[18.0][MIG] auth_saml: Migration to 18.0

OCA · Jan 14, 2025 · 4ece04b · 4ece04b
1 parent 5d50a38
commit 4ece04b
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/auth_saml/tests/test_pysaml.py b/auth_saml/tests/test_pysaml.py
@@ -1,6 +1,7 @@
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 import base64
 import html
+import json
 import os
 import urllib
 from unittest.mock import patch
@@ -627,3 +628,26 @@ def test_signin_no_relaystate_redirect(self):
         )
         self.assertEqual(signin_response.status_code, 303)
         self.assertIn("/?type=signup", signin_response.headers["Location"])
+
+    def test_signin_generic_exception(self):
+        """Test that a exception redirect to /web/login?saml_error=access-denied."""
+        self.add_provider_to_user()
+
+        redirect_url = self.saml_provider._get_auth_request()
+        self.assertIn("http://localhost:8000/sso/redirect?SAMLRequest=", redirect_url)
+
+        # Simulate an invalid SAMLResponse to throw Exception
+        response = self.idp.fake_login(redirect_url)
+        relay_state = json.dumps(
+            {"p": 1, "d": self.env.cr.dbname, "r": "/custom_redirect"}
+        )
+
+        signin_response = self.url_open(
+            "/auth_saml/signin",
+            data={"SAMLResponse": response.text, "RelayState": relay_state},
+            allow_redirects=False,
+        )
+        self.assertEqual(signin_response.status_code, 303)
+        self.assertIn(
+            "/web/login?saml_error=access-denied", signin_response.headers["Location"]
+        )