mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-08-01 00:38:42 -04:00
Combine the CAS & SAML implementations for required attributes. (#9326)
This commit is contained in:
parent
80d6dc9783
commit
6dade80048
9 changed files with 245 additions and 77 deletions
|
@ -259,7 +259,61 @@ class SamlHandlerTestCase(HomeserverTestCase):
|
|||
)
|
||||
self.assertEqual(e.value.location, b"https://custom-saml-redirect/")
|
||||
|
||||
@override_config(
|
||||
{
|
||||
"saml2_config": {
|
||||
"attribute_requirements": [
|
||||
{"attribute": "userGroup", "value": "staff"},
|
||||
{"attribute": "department", "value": "sales"},
|
||||
],
|
||||
},
|
||||
}
|
||||
)
|
||||
def test_attribute_requirements(self):
|
||||
"""The required attributes must be met from the SAML response."""
|
||||
|
||||
# stub out the auth handler
|
||||
auth_handler = self.hs.get_auth_handler()
|
||||
auth_handler.complete_sso_login = simple_async_mock()
|
||||
|
||||
# The response doesn't have the proper userGroup or department.
|
||||
saml_response = FakeAuthnResponse({"uid": "test_user", "username": "test_user"})
|
||||
request = _mock_request()
|
||||
self.get_success(
|
||||
self.handler._handle_authn_response(request, saml_response, "redirect_uri")
|
||||
)
|
||||
auth_handler.complete_sso_login.assert_not_called()
|
||||
|
||||
# The response doesn't have the proper department.
|
||||
saml_response = FakeAuthnResponse(
|
||||
{"uid": "test_user", "username": "test_user", "userGroup": ["staff"]}
|
||||
)
|
||||
request = _mock_request()
|
||||
self.get_success(
|
||||
self.handler._handle_authn_response(request, saml_response, "redirect_uri")
|
||||
)
|
||||
auth_handler.complete_sso_login.assert_not_called()
|
||||
|
||||
# Add the proper attributes and it should succeed.
|
||||
saml_response = FakeAuthnResponse(
|
||||
{
|
||||
"uid": "test_user",
|
||||
"username": "test_user",
|
||||
"userGroup": ["staff", "admin"],
|
||||
"department": ["sales"],
|
||||
}
|
||||
)
|
||||
request.reset_mock()
|
||||
self.get_success(
|
||||
self.handler._handle_authn_response(request, saml_response, "redirect_uri")
|
||||
)
|
||||
|
||||
# check that the auth handler got called as expected
|
||||
auth_handler.complete_sso_login.assert_called_once_with(
|
||||
"@test_user:test", request, "redirect_uri", None, new_user=True
|
||||
)
|
||||
|
||||
|
||||
def _mock_request():
|
||||
"""Returns a mock which will stand in as a SynapseRequest"""
|
||||
return Mock(spec=["getClientIP", "getHeader"])
|
||||
return Mock(spec=["getClientIP", "getHeader", "_disconnected"])
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue