From 91f7ccf6692762436551c8d29403f649e1982da9 Mon Sep 17 00:00:00 2001
From: amercader <amercadero@gmail.com>
Date: Wed, 17 Feb 2021 13:30:52 +0100
Subject: [PATCH] Add tests for full name support

---
 .../saml2auth/tests/responses/unsigned0.xml   | 11 ++-
 .../tests/test_blueprint_get_request.py       | 73 +++++++++++++++++++
 test.ini                                      |  4 +-
 3 files changed, 85 insertions(+), 3 deletions(-)

diff --git a/ckanext/saml2auth/tests/responses/unsigned0.xml b/ckanext/saml2auth/tests/responses/unsigned0.xml
index 4192560f..7398230e 100644
--- a/ckanext/saml2auth/tests/responses/unsigned0.xml
+++ b/ckanext/saml2auth/tests/responses/unsigned0.xml
@@ -39,10 +39,19 @@
       <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
         <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
       </saml:Attribute>
+      <saml:Attribute Name="firstname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue>John</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="lastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue>Smith</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="fullname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <saml:AttributeValue>John Smith (Operations)</saml:AttributeValue>
+      </saml:Attribute>
       <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
         <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
         <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
       </saml:Attribute>
     </saml:AttributeStatement>
   </saml:Assertion>
-</samlp:Response>
\ No newline at end of file
+</samlp:Response>
diff --git a/ckanext/saml2auth/tests/test_blueprint_get_request.py b/ckanext/saml2auth/tests/test_blueprint_get_request.py
index d7987ac8..59b65324 100644
--- a/ckanext/saml2auth/tests/test_blueprint_get_request.py
+++ b/ckanext/saml2auth/tests/test_blueprint_get_request.py
@@ -6,6 +6,8 @@
 import os
 import pytest
 
+from ckan import model
+
 from saml2.xmldsig import SIG_RSA_SHA256
 from saml2.xmldsig import DIGEST_SHA256
 from saml2.saml import NAMEID_FORMAT_ENTITY
@@ -338,3 +340,74 @@ def test_signed_not_encrypted_assertion(self, app):
         }
         response = app.post(url=url, params=data)
         assert_equal(200, response.status_code)
+
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.entity_id', u'urn:gov:gsa:SAML:2.0.profiles:sp:sso:test:entity')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.idp_metadata.location', u'local')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.idp_metadata.local_path', os.path.join(extras_folder, 'provider0', 'idp.xml'))
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.want_response_signed', u'False')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.want_assertions_signed', u'False')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.want_assertions_or_response_signed', u'False')
+    def test_user_fullname_using_first_last_name(self, app):
+
+        # read about saml2 responses: https://www.samltool.com/generic_sso_res.php
+        unsigned_response_file = os.path.join(responses_folder, 'unsigned0.xml')
+        unsigned_response = open(unsigned_response_file).read()
+        # parse values
+        context = {
+            'entity_id': 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:test:entity',
+            'destination': 'http://test.ckan.net/acs',
+            'recipient': 'http://test.ckan.net/acs',
+            'issue_instant': datetime.now().isoformat()
+        }
+        t = Template(unsigned_response)
+        final_response = t.render(**context)
+
+        encoded_response = self._b4_encode_string(final_response)
+        url = '/acs'
+
+        data = {
+            'SAMLResponse': encoded_response
+        }
+        response = app.post(url=url, params=data)
+        assert_equal(200, response.status_code)
+
+        user = model.User.by_email('test@example.com')[0]
+
+        assert user.fullname == 'John Smith'
+
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.entity_id', u'urn:gov:gsa:SAML:2.0.profiles:sp:sso:test:entity')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.idp_metadata.location', u'local')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.idp_metadata.local_path', os.path.join(extras_folder, 'provider0', 'idp.xml'))
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.want_response_signed', u'False')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.want_assertions_signed', u'False')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.want_assertions_or_response_signed', u'False')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.user_fullname', u'fullname')
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.user_firstname', None)
+    @pytest.mark.ckan_config(u'ckanext.saml2auth.user_lastname', None)
+    def test_user_fullname_using_fullname(self, app):
+
+        # read about saml2 responses: https://www.samltool.com/generic_sso_res.php
+        unsigned_response_file = os.path.join(responses_folder, 'unsigned0.xml')
+        unsigned_response = open(unsigned_response_file).read()
+        # parse values
+        context = {
+            'entity_id': 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:test:entity',
+            'destination': 'http://test.ckan.net/acs',
+            'recipient': 'http://test.ckan.net/acs',
+            'issue_instant': datetime.now().isoformat()
+        }
+        t = Template(unsigned_response)
+        final_response = t.render(**context)
+
+        encoded_response = self._b4_encode_string(final_response)
+        url = '/acs'
+
+        data = {
+            'SAMLResponse': encoded_response
+        }
+        response = app.post(url=url, params=data)
+        assert_equal(200, response.status_code)
+
+        user = model.User.by_email('test@example.com')[0]
+
+        assert user.fullname == 'John Smith (Operations)'
diff --git a/test.ini b/test.ini
index 9a30cb5d..a0f20a11 100644
--- a/test.ini
+++ b/test.ini
@@ -18,7 +18,7 @@ use = config:../ckan/test-core.ini
 
 ckanext.saml2auth.idp_metadata.location = local
 ckanext.saml2auth.idp_metadata.local_path = /path/to/idp.xml
-ckanext.saml2auth.user_firstname = name
+ckanext.saml2auth.user_firstname = firstname
 ckanext.saml2auth.user_lastname = lastname
 ckanext.saml2auth.user_email = email
 
@@ -54,4 +54,4 @@ level = NOTSET
 formatter = generic
 
 [formatter_generic]
-format = %(asctime)s %(levelname)-5.5s [%(name)s] %(message)s
\ No newline at end of file
+format = %(asctime)s %(levelname)-5.5s [%(name)s] %(message)s