From 6841de670d5ad4571efcfde6e271c266dbb94867 Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Tue, 20 Jul 2021 12:52:18 +0200 Subject: [PATCH 1/2] fix: Destination value MUST be present in Response if binding is HTTP-REDIRECT or HTTP-POST --- src/saml2/response.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/saml2/response.py b/src/saml2/response.py index 72d0ef75b..6fbe2debc 100644 --- a/src/saml2/response.py +++ b/src/saml2/response.py @@ -409,11 +409,17 @@ def _verify(self): raise RequestVersionTooHigh() if self.asynchop: - if ( - self.response.destination - and self.response.destination not in self.return_addrs + if not ( + getattr(self.response, 'destination') ): - logger.error("%s not in %s", self.response.destination, self.return_addrs) + logger.error( + f"Invalid response destination in asynchop" + ) + return None + elif self.response.destination not in self.return_addrs: + logger.error( + f"{self.response.destination} not in {self.return_addrs}" + ) return None valid = self.issue_instant_ok() and self.status_ok() From 1476eb93c622b82d866464c156ab66ae0c059b83 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Fri, 23 Jul 2021 00:40:25 +0200 Subject: [PATCH 2/2] chore: destination check in response, code cleanup thanks to @spaceone https://github.com/IdentityPython/pysaml2/pull/812#pullrequestreview-713286884 --- src/saml2/response.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/saml2/response.py b/src/saml2/response.py index 6fbe2debc..bac8b462b 100644 --- a/src/saml2/response.py +++ b/src/saml2/response.py @@ -409,11 +409,9 @@ def _verify(self): raise RequestVersionTooHigh() if self.asynchop: - if not ( - getattr(self.response, 'destination') - ): + if not getattr(self.response, 'destination', None): logger.error( - f"Invalid response destination in asynchop" + "Invalid response destination in asynchop" ) return None elif self.response.destination not in self.return_addrs: