Skip to content

Allow process_response and process_slo to raise is_valid exceptions #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rwlogel wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Allow process_response and process_slo to raise is_valid exceptions #393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
465ce30
Allow process_response and process_slo to raise is_valid exceptions
rwlogel Feb 8, 2024
1d0a513
Drop python 3.7 support because of incompatibility with xmlsec
rwlogel Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/python-package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ jobs:
fail-fast: false
matrix:
python-version:
- "3.7"
- "3.8"
- "3.9"
- "3.10"
Expand Down
9 changes: 4 additions & 5 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ keywords = [
"identity",
]
classifiers = [
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
Expand All @@ -32,11 +31,11 @@ classifiers = [
"Topic :: Software Development :: Libraries :: Python Modules",
]
dependencies = [
"lxml>=4.6.5,!=4.7.0",
"xmlsec>=1.3.9",
"lxml>=6.0.0",
"xmlsec>=1.3.14",
"isodate>=0.6.1",
]
requires-python = ">=3.7"
requires-python = ">=3.8"

[project.urls]
Homepage = "https://saml.info"
Expand Down Expand Up @@ -119,4 +118,4 @@ ignore_errors = true


[tool.coverage.html]
directory = "coverage_html_report"
directory = "coverage_html_report"
16 changes: 11 additions & 5 deletions src/onelogin/saml2/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,13 +111,16 @@ def store_valid_response(self, response):
self._last_response_in_response_to = response.get_in_response_to()
self._last_assertion_not_on_or_after = response.get_assertion_not_on_or_after()

def process_response(self, request_id=None):
def process_response(self, request_id=None, raise_exceptions=False):
"""
Process the SAML Response sent by the IdP.

:param request_id: Is an optional argument. Is the ID of the AuthNRequest sent by this SP to the IdP.
:type request_id: string

:param raise_exceptions: Whether to return raise an exception during is_valid check
:type raise_exceptions: Boolean

:raises: OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found
"""
self._errors = []
Expand All @@ -128,7 +131,7 @@ def process_response(self, request_id=None):
response = self.response_class(self._settings, self._request_data["post_data"]["SAMLResponse"])
self._last_response = response.get_xml_document()

if response.is_valid(self._request_data, request_id):
if response.is_valid(self._request_data, request_id, raise_exceptions=raise_exceptions):
self.store_valid_response(response)
else:
self._errors.append("invalid_response")
Expand All @@ -138,7 +141,7 @@ def process_response(self, request_id=None):
self._errors.append("invalid_binding")
raise OneLogin_Saml2_Error("SAML Response not found, Only supported HTTP_POST Binding", OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND)

def process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None):
def process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None, raise_exceptions=False):
"""
Process the SAML Logout Response / Logout Request sent by the IdP.

Expand All @@ -148,6 +151,9 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
:param request_id: The ID of the LogoutRequest sent by this SP to the IdP
:type request_id: string

:param raise_exceptions: Whether to return raise an exception during is_valid check
:type raise_exceptions: Boolean

:returns: Redirection url
"""
self._errors = []
Expand All @@ -160,7 +166,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
if not self.validate_response_signature(get_data):
self._errors.append("invalid_logout_response_signature")
self._errors.append("Signature validation failed. Logout Response rejected")
elif not logout_response.is_valid(self._request_data, request_id):
elif not logout_response.is_valid(self._request_data, request_id, raise_exceptions=raise_exceptions):
self._errors.append("invalid_logout_response")
elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS:
self._errors.append("logout_not_success")
Expand All @@ -175,7 +181,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
if not self.validate_request_signature(get_data):
self._errors.append("invalid_logout_request_signature")
self._errors.append("Signature validation failed. Logout Request rejected")
elif not logout_request.is_valid(self._request_data):
elif not logout_request.is_valid(self._request_data, raise_exceptions=raise_exceptions):
self._errors.append("invalid_logout_request")
else:
if not keep_local_session:
Expand Down
Loading