diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2022-04-10 23:19:50 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2022-04-10 23:19:50 +0300 |
commit | f36b06aa2a8aeb41394139d0fa2cf20b59f41dd9 (patch) | |
tree | a4a8e444bb76609e5181f86171f86b54354d436b | |
parent | 78e93f9a894f2bf3bb875295e864d02525b21fc0 (diff) | |
download | pysaml2-f36b06aa2a8aeb41394139d0fa2cf20b59f41dd9.tar.gz |
assertion policy filter: Fallback to match a known attribute or return its name
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | src/saml2/assertion.py | 17 | ||||
-rw-r--r-- | tests/test_20_assertion.py | 50 |
2 files changed, 54 insertions, 13 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 746b60e3..c946338a 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -86,18 +86,19 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None, """ def _match_attr_name(attr, ava): - name_format = attr.get('name_format') - name = attr.get('name') - friendly_name = attr.get('friendly_name') - local_name = get_local_name(acs, name, name_format) or friendly_name - + name = attr["name"].lower() + name_format = attr.get("name_format") + friendly_name = attr.get("friendly_name") + local_name = ( + get_local_name(acs, name, name_format) + or friendly_name + or "" + ) _fn = ( _match(local_name, ava) - if local_name # In the unlikely case that someone has provided us with URIs as attribute names - else _match(name, ava) + or _match(name, ava) ) - return _fn diff --git a/tests/test_20_assertion.py b/tests/test_20_assertion.py index da7e70fd..ddf2bffd 100644 --- a/tests/test_20_assertion.py +++ b/tests/test_20_assertion.py @@ -68,15 +68,55 @@ mail = to_dict(md.RequestedAttribute(name="urn:oid:0.9.2342.19200300.100.1.3", def test_filter_on_attributes_0(): - a = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, - friendly_name="serialNumber"), ONTS) + a = to_dict( + Attribute( + name="urn:oid:2.5.4.5", + name_format=NAME_FORMAT_URI, + friendly_name="serialNumber", + ), + ONTS, + ) - required = [a] - ava = {"serialNumber": ["12345"]} + b = to_dict( + Attribute( + name="urn:oasis:names:tc:SAML:attribute:subject-id", + name_format=NAME_FORMAT_URI, + friendly_name="subject-id", + ), + ONTS, + ) + + c = to_dict( + Attribute( + name="unmapped_attr_name", + name_format=NAME_FORMAT_URI, + friendly_name="unmapped attr name", + ), + ONTS, + ) + + d = to_dict( + Attribute( + name="urn:oid:2.5.4.6", + friendly_name="c", + ), + ONTS, + ) + + required = [a, b, c, d] + ava = { + "serialNumber": ["12345"], + "subject-id": ["id_12345"], + "unmapped_attr_name": ["abcd"], + "c": ["some-country"], + } ava = filter_on_attributes(ava, required, acs=ac_factory()) - assert list(ava.keys()) == ["serialNumber"] + assert set(ava.keys()) == {"serialNumber", "subject-id", "unmapped_attr_name", "c"} assert ava["serialNumber"] == ["12345"] + assert ava["subject-id"] == ["id_12345"] + assert ava["unmapped_attr_name"] == ["abcd"] + assert ava["c"] == ["some-country"] def test_filter_on_attributes_1(): |