Merge pull request #266 from mikaelfrykholm/disco

leifj · web-flow · commit 514400036db2 · 2024-05-27T15:35:03.000+02:00
Disco tests
diff --git a/NEWS.txt b/NEWS.txt
@@ -171,3 +171,6 @@ to sign using HSMs. The only mandatory non-python dependency now is lxml.
 * Fix random seeding
 * Fix for data handling related to non-Z timezones in metadata
 
+2.1.3
+-----
+* Add DiscoveryResponse info to SPs in discojson
diff --git a/src/pyff/constants.py b/src/pyff/constants.py
@@ -37,6 +37,7 @@
     ser="http://eidas.europa.eu/metadata/servicelist",
     eidas="http://eidas.europa.eu/saml-extensions",
     ti="https://seamlessaccess.org/NS/trustinfo",
+    idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol",
 )
 
 #: These are the attribute aliases pyFF knows about. These are used to build URI paths, populate the index
diff --git a/src/pyff/samlmd.py b/src/pyff/samlmd.py
@@ -783,6 +783,14 @@ def registration_authority(entity):
         return regauth_el.attrib.get('registrationAuthority')
 
 
+def discovery_responses(entity):
+    responses = None
+    responses_els = entity.findall(".//{%s}DiscoveryResponse" % NS['idpdisc'])
+    if len(responses_els) > 0:
+        responses = [el.attrib.get('Location') for el in responses_els]
+    return responses
+
+
 def entity_extended_display(entity, langs=None):
     """Utility-method for computing a displayable string for a given entity.
 
@@ -875,6 +883,7 @@ def discojson(e, sources=None, langs=None, fallback_to_favicon=False, icon_store
     categories = entity_attribute(e, "http://macedir.org/entity-category")
     certifications = entity_attribute(e, "urn:oasis:names:tc:SAML:attribute:assurance-certification")
     cat_support = entity_attribute(e, "http://macedir.org/entity-category-support")
+    disc_responses = discovery_responses(e)
 
     d = dict(
         title=title,
@@ -900,6 +909,9 @@ def discojson(e, sources=None, langs=None, fallback_to_favicon=False, icon_store
     if sources is not None:
         d['md_source'] = sources
 
+    if disc_responses is not None:
+        d["discovery_responses"] = disc_responses
+
     eattr = entity_attribute_dict(e)
     if 'idp' in eattr[ATTRS['role']]:
         d['type'] = 'idp'
diff --git a/src/pyff/test/test_md_api.py b/src/pyff/test/test_md_api.py
@@ -136,6 +136,12 @@ def test_load_and_query(self):
             assert info['title'] == 'NORDUnet'
             assert 'nordu.net' in info['scope']
 
+            # check that we get a discovery_responses where we expect one
+            r = requests.get("{}/entities/%7Bsha1%7Dc3ba81cede254454b64ee9743df19201fe34adc9.json".format(url))
+            assert r.status_code == 200
+            data = r.json()
+            info = data[0]
+            assert 'https://box-idp.nordu.net/simplesaml/module.php/saml/sp/discoresp.php' in info['discovery_responses']
 
 class PyFFAPITestResources(PipeLineTest):
     """

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@`
`37`	`37`	`ser="http://eidas.europa.eu/metadata/servicelist",`
`38`	`38`	`eidas="http://eidas.europa.eu/saml-extensions",`
`39`	`39`	`ti="https://seamlessaccess.org/NS/trustinfo",`
	`40`	`+ idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol",`
`40`	`41`	`)`
`41`	`42`
`42`	`43`	`#: These are the attribute aliases pyFF knows about. These are used to build URI paths, populate the index`