         settings = OneLogin_Saml2_Settings(saml_settings)
 
         authn_request = OneLogin_Saml2_Authn_Request(settings)
-        inflated = authn_request.get_request_as_xml()
+        inflated = authn_request.get_xml()
         self.assertRegexpMatches(inflated, '^<samlp:AuthnRequest')
         self.assertNotIn('ProviderName="SP test"', inflated)
 

tests/src/OneLogin/saml2_tests/auth_test.py

@@ -0,0 +1,50 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2014, OneLogin, Inc.
+# All rights reserved.
+
+from base64 import b64decode
+import json
+from lxml import etree
+from os.path import dirname, join, exists
+import unittest
+from teamcity import is_running_under_teamcity
+from teamcity.unittestpy import TeamcityTestRunner
+from xml.dom.minidom import Document, parseString
+
+from onelogin.saml2.constants import OneLogin_Saml2_Constants
+from onelogin.saml2.settings import OneLogin_Saml2_Settings
+from onelogin.saml2.utils import OneLogin_Saml2_Utils
+
+
+class OneLogin_Saml2_Utils_Test(unittest.TestCase):
+    data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data')
+
+    def file_contents(self, filename):
+        f = open(filename, 'r')
+        content = f.read()
+        f.close()
+        return content
+
+
+    def testExpesify(self):
+        xml = self.file_contents(join(self.data_path, 'responses', 'expensify.xml'))
+        cert = """-----BEGIN CERTIFICATE-----
+MIIC5jCCAc6gAwIBAgIQejzcQ7LOo7NDphYfVqKB8jANBgkqhkiG9w0BAQsFADAv
+MS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmZpbmlzaG1hc3Rlci5jb20w
+HhcNMTYwMzMwMjA1NjM2WhcNMTcwMzMwMjA1NjM2WjAvMS0wKwYDVQQDEyRBREZT
+IFNpZ25pbmcgLSBhZGZzLmZpbmlzaG1hc3Rlci5jb20wggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDrnGb3jm22UR0CqYQK55vj5dVMQIitpl5jUHuFgou0
+SsFfI5VJY5KNXQXCJoduXlxl12dRUQrd0h22TCLBWoneuDcor0UV4bRl7QyQWjuX
+M6pEDG8JsNWJEmnoiKGVmnfsaVgKTFZxO+Kydk/GRJauOqAyU7igABDpazMMHjjL
+c9iZ6tHjFjtWrUay3Hu3aaZheQWgzjnENUprgnH3zm5NQT5Dbd72z5TKrb4bbv08
+oInf52dnBNiSz0wa8uZRJPJJH2rGJmWUIJqp2fnhCxysMgf+ny5IfOkpcG4Cb/fk
+d4hoSmY5Bb/dKuD9/pTpmoylcinBtb3bMGASkulyQmENAgMBAAEwDQYJKoZIhvcN
+AQELBQADggEBAEx5l+gRoxUSY1nu6O2Cmu8WpnrFlEoNsko+Z/T34NYIm/2uaX6y
+kHoDSptgplwjtjE6lE0Zygm5R59BAU3tqGG1uHu4G7w++rcE6nnYunC3tZ8iKuzb
+VmkyUFjuf0AaWo/j/pl7zDJV1NHg6zm/NrqKhx4+Sr/LpVdBMOQmU9leqKsfVtkJ
+ktTOx1ChiEqu7R0yfKuaZwSlUfgnVtVS7yvLvk0KIbxhZe9BGdtJ03+XHYE0TeVN
+SpHh6Q1mylYurMX3WLMW5cQ+AcOWiDob2FuMq6wNWoUwOCvUwTu9NFQvuyzFpUrn
+wFgrDzL8lRc9nNA/iZh+pBIu+BM3/wWZLp8=
+-----END CERTIFICATE-----"""
+        self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml, cert, debug=True))