Skip to content

Commit 06e15d3

Browse files
committed
Adapt code to work with py2.7 as well. Follow same pattern on response, logoutrequest and logoutresponse destination check
1 parent b2345fd commit 06e15d3

File tree

4 files changed

+22
-23
lines changed

4 files changed

+22
-23
lines changed

src/onelogin/saml2/logout_request.py

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -311,19 +311,18 @@ def is_valid(self, request_data, raise_exceptions=False):
311311
)
312312

313313
# Check destination
314-
if root.get('Destination', None):
315-
destination = root.get('Destination')
316-
if destination != '':
317-
if OneLogin_Saml2_Utils.normalize_url(current_url) not in OneLogin_Saml2_Utils.normalize_url(destination):
318-
raise OneLogin_Saml2_ValidationError(
319-
'The LogoutRequest was received at '
320-
'%(currentURL)s instead of %(destination)s' %
321-
{
322-
'currentURL': current_url,
323-
'destination': destination,
324-
},
325-
OneLogin_Saml2_ValidationError.WRONG_DESTINATION
326-
)
314+
destination = root.get('Destination', None)
315+
if destination:
316+
if not OneLogin_Saml2_Utils.normalize_url(url=destination).startswith(OneLogin_Saml2_Utils.normalize_url(url=current_url)):
317+
raise OneLogin_Saml2_ValidationError(
318+
'The LogoutRequest was received at '
319+
'%(currentURL)s instead of %(destination)s' %
320+
{
321+
'currentURL': current_url,
322+
'destination': destination,
323+
},
324+
OneLogin_Saml2_ValidationError.WRONG_DESTINATION
325+
)
327326

328327
# Check issuer
329328
issuer = OneLogin_Saml2_Logout_Request.get_issuer(root)

src/onelogin/saml2/logout_response.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -118,11 +118,12 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
118118

119119
# Check destination
120120
destination = self.document.get('Destination', None)
121-
if destination and OneLogin_Saml2_Utils.normalize_url(url=current_url) not in OneLogin_Saml2_Utils.normalize_url(url=destination):
122-
raise OneLogin_Saml2_ValidationError(
123-
'The LogoutResponse was received at %s instead of %s' % (current_url, destination),
124-
OneLogin_Saml2_ValidationError.WRONG_DESTINATION
125-
)
121+
if destination:
122+
if not OneLogin_Saml2_Utils.normalize_url(url=destination).startswith(OneLogin_Saml2_Utils.normalize_url(url=current_url)):
123+
raise OneLogin_Saml2_ValidationError(
124+
'The LogoutResponse was received at %s instead of %s' % (current_url, destination),
125+
OneLogin_Saml2_ValidationError.WRONG_DESTINATION
126+
)
126127

127128
if security['wantMessagesSigned']:
128129
if 'Signature' not in get_data:

src/onelogin/saml2/response.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
"""
1111

1212
from copy import deepcopy
13-
from urllib.parse import urlsplit, urlunsplit
1413
from onelogin.saml2.constants import OneLogin_Saml2_Constants
1514
from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_Error, OneLogin_Saml2_ValidationError, return_false_on_exception
1615
from onelogin.saml2.xml_utils import OneLogin_Saml2_XML

src/onelogin/saml2/utils.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@
2020
from functools import wraps
2121
from uuid import uuid4
2222
from xml.dom.minidom import Element
23-
from urllib.parse import urlsplit, urlunsplit
2423
import zlib
2524
import xmlsec
2625

@@ -31,8 +30,9 @@
3130

3231

3332
try:
34-
from urllib.parse import quote_plus # py3
33+
from urllib.parse import quote_plus, urlsplit, urlunsplit # py3
3534
except ImportError:
35+
from urlparse import urlsplit, urlunsplit
3636
from urllib import quote_plus # py2
3737

3838

@@ -1078,8 +1078,8 @@ def normalize_url(url):
10781078
:rtype: String
10791079
"""
10801080
try:
1081-
scheme, netloc, *rest = urlsplit(url)
1082-
normalized_url = urlunsplit((scheme.lower(), netloc.lower(), *rest))
1081+
scheme, netloc, path, query, fragment = urlsplit(url)
1082+
normalized_url = urlunsplit((scheme.lower(), netloc.lower(), path, query, fragment))
10831083
return normalized_url
10841084
except Exception:
10851085
return url

0 commit comments

Comments
 (0)