Merge remote-tracking branch 'upstream/master'

# Conflicts:
#	setup.py
#	src/saml2/server.py

Author: Hans Hörberg

.travis.yml

@@ -3,8 +3,8 @@ language: python
 sudo: false
 
 env:
-  - TOX_ENV=py27
-  - TOX_ENV=py34
+  - TOXENV=py27
+  - TOXENV=py34
 
 addons:
   apt:
@@ -14,5 +14,8 @@ addons:
 services:
   - mongodb
 
+install:
+  - pip install -U tox
+
 script:
-  - ./setup.py test
+  - tox

example/idp2/idp.py

@@ -143,16 +143,19 @@ def operation(self, saml_msg, binding):
                     return resp(self.environ, self.start_response)
             else:
                 kwargs = {}
+
             try:
-                _encrypt_cert = encrypt_cert_from_item(
+                kwargs['encrypt_cert'] = encrypt_cert_from_item(
                     saml_msg["req_info"].message)
-                return self.do(saml_msg["SAMLRequest"], binding,
-                               saml_msg["RelayState"],
-                               encrypt_cert=_encrypt_cert, **kwargs)
             except KeyError:
-                # Can live with no relay state
-                return self.do(saml_msg["SAMLRequest"], binding,
-                               saml_msg["RelayState"], **kwargs)
+                pass
+
+            try:
+                kwargs['relay_state'] = saml_msg['RelayState']
+            except KeyError:
+                pass
+
+            return self.do(saml_msg["SAMLRequest"], binding, **kwargs)
 
     def artifact_operation(self, saml_msg):
         if not saml_msg:

example/idp2/idp_user.py

@@ -68,7 +68,7 @@
         "ou": "IT",
         "initials": "P",
         #"schacHomeOrganization": "example.com",
-        "email": "[email protected]",
+        "mail": "[email protected]",
         "displayName": "P. Roland Hedberg",
         "labeledURL": "http://www.example.com/rohe My homepage",
         "norEduPersonNIN": "SE197001012222"

example/sp-wsgi/sp.py

@@ -38,6 +38,7 @@
 from saml2.response import StatusError
 from saml2.response import VerificationError
 from saml2.s_utils import UnknownPrincipal
+from saml2.s_utils import decode_base64_and_inflate
 from saml2.s_utils import UnsupportedBinding
 from saml2.s_utils import sid
 from saml2.s_utils import rndstr
@@ -634,8 +635,18 @@ def __init__(self, sp, environ, start_response, cache=None):
         self.sp = sp
         self.cache = cache
 
-    def do(self, response, binding, relay_state="", mtype="response"):
-        req_info = self.sp.parse_logout_request_response(response, binding)
+    def do(self, message, binding, relay_state="", mtype="response"):
+        try:
+            txt = decode_base64_and_inflate(message)
+            is_logout_request = 'LogoutRequest' in txt.split('>', 1)[0]
+        except:   # TODO: parse the XML correctly
+            is_logout_request = False
+
+        if is_logout_request:
+            self.sp.parse_logout_request(message, binding)
+        else:
+            self.sp.parse_logout_request_response(message, binding)
+
         return finish_logout(self.environ, self.start_response)
 
 # ----------------------------------------------------------------------------

setup.py

@@ -6,21 +6,6 @@
 from setuptools import setup
 from setuptools.command.test import test as TestCommand
 
-
-class PyTest(TestCommand):
-
-    def finalize_options(self):
-        TestCommand.finalize_options(self)
-        self.test_args = []
-        self.test_suite = True
-
-    def run_tests(self):
-        #import here, cause outside the eggs aren't loaded
-        import pytest
-        errno = pytest.main(self.test_args)
-        sys.exit(errno)
-
-
 install_requires = [
     # core dependencies
     'decorator',
@@ -35,18 +20,6 @@ def run_tests(self):
     'six'
 ]
 
-tests_require = [
-    'mongodict',
-    'pyasn1',
-    'pymongo==3.0.1',
-    'python-memcached >= 1.51',
-    'pytest',
-    'mako',
-    'webob',
-    'mock'
-    #'pytest-coverage',
-]
-
 version = ''
 with open('src/saml2/__init__.py', 'r') as fd:
     version = re.search(r'^__version__\s*=\s*[\'"]([^\'"]*)[\'"]',
@@ -79,13 +52,6 @@ def run_tests(self):
 
     scripts=["tools/parse_xsd2.py", "tools/make_metadata.py",
              "tools/mdexport.py", "tools/merge_metadata.py"],
-
-    tests_require=tests_require,
-    extras_require={
-        'testing': tests_require,
-    },
     install_requires=install_requires,
     zip_safe=False,
-    test_suite='tests',
-    cmdclass={'test': PyTest},
 )

src/saml2/__init__.py

@@ -979,7 +979,7 @@ def extension_elements_to_elements(extension_elements, schemas):
     if isinstance(schemas, list):
         pass
     elif isinstance(schemas, dict):
-        schemas = schemas.values()
+        schemas = list(schemas.values())
     else:
         return res
 

src/saml2/attribute_converter.py

@@ -425,11 +425,19 @@ def to_format(self, attr):
         :return: An Attribute instance
         """
         try:
+            _attr = self._to[attr]
+        except KeyError:
+            try:
+                _attr = self._to[attr.lower()]
+            except:
+                _attr = ''
+
+        if _attr:
             return factory(saml.Attribute,
-                           name=self._to[attr],
+                           name=_attr,
                            name_format=self.name_format,
                            friendly_name=attr)
-        except KeyError:
+        else:
             return factory(saml.Attribute, name=attr)
 
     def from_format(self, attr):

src/saml2/client.py

@@ -56,6 +56,7 @@ def prepare_for_authenticate(
             successfull log in.
         :param binding: Which binding to use for sending the request
         :param vorg: The entity_id of the virtual organization I'm a member of
+        :param nameid_format:
         :param scoping: For which IdPs this query are aimed.
         :param consent: Whether the principal have given her consent
         :param extensions: Possible extensions
@@ -95,6 +96,7 @@ def prepare_for_negotiated_authenticate(
             successfull log in.
         :param binding: Which binding to use for sending the request
         :param vorg: The entity_id of the virtual organization I'm a member of
+        :param nameid_format:
         :param scoping: For which IdPs this query are aimed.
         :param consent: Whether the principal have given her consent
         :param extensions: Possible extensions

src/saml2/client_base.py

@@ -155,6 +155,9 @@ def _sso_location(self, entityid=None, binding=BINDING_HTTP_REDIRECT):
         except IndexError:
             raise IdpUnspecified("No IdP to send to given the premises")
 
+    def sso_location(self, entityid=None, binding=BINDING_HTTP_REDIRECT):
+        return self._sso_location(entityid, binding)
+
     def _my_name(self):
         return self.config.name
 

src/saml2/entity.py

@@ -215,10 +215,16 @@ def apply_binding(self, binding, msg_str, destination="", relay_state="",
 
         if binding == BINDING_HTTP_POST:
             logger.info("HTTP POST")
+            # if self.entity_type == 'sp':
+            #     info = self.use_http_post(msg_str, destination, relay_state,
+            #                               typ)
+            #     info["url"] = destination
+            #     info["method"] = "POST"
+            # else:
             info = self.use_http_form_post(msg_str, destination,
                                            relay_state, typ)
             info["url"] = destination
-            info["method"] = "GET"
+            info["method"] = "POST"
         elif binding == BINDING_HTTP_REDIRECT:
             logger.info("HTTP REDIRECT")
             info = self.use_http_get(msg_str, destination, relay_state, typ,