Changeset 6558 for TI12-security

Timestamp:

11/02/10 17:09:43 (10 years ago)

Author:

pjkersha

Message:

Working serialised Response with AuthzDecisionStatement? in unit tests.

Location:

TI12-security/trunk/ndg_security_saml/saml

Files:

• saml2/core.py (modified) (5 diffs)
• test/test_saml.py (modified) (5 diffs)
• xml/etree.py (modified) (1 diff)

TI12-security/trunk/ndg_security_saml/saml/saml2/core.py

@@ -328 +328 @@
     
     # "Permit" decision type
-    PERMIT = "Permit"
+    PERMIT_STR = "Permit"
     
     # "Deny" decision type
-    DENY = "Deny"
+    DENY_STR = "Deny"
     
     # "Indeterminate" decision type
-    INDETERMINATE = "Indeterminate"
-        
-    TYPES = (PERMIT, DENY, INDETERMINATE)
+    INDETERMINATE_STR = "Indeterminate"
+        
+    TYPES = (PERMIT_STR, DENY_STR, INDETERMINATE_STR)
     
     __slots__ = ('__value',)
@@ -347 +347 @@
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for "value" attribute; got '
-                            'instead' % type(value))
+                            '%r instead' % type(value))
             
         if value not in DecisionType.TYPES:
             raise AttributeError('Permissable decision types are %r; got %r '
-                                 'instead' % (DecisionType.TYPES,
-                                              value))
+                                 'instead' % (DecisionType.TYPES, value))
         self.__value = value
         
@@ -362 +361 @@
     def __str__(self):
         return self.__value
+
+    def __eq__(self, decision):
+        return self.__value == decision.value
+
+
+class PermitDecisionType(DecisionType):
+    """Permit authorisation Decision"""
+    def __init__(self):
+        super(PermitDecisionType, self).__init__(DecisionType.PERMIT_STR)
+        
+    def _setValue(self):  
+        raise AttributeError("can't set attribute")
+
+
+class DenyDecisionType(DecisionType):
+    """Deny authorisation Decision"""
+    def __init__(self):
+        super(DenyDecisionType, self).__init__(DecisionType.DENY_STR)
+        
+    def _setValue(self, value):  
+        raise AttributeError("can't set attribute")
+
+
+class IndeterminateDecisionType(DecisionType):
+    """Indeterminate authorisation Decision"""
+    def __init__(self):
+        super(IndeterminateDecisionType, self).__init__(
+                                            DecisionType.INDETERMINATE_STR)
+        
+    def _setValue(self, value):  
+        raise AttributeError("can't set attribute")
+
+# Add instances of each for convenience
+DecisionType.PERMIT = PermitDecisionType()
+DecisionType.DENY = DenyDecisionType()
+DecisionType.INDETERMINATE = IndeterminateDecisionType()
 
 
@@ -401 +436 @@
         self.__resource = None  
         
-        self.__decision = DecisionType(DecisionType.INDETERMINATE)    
+        self.__decision = DecisionType.INDETERMINATE   
         self.__actions = TypedList(Action)
         self.__evidence = None
@@ -506 +541 @@
         @param value: the decision of the authorization request
         '''
-        if not isinstance(value, basestring):
+        if not isinstance(value, DecisionType):
             raise TypeError('Expecting %r type for "decision" attribute; '
-                            'got instead' % (DecisionType, type(value)))
+                            'got %r instead' % (DecisionType, type(value)))
         self.__decision = value
+
+    decision = property(_getDecision, _setDecision, 
+                        doc="Authorization decision as a DecisionType instance")
     
     @property

TI12-security/trunk/ndg_security_saml/saml/test/test_saml.py

@@ -24 +24 @@
                              AuthzDecisionStatement, Assertion, AttributeQuery, 
                              Response, Issuer, Subject, NameID, StatusCode, 
-                             StatusMessage, Status, Conditions, 
+                             StatusMessage, Status, Conditions, DecisionType,
                              XSStringAttributeValue, Action,
                              AuthzDecisionQuery)
@@ -487 +487 @@
 
 
-    def test05CreateAuthzDecisionQueryResponse(self):
+    def test09CreateAuthzDecisionQueryResponse(self):
         response = Response()
-        response.issueInstant = datetime.utcnow()
+        now = datetime.utcnow()
+        response.issueInstant = now
         
         # Make up a request ID that this response is responding to
@@ -498 +499 @@
         response.issuer = Issuer()
         response.issuer.format = Issuer.X509_SUBJECT
-        response.issuer.value = \
-                        SAMLTestCase.ISSUER_DN
+        response.issuer.value = SAMLTestCase.ISSUER_DN
         
         response.status = Status()
@@ -508 +508 @@
            
         assertion = Assertion()
+        assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
+        assertion.id = str(uuid4())
+        assertion.issueInstant = now
+        
         authzDecisionStatement = AuthzDecisionStatement()
+        authzDecisionStatement.decision = DecisionType.PERMIT
         authzDecisionStatement.resource = SAMLTestCase.RESOURCE_URI
         authzDecisionStatement.actions.append(Action())
@@ -515 +520 @@
         assertion.authzDecisionStatements.append(authzDecisionStatement)
         
-#        assertion.subject = Subject()  
-#        assertion.subject.nameID = NameID()
-#        assertion.subject.nameID.format = SAMLTestCase.NAMEID_FORMAT
-#        assertion.subject.nameID.value = SAMLTestCase.NAMEID_VALUE    
-#            
-#        assertion.issuer = Issuer()
-#        assertion.issuer.format = Issuer.X509_SUBJECT
-#        assertion.issuer.value = SAMLTestCase.ISSUER_DN
+        # Add a conditions statement for a validity of 8 hours
+        assertion.conditions = Conditions()
+        assertion.conditions.notBefore = now
+        assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8)
+               
+        assertion.subject = Subject()  
+        assertion.subject.nameID = NameID()
+        assertion.subject.nameID.format = SAMLTestCase.NAMEID_FORMAT
+        assertion.subject.nameID.value = SAMLTestCase.NAMEID_VALUE    
+            
+        assertion.issuer = Issuer()
+        assertion.issuer.format = Issuer.X509_SUBJECT
+        assertion.issuer.value = SAMLTestCase.ISSUER_DN
 
         response.assertions.append(assertion)

TI12-security/trunk/ndg_security_saml/saml/xml/etree.py

@@ -371 +371 @@
         
         for authzDecisionStatement in assertion.authzDecisionStatements:
-            authzDecisionStatementElem = AuthzDecisionStatementElementTree.toXML(
-                                        authzDecisionStatement,
-                                        **authzDecisionValueElementTreeFactoryKw)
+            authzDecisionStatementElem = \
+                AuthzDecisionStatementElementTree.toXML(authzDecisionStatement)
             elem.append(authzDecisionStatementElem)