sources/saml: improve error handing of invalid signatures

2020-06-23 21:49:27 +02:00 · 2020-06-23 21:49:27 +02:00 · 52f138d402
parent 491e507d49
commit 52f138d402
3 changed files with 7 additions and 2 deletions
--- a/passbook/sources/saml/forms.py
+++ b/passbook/sources/saml/forms.py
@ -16,6 +16,7 @@ class SAMLSourceForm(forms.ModelForm):
        model = SAMLSource
        fields = SOURCE_FORM_FIELDS + [
            "issuer",
+            "binding_type",
            "idp_url",
            "idp_logout_url",
            "auto_logout",
--- a/passbook/sources/saml/processors/base.py
+++ b/passbook/sources/saml/processors/base.py
@ -68,8 +68,9 @@ class Processor:

        <saml:Subject>
                <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-                            SPNameQualifier=""
-                            >email@example.com</saml:NameID>
+                            SPNameQualifier="">
+                    email@example.com
+                </saml:NameID>
        """
        assertion = self._root.find("{urn:oasis:names:tc:SAML:2.0:assertion}Assertion")
        subject = assertion.find("{urn:oasis:names:tc:SAML:2.0:assertion}Subject")
--- a/passbook/sources/saml/views.py
+++ b/passbook/sources/saml/views.py
@ -6,6 +6,7 @@ from django.utils.decorators import method_decorator
 from django.utils.http import urlencode
 from django.views import View
 from django.views.decorators.csrf import csrf_exempt
+from signxml import InvalidSignature
 from signxml.util import strip_pem_header

 from passbook.lib.views import bad_request_message
@ -71,6 +72,8 @@ class ACSView(View):
            processor.parse(request)
        except MissingSAMLResponse as exc:
            return bad_request_message(request, str(exc))
+        except InvalidSignature as exc:
+            return bad_request_message(request, str(exc))

        try:
            return processor.prepare_flow(request)