Merge pull request SAML-Toolkits#288 from mateuszmandera/responsecodes

pitbulk · web-flow · commit a4f896d86fc0 · 2022-01-11T15:21:07.000+01:00
Support building a LogoutResponse with non-success status
diff --git a/src/onelogin/saml2/logout_response.py b/src/onelogin/saml2/logout_response.py
@@ -10,6 +10,7 @@
 """
 
 from onelogin.saml2 import compat
+from onelogin.saml2.constants import OneLogin_Saml2_Constants
 from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_ValidationError
 from onelogin.saml2.xml_templates import OneLogin_Saml2_Templates
 from onelogin.saml2.xml_utils import OneLogin_Saml2_XML
@@ -152,27 +153,28 @@ def _query(self, query):
         """
         return OneLogin_Saml2_XML.query(self.document, query)
 
-    def build(self, in_response_to):
+    def build(self, in_response_to, status=OneLogin_Saml2_Constants.STATUS_SUCCESS):
         """
         Creates a Logout Response object.
         :param in_response_to: InResponseTo value for the Logout Response.
         :type in_response_to: string
+        :param: status: The status of the response
+        :type: status: string
         """
         sp_data = self._settings.get_sp_data()
 
         self.id = self._generate_request_id()
 
         issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now())
 
-        logout_response = OneLogin_Saml2_Templates.LOGOUT_RESPONSE % \
-            {
-                'id': self.id,
-                'issue_instant': issue_instant,
-                'destination': self._settings.get_idp_slo_response_url(),
-                'in_response_to': in_response_to,
-                'entity_id': sp_data['entityId'],
-                'status': "urn:oasis:names:tc:SAML:2.0:status:Success"
-            }
+        logout_response = OneLogin_Saml2_Templates.LOGOUT_RESPONSE % {
+            "id": self.id,
+            "issue_instant": issue_instant,
+            "destination": self._settings.get_idp_slo_response_url(),
+            "in_response_to": in_response_to,
+            "entity_id": sp_data["entityId"],
+            "status": status,
+        }
 
         self._logout_response = logout_response
 
diff --git a/tests/src/OneLogin/saml2_tests/logout_response_test.py b/tests/src/OneLogin/saml2_tests/logout_response_test.py
@@ -401,3 +401,23 @@ def testGetXML(self):
 
         logout_response_processed = OneLogin_Saml2_Logout_Response(settings, OneLogin_Saml2_Utils.deflate_and_base64_encode(response))
         self.assertEqual(response, logout_response_processed.get_xml())
+
+    def testBuildWithStatus(self):
+        """
+        Tests the build method when called specifying a non-default status for the LogoutResponse.
+        """
+        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
+
+        response_builder = OneLogin_Saml2_Logout_Response(settings)
+        response_builder.build("InResponseValue", status=OneLogin_Saml2_Constants.STATUS_REQUESTER)
+        generated_encoded_response = response_builder.get_response()
+
+        # Parse and verify the status of the response, as the receiver will do:
+        parsed_response = OneLogin_Saml2_Logout_Response(settings, generated_encoded_response)
+        expectedFragment = (
+            '    <samlp:Status>\n'
+            '        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" />\n'
+            '    </samlp:Status>\n'
+        )
+        self.assertIn(expectedFragment, parsed_response.get_xml())
+        self.assertEqual(parsed_response.get_status(), OneLogin_Saml2_Constants.STATUS_REQUESTER)
