fj%ddlmZmZddlmZmZddlmZddlm Z m Z ddl m Z ddl Z ddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZe j8j;ddiidej<fdiddiddfdiddide dfdidddddfdddiiddfdddiidej<fdiiddfgdZdZ dZ!dZ"dZ#d Z$d!Z%d"Z&e j8j;d#d$d%d&d'd(d)igd*Z'e j8j;d#d$d%d&d+id%d&d+d,d-id.gd/Z(e j8j;d0d1d2gid2d3d4d2fid5d3id3fgd6Z)y)7)Mockpatch)parse_qsurlparse)settings)reverse reverse_lazy) urlencodeN)assertTemplateUsed) EmailAddress) get_adapter)statekit) SocialAccount) AuthProcess)build_saml_configzAidp_initiated,adv_settings,state_kwargs,relay_state, expected_urlFz /not/herenextz/hereprocessconnectsocialaccount_connections)rrTreject_idp_initiated_ssoz /set-by-idpz not-a-urlc | jdddd} t| d} | j| | | d<|jdtj }|tj k(}|r#|jd}|jd}n|jd }d}d}|s | |fi|}d || i}|||d <|jtd ddi|}tdddi}|jdk(sJ|d|k(sJ|j|}|r*| jddrdd|jDvsJy|d|k(sJtjjdd}|jdddgk(sJt jj|j"}|j$|r |j$nd k(sJy)!NsamlAPPSrradvancedr auth_clientuserclient SAMLResponse)in_response_to RelayStatesaml_acsorganization_slugorgkwargsdatasaml_finish_acs.locationrT'socialaccount/authentication_error.htmlc34K|]}|jywNname.0ts e/var/www/cs2snipe.com/venv/lib/python3.12/site-packages/allauth/socialaccount/providers/saml/tests.py ztest_acs..Us= AFF= urn:dev-123.us.auth0.com dummysamluid)provideruidRolez view-profilezmanage-account-links)rzjohn.doe@email.org)SOCIALACCOUNT_PROVIDERSdictupdate setdefaultrLOGINCONNECTgetfixturevaluepostr status_codeget templatesrobjects extra_datar remail)request idp_initiateddb saml_settingsacs_saml_response_factorymocked_signature_validation expected_url relay_state state_kwargssociallogin_setup_state adv_settingsrprovider_settingsrr is_connectrrstate_idr'resp finish_urlaccountrHs r3test_acsrZsL!88@HKJW%j12H OOL!$,j!%%i1B1BCGK///J((7&&v.((2H *6B\B 5XN OD(\ ;; $7#?@t  D*4G3OPJ   s "" "  z )) ) ::j !D&@$G8=  NN=    J<///''++/^, !!&)n>T-UUUU$$((gll(;{{Ztzz=QRRRcddi}|jtdddi|}|jdk(sJ|j|d }d d |jDvsJy) Nrz bad-responser!r"r#r$r&r)r*r+c34K|]}|jywr-r.r0s r3r4z!test_acs_error..i8XA8Xr5)rBrrCrDrE)rrKrLr'rWs r3test_acs_errorr_bsr N +D ;; $7#?@t  D   s "" " ::d:& 'D 48X8X XX Xr[c|jtdddi}|jdk(sJ|j|d}dd|jDvsJy ) zbWHile ACS expects POST, it always redirects and handles the request in the FinishACSView. r!r"r#r$r)r*r+c34K|]}|jywr-r.r0s r3r4ztest_acs_get..sr^r5N)rDrrCrErrKrLrWs r3 test_acs_getrcls^ ::gj2Eu1MN OD   s "" " ::d:& 'D 48X8X XX Xr[cb|jtdddi}|jdk(sJy)zSLS expects POSTsaml_slsr"r#r$iN)rDrrCrbs r3 test_sls_getrfvs1 ::gj2Eu1MN OD   s "" "r[cz|jtdddi}|jdk(sJt|dy)N saml_loginr"r#r$zsocialaccount/login.html)rDrrCr rbs r3test_login_on_getrj|s< ::gl4G3OP QD   s "" "t78r[c|jtdddidz}|jdk(sJ|d}|jdsJt t |j }|jd Jt|jtjjd }|jd sJ|jtj|d }|d dd dk(sJy)Nrhr"r#r$z?process=connect&next=/foor)r*z3https://dev-123.us.auth0.com/samlp/456?SAMLRequest=r r ONELOGIN_rz/foo)rr'r) rBrrC startswithrrqueryrDlistsessionrSTATES_SESSION_KEYkeys)rrKrLrWr* resp_queryrVstates r3 test_loginrus ;; &95%AB & ' D   s "" "JH   T UU U(8,223J >>, ' // /FNN8#>#>?DDFGJH   { ++ + NN866 7 A! DE  4H HH Hr[c|jtdddi}|jdk(sJ|jj dsJy)N saml_metadatar"r#r$risY   ++s AA>>Bprovider_configidpdummyhttps://idp.org/sso/https://idp.saml.org/slo/cert) entity_idsso_urlslo_urlx509certc|jd}t||d}|dddk(sJ|dddk(sJ|ddd d ik(sJ|dd d d ik(sJy) N/r#rentityIdrrrsingleSignOnServiceurlrsingleLogoutServicer)rDr)rfrrIconfigs r3+test_build_saml_config_without_metadata_urlrsffSkG w ?F %= $ // / %= $ .. . %=. /E;Q3R RR R %=. /E;V3W WW Wr[)r metadata_urlrzdummy-sp-entity-id)rspc|jd}td5}ddddiddidd i|_t||d }ddddd dk(sJ|dd dk(sJ|dd ddik(sJ|ddddik(sJ|j t dd g}|jdijd}|r|dd |k(sJy|dd |k(sJy#1swYxYw)NrzPonelogin.saml2.idp_metadata_parser.OneLogin_Saml2_IdPMetadataParser.parse_remoterrrrrr)rrrrr#rrrrrw)argsrr)rDr return_valuerbuild_absolute_urir)rrrI parse_mockrr sp_entity_ids r3test_build_saml_configrsE&ffSkG Z  D  #(-/E'F(-/J'K" # #7OUC D %= $ // / %= $ .. . %=. /E;Q3R RR R %=. /E;V3W WW W--goUG.TUL"&&tR044[ALd|J'<777d|J'<777- D Ds CC"zdata, result, uidz,urn:oasis:names:tc:SAML:attribute:subject-id123nameid@saml.org)r9rHrHc*dddddgii|_tjdd}t}||j_d|j _d|j_|j||k(sJ|j||k(sJy) Nrrr#r6) client_id provider_id)rIr8rz6urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) r;r get_providerrget_attributesr get_nameidget_nameid_format_extract extract_uid)rKr'resultr9rr8 onelogin_datas r3test_extract_attributesrs  !&#=  (H$}))$)HHFM04M  -,=M)@##0   ] +v 55 5    .# 55 5r[)* unittest.mockrr urllib.parserr django.confr django.urlsrr django.utils.httpr pytestpytest_django.assertsr allauth.account.modelsr allauth.socialaccount.adapterr allauth.socialaccount.internalrallauth.socialaccount.modelsr.allauth.socialaccount.providers.base.constantsr*allauth.socialaccount.providers.saml.utilsrmark parametrizeLOGIN_REDIRECT_URLrZr_rcrfrjruryrrrrr[r3rs%+ -' 4/536FHG B X%@%@A VW%{G<    "  4 5    7;['R *E2B }U  ' /    ' '   r2}m4'04S104SnYY# 9 I$   $16"    X X $ 6 % 6 45  $8%$86