Skip to content

Commit

Permalink
[18.0][MIG] auth_saml: Migration to 18.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@BT-dlagin
BT-dlagin committed Jan 14, 2025
1 parent aba965e commit 994cf31
Showing 1 changed file with 1 addition and 141 deletions.
142 changes: 1 addition & 141 deletions auth_saml/tests/test_pysaml.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import html
import os
import urllib
from unittest.mock import patch
from unittest.mock import patch, mock_open

from odoo.exceptions import AccessDenied, UserError, ValidationError
from odoo.tests import HttpCase, tagged
Expand Down Expand Up @@ -429,143 +429,3 @@ def test_disallow_user_password_when_changing_settings(self):
{"type": "password", "password": "NesTNSte9340D720te>/-A"},
{"interactive": True},
)

def test_saml_metadata_invalid_provider(self):
"""Accessing SAML metadata with an invalid provider ID should return 404."""
response = self.url_open(f"/auth_saml/metadata?p=999999&d={self.env.cr.dbname}")
self.assertEqual(response.status_code, 404)
self.assertIn("Unknown provider", response.text)

def test_saml_metadata_missing_parameters(self):
"""Accessing the SAML metadata endpoint without params should return 404."""
response = self.url_open("/auth_saml/metadata")
self.assertEqual(response.status_code, 404)
self.assertIn("Missing parameters", response.text)

def test_saml_provider_deactivation(self):
"""A deactivated SAML provider should not be usable for authentication."""
self.saml_provider.active = False

redirect_url = self.saml_provider._get_auth_request()
response = self.idp.fake_login(redirect_url)
unpacked_response = response._unpack()

with self.assertRaises(AccessDenied):
self.env["res.users"].sudo().auth_saml(
self.saml_provider.id, unpacked_response.get("SAMLResponse"), None
)

def test_compute_sp_metadata_url_for_new_record(self):
"""Test that sp_metadata_url is set to False for a new (unsaved) provider."""
new_provider = self.env["auth.saml.provider"].new(
{"name": "New SAML Provider", "sp_baseurl": "http://example.com"}
)
new_provider._compute_sp_metadata_url()
self.assertFalse(new_provider.sp_metadata_url)

def test_store_outstanding_request(self):
"""Test that the SAML request ID is stored in the auth_saml.request model."""
reqid = "test-request-id"
self.saml_provider._store_outstanding_request(reqid)

request = self.env["auth_saml.request"].search(
[("saml_request_id", "=", reqid)]
)
self.assertTrue(request)
self.assertEqual(request.saml_provider_id.id, self.saml_provider.id)

def test_get_auth_request_redirect_url(self):
"""Test that _get_auth_request returns a valid redirect URL."""
redirect_url = self.saml_provider._get_auth_request()
self.assertIsNotNone(redirect_url)
self.assertIn("SAMLRequest=", redirect_url)

def test_fragment_to_query_string_empty_query(self):
"""Test fragment_to_query_string redirects when no query string is provided."""
response = self.url_open("/auth_saml/signin")
self.assertEqual(response.status_code, 200)
self.assertIn("<script>", response.text)

def test_get_auth_request_valid_provider(self):
"""Test that get_auth_request returns a redirect for a valid provider."""
response = self.url_open(
f"/auth_saml/get_auth_request?pid={self.saml_provider.id}",
allow_redirects=False,
)
self.assertEqual(response.status_code, 303)
self.assertIn("Location", response.headers)
self.assertIn("SAMLRequest=", response.headers["Location"])

def test_create_res_users_saml(self):
"""Test that creating a SAML mapping removes the password when disallowed."""
user = self.env["res.users"].create(
{
"name": "Test User",
"login": "[email protected]",
"password": "securepassword",
}
)
self.env["ir.config_parameter"].set_param(
"auth_saml.allow_saml_uid_and_internal_password", "False"
)
self.env["res.users.saml"].create(
{
"user_id": user.id,
"saml_provider_id": self.env["auth.saml.provider"]
.create(
{
"name": "Demo Provider",
"sig_alg": "SIG_RSA_SHA1",
"idp_metadata": "fake_metadata",
"sp_pem_public": base64.b64encode(b"public_key"),
"sp_pem_private": base64.b64encode(b"private_key"),
}
)
.id,
"saml_uid": "[email protected]",
}
)
self.assertFalse(user.password)

def test_missing_parameters_in_metadata(self):
"""Test that missing parameters in the SAML metadata request return a 404."""
response = self.url_open("/auth_saml/metadata")
self.assertEqual(response.status_code, 404)
self.assertIn("Missing parameters", response.text)

def test_fragment_to_query_string_redirect(self):
"""Test fragment_to_query_string redirects when no query string is provided."""
response = self.url_open("/auth_saml/signin")
self.assertEqual(response.status_code, 200)
self.assertIn("<script>", response.text)

def test_saml_request_creation(self):
"""Test that a SAML request is correctly stored in the model."""
expected_selection = [
("SIG_RSA_SHA1", "SIG_RSA_SHA1"),
("SIG_RSA_SHA224", "SIG_RSA_SHA224"),
("SIG_RSA_SHA256", "SIG_RSA_SHA256"),
("SIG_RSA_SHA384", "SIG_RSA_SHA384"),
("SIG_RSA_SHA512", "SIG_RSA_SHA512"),
]
provider = self.env["auth.saml.provider"].create(
{
"name": "Test Provider",
"sig_alg": "SIG_RSA_SHA1",
"idp_metadata": "fake_metadata",
"sp_pem_public": base64.b64encode(b"public_key"),
"sp_pem_private": base64.b64encode(b"private_key"),
}
)
self.env["auth_saml.request"].create(
{
"saml_provider_id": provider.id,
"saml_request_id": "test-request-id",
}
)
request = self.env["auth_saml.request"].search(
[("saml_request_id", "=", "test-request-id")]
)
self.assertTrue(request)
self.assertEqual(request.saml_provider_id.id, provider.id)
self.assertEqual(provider._sig_alg_selection(), expected_selection)

0 comments on commit 994cf31

Please sign in to comment.