search

SAML-Toolkits / python3-saml

MIT License
670 stars 302 forks source link

Tests fail on master due to expired timestamps #373

Closed K900 closed 5 months ago

K900 commented 10 months ago 
____________________________________________________________________________ OneLogin_Saml2_Response_Test.testCheckOneAuthnStatement _____________________________________________________________________________

self = <tests.src.OneLogin.saml2_tests.response_test.OneLogin_Saml2_Response_Test testMethod=testCheckOneAuthnStatement>

    def testCheckOneAuthnStatement(self):
        """
        Tests the check_one_authnstatement method of SamlResponse
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_authnstatement.xml.base64'))
        response = OneLogin_Saml2_Response(settings, xml)
        self.assertFalse(response.check_one_authnstatement())

        self.assertTrue(response.is_valid(self.get_request_data()))
        settings.set_strict(True)
        response = OneLogin_Saml2_Response(settings, xml)
        self.assertFalse(response.is_valid(self.get_request_data()))
>       self.assertEqual('The Assertion must include an AuthnStatement element', response.get_error())
E       AssertionError: 'The Assertion must include an AuthnStatement element' != 'Could not validate timestamp: expired. Check system clock.'
E       - The Assertion must include an AuthnStatement element
E       + Could not validate timestamp: expired. Check system clock.

tests/src/OneLogin/saml2_tests/response_test.py:578: AssertionError
_____________________________________________________________________________ OneLogin_Saml2_Response_Test.testIsInValidDestination ______________________________________________________________________________

self = <tests.src.OneLogin.saml2_tests.response_test.OneLogin_Saml2_Response_Test testMethod=testIsInValidDestination>

    def testIsInValidDestination(self):
        """
        Tests the is_valid method of the OneLogin_Saml2_Response class
        Case Invalid Response, Invalid Destination
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        message = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64'))
        response = OneLogin_Saml2_Response(settings, message)
        response.is_valid(self.get_request_data())
        self.assertEqual('No Signature found. SAML Response rejected', response.get_error())

        settings.set_strict(True)
        response_2 = OneLogin_Saml2_Response(settings, message)
        self.assertFalse(response_2.is_valid(self.get_request_data()))
        self.assertIn('The response was received at', response_2.get_error())

        # Empty Destination
        dom = parseString(b64decode(message))
        dom.firstChild.setAttribute('Destination', '')
        message_2 = OneLogin_Saml2_Utils.b64encode(dom.toxml())
        response_3 = OneLogin_Saml2_Response(settings, message_2)
        self.assertFalse(response_3.is_valid(self.get_request_data()))
        self.assertIn('The response has an empty Destination value', response_3.get_error())

        message_3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'empty_destination.xml.base64'))
        response_4 = OneLogin_Saml2_Response(settings, message_3)
        self.assertFalse(response_4.is_valid(self.get_request_data()))
>       self.assertEqual('The response has an empty Destination value', response_4.get_error())
E       AssertionError: 'The response has an empty Destination value' != 'Could not validate timestamp: expired. Check system clock.'
E       - The response has an empty Destination value
E       + Could not validate timestamp: expired. Check system clock.

tests/src/OneLogin/saml2_tests/response_test.py:1110: AssertionError
_____________________________________________________________________________ OneLogin_Saml2_Response_Test.testIsInValidNoStatement ______________________________________________________________________________

self = <tests.src.OneLogin.saml2_tests.response_test.OneLogin_Saml2_Response_Test testMethod=testIsInValidNoStatement>

    def testIsInValidNoStatement(self):
        """
        Tests the is_valid method of the OneLogin_Saml2_Response
        Case no statement
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_signature.xml.base64'))
        response = OneLogin_Saml2_Response(settings, xml)
        response.is_valid(self.get_request_data())
        self.assertEqual('No Signature found. SAML Response rejected', response.get_error())

        settings.set_strict(True)
        response_2 = OneLogin_Saml2_Response(settings, xml)
        self.assertFalse(response_2.is_valid(self.get_request_data()))
>       self.assertEqual('There is no AttributeStatement on the Response', response_2.get_error())
E       AssertionError: 'There is no AttributeStatement on the Response' != 'Could not validate timestamp: expired. Check system clock.'
E       - There is no AttributeStatement on the Response
E       + Could not validate timestamp: expired. Check system clock.

tests/src/OneLogin/saml2_tests/response_test.py:987: AssertionError

I've checked the test data and those responses contain NotOnOrAfter dates of 2023-08-23, which is almost a week ago.

pitbulk commented 10 months ago

I will fix this asap

alyssais commented 9 months ago

I see that in ea3a6d4ee6ea0c5cfb0f698d8c0ed25638150f47 some NotOnOrAfter dates were updated, but signed_assertion_response.xml.base64 still has an expired NotOnOrAfter date of 2023-10-02T05:57:16Z.

pitbulk commented 9 months ago

Fixed at: https://github.com/SAML-Toolkits/python3-saml/commit/feb0d1d954ee4d0ad1ad1d7d536bf9e83fa9431b