Make python3-saml an extra dependency.

Author: jeffFranklin

.gitignore

@@ -1,2 +1,7 @@
 venv
 .vscode
+*.egg-info
+.eggs
+__pycache__
+dist
+.coverage

README.md

@@ -13,9 +13,15 @@ package, also consider
 ## Installation
 
 ```bash
-pip install uw-saml
+pip install uw-saml[python3-saml]
 ```
 
+The extra `[python3-saml]` is because the SAML package can be cumbersome to
+install in a workstation environment, on account of needing the libxmlsec1-dev
+library. Therefore, it's an optional requirement, causing a runtime error
+instead of an install-time error. Alternatively, you can use a mock
+interface by setting `uw_saml2.python3_saml.MOCK = True`.
+
 ## Example login endpoint using flask
 
 In this example you've gone to

setup.py

@@ -9,6 +9,10 @@
 with open(os.path.join(BASE_DIR, 'README.md')) as f:
     LONG_DESCRIPTION = f.read()
 
+saml_requires = ['python3-saml']
+tests_require = saml_requires + ['pytest', 'pytest-cov', 'mock', 'pycodestyle']
+
+
 setup(name='uw-saml',
       version=VERSION,
       url='https://github.com/UWIT-IAM/uw-saml-python',
@@ -20,6 +24,5 @@
       license='Apache License, Version 2.0',
       packages=find_packages(),
       include_package_data=True,
-      install_requires=['python3-saml'],
-      extras_require={'test': ['pytest', 'pytest-cov', 'mock', 'pycodestyle']}
+      extras_require={'python3-saml': saml_requires, 'test': tests_require}
       )

tests/test_mock.py

@@ -0,0 +1,25 @@
+import pytest
+import uw_saml2
+
+
+@pytest.fixture(autouse=True)
+def flick_mock_flag(monkeypatch):
+    monkeypatch.setattr('uw_saml2.python3_saml.MOCK', True)
+
+
+def test_login_redirect():
+    expected = ('mock-login?return_to=%2F&force_authn=False'
+                '&idp=urn%3Amace%3Aincommon%3Awashington.edu')
+    assert uw_saml2.login_redirect() == expected
+
+
+def test_process_response():
+    post = {'idp': 'urn:mace:incommon:washington.edu', 'foo': 'bar'}
+    expected = {'two_factor': False, **post}
+    assert uw_saml2.process_response(post) == expected
+
+
+def test_process_respose_error():
+    post = {'idp': 'badidp', 'foo': 'bar'}
+    with pytest.raises(uw_saml2.SamlResponseError):
+        uw_saml2.process_response(post)

uw_saml2/__init__.py

@@ -1 +1 @@
-from .auth import login_redirect, process_response
+from .auth import login_redirect, process_response, SamlResponseError

uw_saml2/auth.py

@@ -1,5 +1,5 @@
 """UW-specific adapter for the python3-saml package."""
-from onelogin.saml2.auth import OneLogin_Saml2_Auth
+from .python3_saml import get_saml_authenticator
 from .idp.uw import UwIdp
 from .sp import Config, TWO_FACTOR_CONTEXT
 from .idp import attribute
@@ -28,7 +28,7 @@ def login_redirect(entity_id=None, acs_url=None, return_to='/',
     """
     sp = Config(entity_id, acs_url)
     config = sp.config(idp, two_factor=two_factor)
-    auth = OneLogin_Saml2_Auth(sp.request(), old_settings=config)
+    auth = get_saml_authenticator(sp.request(), old_settings=config)
     return auth.login(return_to=return_to, force_authn=force_authn)
 
 
@@ -50,7 +50,7 @@ def process_response(post, entity_id=None, acs_url=None, idp=UwIdp,
     """
     sp = Config(entity_id, acs_url)
     config = sp.config(idp, two_factor=two_factor)
-    auth = OneLogin_Saml2_Auth(sp.request(post), old_settings=config)
+    auth = get_saml_authenticator(sp.request(post), old_settings=config)
     auth.process_response()
     errors = auth.get_errors()
     if errors:

uw_saml2/mock.py

@@ -0,0 +1,33 @@
+import urllib.parse
+
+
+class SamlAuthenticator:
+    def __init__(self, request, old_settings, *args, **kwargs):
+        self.request = request
+        self.idp = old_settings['idp']['entityId']
+        self.errors = []
+
+    def login(self, **kwargs):
+        kwargs['idp'] = self.idp
+        qs = urllib.parse.urlencode(kwargs)
+        return f'mock-login?{qs}'
+
+    def process_response(self):
+        idp = self.request['post_data'].get('idp')
+        if idp != self.idp:
+            self.errors.append(f'idp mismatch {idp} != {self.idp}')
+        return
+
+    def get_attributes(self):
+        """Just reflect what's posted right back."""
+        items = self.request['post_data'].items()
+        return dict((key, [value]) for key, value in items)
+
+    def get_errors(self):
+        return self.errors
+
+    def get_last_error_reason(self):
+        return self.errors[0]
+
+    def get_last_authn_contexts(self):
+        return []

uw_saml2/python3_saml.py

@@ -0,0 +1,10 @@
+MOCK = False
+
+
+def get_saml_authenticator(*args, **kwargs):
+    if MOCK:
+        from . import mock
+        return mock.SamlAuthenticator(*args, **kwargs)
+    else:
+        from onelogin.saml2.auth import OneLogin_Saml2_Auth
+        return OneLogin_Saml2_Auth(*args, **kwargs)