Merge remote-tracking branch 'origin/rh_wkis3' into rh_wkis3

Author: rhoerbe

tests/satosa/backends/test_bitbucket.py

@@ -78,7 +78,7 @@ def create_backend(self):
                                            BB_CONFIG, "base_url", "bitbucket")
 
     @pytest.fixture
-    def incoming_authn_response(self, context):
+    def incoming_authn_response(self, context, **kwargs):
         context.path = 'bitbucket/sso/redirect'
         state_data = dict(state=mock_get_state.return_value)
         context.state[self.bb_backend.name] = state_data
@@ -127,15 +127,16 @@ def test_register_endpoints(self):
         expected_url_map = [('^bitbucket$', self.bb_backend._authn_response)]
         assert url_map == expected_url_map
 
-    def test_start_auth(self, context):
+    def test_start_auth(self, context, **kwargs):
         context.path = 'bitbucket/sso/redirect'
         internal_request = InternalData(
             subject_type=NAMEID_FORMAT_TRANSIENT, requester='test_requester'
         )
 
         resp = self.bb_backend.start_auth(context,
                                           internal_request,
-                                          mock_get_state)
+                                          mock_get_state,
+                                          **kwargs)
         login_url = resp.message
         assert login_url.startswith(
                 BB_CONFIG["server_info"]["authorization_endpoint"])
@@ -165,7 +166,7 @@ def test_authn_response(self, incoming_authn_response):
         self.assert_token_request(**mock_do_access_token_request.call_args[1])
 
     @responses.activate
-    def test_entire_flow(self, context):
+    def test_entire_flow(self, context, **kwargs):
         """
         Tests start of authentication (incoming auth req) and receiving auth
         response.

tests/satosa/backends/test_oauth.py

@@ -68,7 +68,7 @@ def create_backend(self):
         self.fb_backend = FacebookBackend(Mock(), INTERNAL_ATTRIBUTES, FB_CONFIG, "base_url", "facebook")
 
     @pytest.fixture
-    def incoming_authn_response(self, context):
+    def incoming_authn_response(self, context, **kwargs):
         context.path = 'facebook/sso/redirect'
         state_data = dict(state=mock_get_state.return_value)
         context.state[self.fb_backend.name] = state_data
@@ -110,7 +110,7 @@ def test_register_endpoints(self):
         expected_url_map = [('^facebook$', self.fb_backend._authn_response)]
         assert url_map == expected_url_map
 
-    def test_start_auth(self, context):
+    def test_start_auth(self, context, **kwargs):
         context.path = 'facebook/sso/redirect'
         internal_request = InternalData(
             subject_type=NAMEID_FORMAT_TRANSIENT, requester='test_requester'
@@ -142,7 +142,7 @@ def test_authn_response(self, incoming_authn_response):
         self.assert_token_request(**mock_do_access_token_request.call_args[1])
 
     @responses.activate
-    def test_entire_flow(self, context):
+    def test_entire_flow(self, context, **kwargs):
         """Tests start of authentication (incoming auth req) and receiving auth response."""
         responses.add(responses.POST,
                       "https://graph.facebook.com/v2.5/oauth/access_token",

tests/satosa/backends/test_openid_connect.py

@@ -129,7 +129,7 @@ def get_redirect_uri_path(self, backend_config):
         return urlparse(backend_config["client"]["client_metadata"]["redirect_uris"][0]).path.lstrip("/")
 
     @pytest.fixture
-    def incoming_authn_response(self, context, backend_config):
+    def incoming_authn_response(self, context, backend_config, **kwargs):
         oidc_state = "my state"
         context.path = self.get_redirect_uri_path(backend_config)
         context.request = {
@@ -170,7 +170,7 @@ def test_response_endpoint(self, backend_config, internal_attributes, userinfo,
         assert isinstance(args[1], InternalData)
         self.assert_expected_attributes(internal_attributes, userinfo, args[1].attributes)
 
-    def test_start_auth_redirects_to_provider_authorization_endpoint(self, context, backend_config):
+    def test_start_auth_redirects_to_provider_authorization_endpoint(self, context, backend_config, **kwargs):
         auth_response = self.oidc_backend.start_auth(context, None)
         assert isinstance(auth_response, Response)
 
@@ -186,7 +186,7 @@ def test_start_auth_redirects_to_provider_authorization_endpoint(self, context,
         assert "nonce" in auth_params
 
     @responses.activate
-    def test_entire_flow(self, context, backend_config, internal_attributes, userinfo):
+    def test_entire_flow(self, context, backend_config, internal_attributes, userinfo, **kwargs):
         self.setup_userinfo_endpoint(backend_config["provider_metadata"]["userinfo_endpoint"], userinfo)
         auth_response = self.oidc_backend.start_auth(context, None)
         auth_params = dict(parse_qsl(urlparse(auth_response.message).query))

tests/satosa/backends/test_orcid.py

@@ -145,7 +145,7 @@ def setup_userinfo_endpoint(self, userinfo_endpoint_url, userinfo):
         )
 
     @pytest.fixture
-    def incoming_authn_response(self, context, backend_config):
+    def incoming_authn_response(self, context, backend_config, **kwargs):
         context.path = backend_config["authz_page"]
         state_data = dict(state=mock_get_state.return_value)
         context.state[self.orcid_backend.name] = state_data
@@ -156,7 +156,7 @@ def incoming_authn_response(self, context, backend_config):
 
         return context
 
-    def test_start_auth(self, context, backend_config):
+    def test_start_auth(self, context, backend_config, **kwargs):
         auth_response = self.orcid_backend.start_auth(
             context, None, mock_get_state)
         assert isinstance(auth_response, Response)
@@ -191,7 +191,7 @@ def test_authn_response(self, backend_config, userinfo, incoming_authn_response)
         self.assert_expected_attributes(userinfo, args[1].attributes)
 
     @responses.activate
-    def test_user_information(self, context, backend_config, userinfo):
+    def test_user_information(self, context, backend_config, userinfo, **kwargs):
         self.setup_userinfo_endpoint(
             backend_config["server_info"]["user_info"],
             userinfo
@@ -212,7 +212,7 @@ def test_user_information(self, context, backend_config, userinfo):
         assert user_attributes["surname"] == ORCID_PERSON_FAMILY_NAME
 
     @responses.activate
-    def test_user_information_private(self, context, backend_config, userinfo_private):
+    def test_user_information_private(self, context, backend_config, userinfo_private, **kwargs):
         self.setup_userinfo_endpoint(
             backend_config["server_info"]["user_info"],
             userinfo_private

tests/satosa/backends/test_saml2.py

@@ -103,19 +103,19 @@ def get_path_from_url(url):
         for endp in all_sp_endpoints:
             assert any(p.match(endp) for p in compiled_regex)
 
-    def test_start_auth_defaults_to_redirecting_to_discovery_server(self, context, sp_conf):
+    def test_start_auth_defaults_to_redirecting_to_discovery_server(self, context, sp_conf, **kwargs):
         resp = self.samlbackend.start_auth(context, InternalData())
         assert_redirect_to_discovery_server(resp, sp_conf, DISCOSRV_URL)
 
-    def test_discovery_server_set_in_context(self, context, sp_conf):
+    def test_discovery_server_set_in_context(self, context, sp_conf, **kwargs):
         discosrv_url = 'https://my.org/saml_discovery_service'
         context.decorate(
             SAMLBackend.KEY_SAML_DISCOVERY_SERVICE_URL, discosrv_url
         )
         resp = self.samlbackend.start_auth(context, InternalData())
         assert_redirect_to_discovery_server(resp, sp_conf, discosrv_url)
 
-    def test_full_flow(self, context, idp_conf, sp_conf):
+    def test_full_flow(self, context, idp_conf, sp_conf, **kwargs):
         test_state_key = "test_state_key_456afgrh"
         response_binding = BINDING_HTTP_REDIRECT
         fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
@@ -165,21 +165,21 @@ def test_start_auth_redirects_directly_to_mirrored_idp(
         resp = self.samlbackend.start_auth(context, InternalData())
         assert_redirect_to_idp(resp, idp_conf)
 
-    def test_redirect_to_idp_if_only_one_idp_in_metadata(self, context, sp_conf, idp_conf):
+    def test_redirect_to_idp_if_only_one_idp_in_metadata(self, context, sp_conf, idp_conf, **kwargs):
         sp_conf["metadata"]["inline"] = [create_metadata_from_config_dict(idp_conf)]
         # instantiate new backend, without any discovery service configured
         samlbackend = SAMLBackend(None, INTERNAL_ATTRIBUTES, {"sp_config": sp_conf}, "base_url", "saml_backend")
 
         resp = samlbackend.start_auth(context, InternalData())
         assert_redirect_to_idp(resp, idp_conf)
 
-    def test_authn_request(self, context, idp_conf):
+    def test_authn_request(self, context, idp_conf, **kwargs):
         resp = self.samlbackend.authn_request(context, idp_conf["entityid"])
         assert_redirect_to_idp(resp, idp_conf)
         req_params = dict(parse_qsl(urlparse(resp.message).query))
         assert context.state[self.samlbackend.name]["relay_state"] == req_params["RelayState"]
 
-    def test_authn_response(self, context, idp_conf, sp_conf):
+    def test_authn_response(self, context, idp_conf, sp_conf, **kwargs):
         response_binding = BINDING_HTTP_REDIRECT
         fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
         fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
@@ -199,7 +199,7 @@ def test_authn_response(self, context, idp_conf, sp_conf):
     @pytest.mark.skipif(
             saml2.__version__ < '4.6.1',
             reason="Optional NameID needs pysaml2 v4.6.1 or higher")
-    def test_authn_response_no_name_id(self, context, idp_conf, sp_conf):
+    def test_authn_response_no_name_id(self, context, idp_conf, sp_conf, **kwargs):
         response_binding = BINDING_HTTP_REDIRECT
 
         fakesp_conf = SPConfig().load(sp_conf, metadata_construction=False)
@@ -232,7 +232,7 @@ def test_authn_response_no_name_id(self, context, idp_conf, sp_conf):
         assert_authn_response(internal_resp)
         assert backend.name not in context.state
 
-    def test_authn_response_with_encrypted_assertion(self, sp_conf, context):
+    def test_authn_response_with_encrypted_assertion(self, sp_conf, context, **kwargs):
         with open(os.path.join(
             TEST_RESOURCE_BASE_PATH,
             "idp_metadata_for_encrypted_signed_auth_response.xml"
@@ -277,28 +277,28 @@ def test_authn_response_with_encrypted_assertion(self, sp_conf, context):
         context, internal_resp = samlbackend.auth_callback_func.call_args[0]
         assert Counter(internal_resp.attributes.keys()) == Counter({"mail", "givenname", "displayname", "surname"})
 
-    def test_backend_reads_encryption_key_from_key_file(self, sp_conf):
+    def test_backend_reads_encryption_key_from_key_file(self, sp_conf, **kwargs):
         sp_conf["key_file"] = os.path.join(TEST_RESOURCE_BASE_PATH, "encryption_key.pem")
         samlbackend = SAMLBackend(Mock(), INTERNAL_ATTRIBUTES, {"sp_config": sp_conf,
                                                                 "disco_srv": DISCOSRV_URL},
                                   "base_url", "samlbackend")
         assert samlbackend.encryption_keys
 
-    def test_backend_reads_encryption_key_from_encryption_keypair(self, sp_conf):
+    def test_backend_reads_encryption_key_from_encryption_keypair(self, sp_conf, **kwargs):
         del sp_conf["key_file"]
         sp_conf["encryption_keypairs"] = [{"key_file": os.path.join(TEST_RESOURCE_BASE_PATH, "encryption_key.pem")}]
         samlbackend = SAMLBackend(Mock(), INTERNAL_ATTRIBUTES, {"sp_config": sp_conf,
                                                                 "disco_srv": DISCOSRV_URL},
                                   "base_url", "samlbackend")
         assert samlbackend.encryption_keys
 
-    def test_metadata_endpoint(self, context, sp_conf):
+    def test_metadata_endpoint(self, context, sp_conf, **kwargs):
         resp = self.samlbackend._metadata_endpoint(context)
         headers = dict(resp.headers)
         assert headers["Content-Type"] == "text/xml"
         assert sp_conf["entityid"] in resp.message
 
-    def test_get_metadata_desc(self, sp_conf, idp_conf):
+    def test_get_metadata_desc(self, sp_conf, idp_conf, **kwargs):
         sp_conf["metadata"]["inline"] = [create_metadata_from_config_dict(idp_conf)]
         # instantiate new backend, with a single backing IdP
         samlbackend = SAMLBackend(None, INTERNAL_ATTRIBUTES, {"sp_config": sp_conf}, "base_url", "saml_backend")
@@ -321,7 +321,7 @@ def test_get_metadata_desc(self, sp_conf, idp_conf):
         assert ui_info["description"] == expected_ui_info["description"]
         assert ui_info["logo"] == expected_ui_info["logo"]
 
-    def test_get_metadata_desc_with_logo_without_lang(self, sp_conf, idp_conf):
+    def test_get_metadata_desc_with_logo_without_lang(self, sp_conf, idp_conf, **kwargs):
         # add logo without 'lang'
         idp_conf["service"]["idp"]["ui_info"]["logo"] = [{"text": "https://idp.example.com/static/logo.png",
                                                           "width": "120", "height": "60"}]
@@ -351,8 +351,7 @@ def test_get_metadata_desc_with_logo_without_lang(self, sp_conf, idp_conf):
 
 class TestSAMLBackendRedirects:
     def test_default_redirect_to_discovery_service_if_using_mdq(
-        self, context, sp_conf, idp_conf
-    ):
+            self, context, sp_conf, idp_conf, **kwargs):
         # one IdP in the metadata, but MDQ also configured so should always redirect to the discovery service
         sp_conf["metadata"]["inline"] = [create_metadata_from_config_dict(idp_conf)]
         sp_conf["metadata"]["mdq"] = ["https://mdq.example.com"]
@@ -362,8 +361,7 @@ def test_default_redirect_to_discovery_service_if_using_mdq(
         assert_redirect_to_discovery_server(resp, sp_conf, DISCOSRV_URL)
 
     def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_not_set(
-        self, context, sp_conf, idp_conf
-    ):
+            self, context, sp_conf, idp_conf, **kwargs):
         sp_conf["metadata"]["inline"] = [create_metadata_from_config_dict(idp_conf)]
         sp_conf["metadata"]["mdq"] = ["https://mdq.example.com"]
 
@@ -402,8 +400,7 @@ def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_not_se
         assert_redirect_to_discovery_server(resp, sp_conf, DISCOSRV_URL)
 
     def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_set_true(
-        self, context, sp_conf, idp_conf
-    ):
+            self, context, sp_conf, idp_conf, **kwargs):
         sp_conf["metadata"]["inline"] = [create_metadata_from_config_dict(idp_conf)]
         sp_conf["metadata"]["mdq"] = ["https://mdq.example.com"]
 
@@ -430,8 +427,7 @@ def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_set_tr
         assert_redirect_to_idp(resp, idp_conf)
 
     def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_set_1(
-        self, context, sp_conf, idp_conf
-    ):
+            self, context, sp_conf, idp_conf, **kwargs):
         sp_conf["metadata"]["inline"] = [create_metadata_from_config_dict(idp_conf)]
         sp_conf["metadata"]["mdq"] = ["https://mdq.example.com"]