Add get_last_message_id and get_last_assertion_id

jborg · jborg · commit 6e178d335d62 · 2017-09-01T13:31:14.000+02:00
I tried to follow the pattern used in php-saml
diff --git a/src/onelogin/saml2/auth.py b/src/onelogin/saml2/auth.py
@@ -61,6 +61,8 @@ def __init__(self, request_data, old_settings=None, custom_base_path=None):
         self.__errors = []
         self.__error_reason = None
         self.__last_request_id = None
+        self.__last_message_id = None
+        self.__last_assertion_id = None
         self.__last_request = None
         self.__last_response = None
 
@@ -104,6 +106,8 @@ def process_response(self, request_id=None):
                 self.__nameid_format = response.get_nameid_format()
                 self.__session_index = response.get_session_index()
                 self.__session_expiration = response.get_session_not_on_or_after()
+                self.__last_message_id = response.get_id()
+                self.__last_assertion_id = response.get_assertion_id()
                 self.__authenticated = True
 
             else:
@@ -143,8 +147,10 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
                 self.__error_reason = logout_response.get_error()
             elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS:
                 self.__errors.append('logout_not_success')
-            elif not keep_local_session:
-                OneLogin_Saml2_Utils.delete_local_session(delete_session_cb)
+            else:
+                self.__last_message_id = logout_response.id
+                if not keep_local_session:
+                    OneLogin_Saml2_Utils.delete_local_session(delete_session_cb)
 
         elif get_data and 'SAMLRequest' in get_data:
             logout_request = OneLogin_Saml2_Logout_Request(self.__settings, get_data['SAMLRequest'])
@@ -160,6 +166,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
                     OneLogin_Saml2_Utils.delete_local_session(delete_session_cb)
 
                 in_response_to = logout_request.id
+                self.__last_message_id = logout_request.id
                 response_builder = OneLogin_Saml2_Logout_Response(self.__settings)
                 response_builder.build(in_response_to)
                 self.__last_response = response_builder.get_xml()
@@ -286,6 +293,20 @@ def get_last_request_id(self):
         """
         return self.__last_request_id
 
+    def get_last_message_id(self):
+        """
+        :returns: The ID of the last Response SAML message processed.
+        :rtype: string
+        """
+        return self.__last_message_id
+
+    def get_last_assertion_id(self):
+        """
+        :returns: The ID of the last assertion processed.
+        :rtype: string
+        """
+        return self.__last_assertion_id
+
     def login(self, return_to=None, force_authn=False, is_passive=False, set_nameid_policy=True):
         """
         Initiates the SSO process.
diff --git a/src/onelogin/saml2/logout_response.py b/src/onelogin/saml2/logout_response.py
@@ -35,10 +35,12 @@ def __init__(self, settings, response=None):
         """
         self.__settings = settings
         self.__error = None
+        self.id = None
 
         if response is not None:
             self.__logout_response = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(response))
             self.document = OneLogin_Saml2_XML.to_etree(self.__logout_response)
+            self.id = self.document.get('ID', None)
 
     def get_issuer(self):
         """
diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
@@ -786,3 +786,22 @@ def get_xml_document(self):
             return self.decrypted_document
         else:
             return self.document
+
+    def get_id(self):
+        """
+        :returns: the ID of the response
+        :rtype: string
+        """
+        return self.document.get('ID', None)
+
+    def get_assertion_id(self):
+        """
+        :returns: the ID of the assertion in the response
+        :rtype: string
+        """
+        if not self.validate_num_assertions():
+            raise OneLogin_Saml2_ValidationError(
+                'SAML Response must contain 1 assertion',
+                OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_ASSERTIONS
+            )
+        return self.__query_assertion('')[0].get('ID', None)
diff --git a/tests/src/OneLogin/saml2_tests/auth_test.py b/tests/src/OneLogin/saml2_tests/auth_test.py
@@ -1259,3 +1259,46 @@ def testGetLastLogoutResponse(self):
         auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings)
         auth.process_slo()
         self.assertEqual(response, auth.get_last_response_xml())
+
+    def testGetLastMessageAndAssertionId(self):
+        """
+        Tests the get_last_message_id and get_last_assertion_id of the OneLogin_Saml2_Auth class
+        Case Valid Response
+        """
+        request_data = self.get_request()
+        message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64'))
+        del request_data['get_data']
+        request_data['post_data'] = {
+            'SAMLResponse': message
+        }
+        auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON())
+
+        auth.process_response()
+        self.assertEqual(auth.get_last_message_id(), 'pfxcc31568b-c46d-ff75-ba2e-5303484980da')
+        self.assertEqual(auth.get_last_assertion_id(), 'pfx08c2a6bb-7ee4-8dc2-8fe2-f055eed93de4')
+
+    def testGetIdFromLogoutRequest(self):
+        """
+        Tests the get_last_message_id of the OneLogin_Saml2_Auth class
+        Case Valid Logout request
+        """
+        settings = self.loadSettingsJSON()
+        request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml'))
+        message = OneLogin_Saml2_Utils.deflate_and_base64_encode(request)
+        message_wrapper = {'get_data': {'SAMLRequest': message}}
+        auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings)
+        auth.process_slo()
+        self.assertIn(auth.get_last_message_id(), 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e')
+
+    def testGetIdFromLogoutResponse(self):
+        """
+        Tests the get_last_message_id of the OneLogin_Saml2_Auth class
+        Case Valid Logout response
+        """
+        settings = self.loadSettingsJSON()
+        response = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response.xml'))
+        message = OneLogin_Saml2_Utils.deflate_and_base64_encode(response)
+        message_wrapper = {'get_data': {'SAMLResponse': message}}
+        auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings)
+        auth.process_slo()
+        self.assertIn(auth.get_last_message_id(), '_f9ee61bd9dbf63606faa9ae3b10548d5b3656fb859')
