Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow process_response and process_slo to raise is_valid exceptions #393

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 11 additions & 5 deletions src/onelogin/saml2/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -111,13 +111,16 @@ def store_valid_response(self, response):
self._last_response_in_response_to = response.get_in_response_to()
self._last_assertion_not_on_or_after = response.get_assertion_not_on_or_after()

def process_response(self, request_id=None):
def process_response(self, request_id=None, raise_exceptions=False):
"""
Process the SAML Response sent by the IdP.

:param request_id: Is an optional argument. Is the ID of the AuthNRequest sent by this SP to the IdP.
:type request_id: string

:param raise_exceptions: Whether to return raise an exception during is_valid check
:type raise_exceptions: Boolean

:raises: OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found
"""
self._errors = []
Expand All @@ -128,7 +131,7 @@ def process_response(self, request_id=None):
response = self.response_class(self._settings, self._request_data['post_data']['SAMLResponse'])
self._last_response = response.get_xml_document()

if response.is_valid(self._request_data, request_id):
if response.is_valid(self._request_data, request_id, raise_exceptions=raise_exceptions):
self.store_valid_response(response)
else:
self._errors.append('invalid_response')
Expand All @@ -141,7 +144,7 @@ def process_response(self, request_id=None):
OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND
)

def process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None):
def process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None, raise_exceptions=False):
"""
Process the SAML Logout Response / Logout Request sent by the IdP.

Expand All @@ -151,6 +154,9 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
:param request_id: The ID of the LogoutRequest sent by this SP to the IdP
:type request_id: string

:param raise_exceptions: Whether to return raise an exception during is_valid check
:type raise_exceptions: Boolean

:returns: Redirection url
"""
self._errors = []
Expand All @@ -163,7 +169,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
if not self.validate_response_signature(get_data):
self._errors.append('invalid_logout_response_signature')
self._errors.append('Signature validation failed. Logout Response rejected')
elif not logout_response.is_valid(self._request_data, request_id):
elif not logout_response.is_valid(self._request_data, request_id, raise_exceptions=raise_exceptions):
self._errors.append('invalid_logout_response')
elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS:
self._errors.append('logout_not_success')
Expand All @@ -178,7 +184,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
if not self.validate_request_signature(get_data):
self._errors.append("invalid_logout_request_signature")
self._errors.append('Signature validation failed. Logout Request rejected')
elif not logout_request.is_valid(self._request_data):
elif not logout_request.is_valid(self._request_data, raise_exceptions=raise_exceptions):
self._errors.append('invalid_logout_request')
else:
if not keep_local_session:
Expand Down