Add tests

.gitignore

@@ -0,0 +1,134 @@
+# Created by https://www.gitignore.io/api/macos,python
+
+### macOS ###
+*.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule.*
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+
+
+# End of https://www.gitignore.io/api/macos,python

LICENSE

@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2015, Kristian Oellegaard
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

saml_service_provider/tests/test_auth_backend.py

@@ -0,0 +1,62 @@
+from django.contrib.auth.models import User
+import mock
+
+from saml_service_provider.auth_backend import SAMLServiceProviderBackend
+from saml_service_provider.tests.utils import SamlServiceProviderTestCase
+
+
+class SAMLServiceProviderBackendTestCase(SamlServiceProviderTestCase):
+
+    NEW_USER_USERNAME = 'jdoe'
+    NEW_USER_FIRST_NAME = 'John'
+    NEW_USER_LAST_NAME = 'Doe'
+
+    @classmethod
+    def setUpTestData(cls):
+        super(SAMLServiceProviderBackendTestCase, cls).setUpTestData()
+        cls.auth_backend = SAMLServiceProviderBackend()
+
+    def testNoAuthenticationMeansDifferentBackend(self):
+        self.assertIsNone(self.auth_backend.authenticate())
+
+    def testNoUserIsReturnedIfNoneIsAuthenticated(self):
+        saml_authentication = mock.Mock(is_authenticated=lambda: False)
+        self.assertIsNone(self.auth_backend.authenticate(saml_authentication))
+
+    def testExistingUserIsAuthenticated(self):
+        # Authenticate with the SAMLServiceProvider backend
+        saml_authentication = mock.Mock(is_authenticated=lambda: True, get_nameid=lambda: self.USER_USERNAME)
+        user = self.auth_backend.authenticate(saml_authentication)
+
+        # Verify that the user authenticated is the existing user
+        self.assertEquals(user, User.objects.get(username=self.USER_USERNAME))
+
+    def testNewUserIsCreatedAndAuthenticated(self):
+        # Count the number of users
+        num_users = User.objects.count()
+
+        # Authenticate with the SAMLServiceProvider backend
+        saml_authentication = mock.Mock(
+            is_authenticated=lambda: True,
+            get_attributes=lambda: {'First name': [self.NEW_USER_FIRST_NAME], 'Last name': [self.NEW_USER_LAST_NAME]},
+            get_nameid=lambda: self.NEW_USER_USERNAME
+        )
+        user = self.auth_backend.authenticate(saml_authentication)
+
+        # Verify that the user authenticated is the new user
+        self.assertEquals(user, User.objects.get(username=self.NEW_USER_USERNAME))
+
+        # Verify that the user has the first and last name attributes set
+        self.assertEquals(user.first_name, self.NEW_USER_FIRST_NAME)
+        self.assertEquals(user.last_name, self.NEW_USER_LAST_NAME)
+
+        # Verify that a new user was created
+        self.assertEquals(User.objects.count(), num_users + 1)
+
+    def testGetUserUsesAuthUser(self):
+        # Verify that the user is looked up by PK
+        self.assertEquals(self.auth_backend.get_user(self.user.pk), self.user)
+
+        # Verify that no user is returned when an invalid PK is provided
+        invalid_pk = User.objects.order_by('pk').last().pk + 1
+        self.assertIsNone(self.auth_backend.get_user(invalid_pk))

saml_service_provider/tests/test_settings.py

@@ -0,0 +1,31 @@
+import base64
+import hashlib
+import unittest
+
+from saml_service_provider.settings import OneloginServiceProviderSettings
+
+
+class SAMLServiceProviderSettingsTestCase(unittest.TestCase):
+
+    def testOneloginServiceProviderSettingsRequiresCertOrFingerprint(self):
+        with self.assertRaises(Exception) as e:
+            OneloginServiceProviderSettings()
+        self.assertEquals(str(e.exception), "Please provider either onelogin_x509_cert or onelogin_x509_fingerprint")
+
+    def testOneloginX509CertSetsIDPX509Cert(self):
+        x509_cert = base64.b64encode('abc123')
+        settings = OneloginServiceProviderSettings(onelogin_x509_cert=x509_cert).settings
+
+        # Verify that the IDP X509 cert matches the one provided to OneloginServiceProviderSettings
+        self.assertIn('idp', settings)
+        self.assertIn('x509cert', settings['idp'])
+        self.assertEquals(settings['idp']['x509cert'], x509_cert)
+
+    def testOneloginX509FingerprintSetsIDPX509Fingerprint(self):
+        x509_fingerprint = hashlib.sha1('abc123').hexdigest
+        settings = OneloginServiceProviderSettings(onelogin_x509_fingerprint=x509_fingerprint).settings
+
+        # Verify that the IDP X509 fingerprint matches the one provided to OneloginServiceProviderSettings
+        self.assertIn('idp', settings)
+        self.assertIn('certFingerprint', settings['idp'])
+        self.assertEquals(settings['idp']['certFingerprint'], x509_fingerprint)