diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 35f7a82c6..9af851d8c 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -4,4 +4,3 @@ commit = True tag = True [bumpversion:file:setup.py] - diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..7890b8fa1 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,43 @@ +--- +name: Continuous Integration + +# Trigger this workflow manually, by pushing commits to any branch, or +# by filing a pull request. +on: + workflow_dispatch: + push: + pull_request: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + setup: + runs-on: ubuntu-latest + steps: + - id: cache-workdir + uses: actions/cache@v3 + with: + key: workdir-${{ github.sha }} + path: . + - if: steps.cache-workdir.outputs.cache-hit != 'true' + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-python@v4 + with: + python-version: '3.11' + cache: pip + cache-dependency-path: setup.* + - run: python -m pip install . + + lint: + needs: setup + runs-on: ubuntu-latest + steps: + - uses: actions/cache/restore@v3 + with: + key: workdir-${{ github.sha }} + path: . + - uses: pre-commit/action@v3.0.0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 000000000..688131a2c --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,12 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: check-yaml + args: ["--unsafe"] + - id: end-of-file-fixer + - id: trailing-whitespace + - repo: https://github.com/pycqa/flake8 + rev: 7.0.0 + hooks: + - id: flake8 diff --git a/LICENSE b/LICENSE index c01496582..4483409ec 100644 --- a/LICENSE +++ b/LICENSE @@ -174,4 +174,4 @@ incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. - END OF TERMS AND CONDITIONS \ No newline at end of file + END OF TERMS AND CONDITIONS diff --git a/NOTICE b/NOTICE index a8ccedfc8..37c7af0af 100644 --- a/NOTICE +++ b/NOTICE @@ -20,4 +20,4 @@ Copyright 2016 UmeƄ universitet distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file + limitations under the License. diff --git a/doc/SAML2-to-Social_logins.md b/doc/SAML2-to-Social_logins.md index 546adc229..c94d24ee9 100644 --- a/doc/SAML2-to-Social_logins.md +++ b/doc/SAML2-to-Social_logins.md @@ -4,7 +4,7 @@ 1. The metadata generation script creates a new metadata file for every identity provider 1. The service provider needs to know which identity provider it want to authenticate at. How this is decided is out of scope for this application. 1. The SAML2 mirror front could handle the dynamic endpoint URL:s generated by the metadata generation script. Based on the url the request is forwarded to the corresponding backend module -1. The backend communicates with the identity provider and receives user information +1. The backend communicates with the identity provider and receives user information 1. The response is converted to an internal representation and returned to the frontend module 1. The response is returned to the service provider @@ -22,7 +22,7 @@ be configured with a SAML2 frontend and an SAML2 backend. cp example/plugins/frontends/saml2_frontend.yaml.example saml2-social/plugins/ cp example/plugins/backends/{facebook,google}_backend.yaml.example saml2-social/plugins/ ``` - + 1. Configure the proxy: 1. Rename `proxy_conf.yaml.example` to `proxy_conf.yaml`: ```bash @@ -34,7 +34,7 @@ be configured with a SAML2 frontend and an SAML2 backend. for more information. To specify the necessary plugins make sure to include the following configuration parameter values: - ```yaml + ```yaml BACKEND_MODULES: - saml2-social/plugins/facebook_backend.yaml - saml2-social/plugins/google_backend.yaml @@ -60,8 +60,8 @@ be configured with a SAML2 frontend and an SAML2 backend. mv plugins/facebook_backend.yaml.example plugins/facebook_backend.yaml mv plugins/google_backend.yaml.example plugins/google_backend.yaml ``` - - 1. In `saml2_frontend.yaml`: Change the `module` configuration parameter to `satosa.frontends.saml2.SAMLMirrorFrontend`. + + 1. In `saml2_frontend.yaml`: Change the `module` configuration parameter to `satosa.frontends.saml2.SAMLMirrorFrontend`. 1. Specify the necessary configuration parameters, see the [Plugins](README.md#plugins) section of the proxy configuration instructions for more information. @@ -71,4 +71,3 @@ be configured with a SAML2 frontend and an SAML2 backend. # Run 1. Start the proxy application, see the [Running the proxy application](README.md#run) section of the proxy configuration instructions for more information. - diff --git a/doc/internals/authnrequ_flow.src b/doc/internals/authnrequ_flow.src index 4131581a3..9db5835b3 100644 --- a/doc/internals/authnrequ_flow.src +++ b/doc/internals/authnrequ_flow.src @@ -46,5 +46,5 @@ SAMLFrontend\n(Frontendmodule)-->-SAMLFrontend\n(Frontendmodule): SAMLFrontend\n(Frontendmodule)-->-WsgiApplication\n(SATOSABase): WsgiApplication\n(SATOSABase)-->-WsgiApplication\n(SATOSABase): WsgiApplication\n(SATOSABase)->WsgiApplication\n(SATOSABase): _save_state(Context) -WsgiApplication\n(SATOSABase)-->-WsgiApplication\n(SATOSABase): +WsgiApplication\n(SATOSABase)-->-WsgiApplication\n(SATOSABase): WsgiApplication\n(SATOSABase)-->-Gunicorn: diff --git a/doc/internals/authnresp_flow.src b/doc/internals/authnresp_flow.src index 7024102ce..dc4c4fab1 100644 --- a/doc/internals/authnresp_flow.src +++ b/doc/internals/authnresp_flow.src @@ -54,4 +54,3 @@ WsgiApplication\n(SATOSABase)->+WsgiApplication\n(SATOSABase): _save_state(Conte destroy SATOSA_STATE WsgiApplication\n(SATOSABase)-->WsgiApplication\n(SATOSABase): WsgiApplication\n(SATOSABase)-->-Gunicorn: - diff --git a/doc/internals/state.md b/doc/internals/state.md index 62f010738..478d4730e 100644 --- a/doc/internals/state.md +++ b/doc/internals/state.md @@ -22,7 +22,7 @@ If the consent is enabled, the consent module will save the following: * **CONSENT.internal_resp.auth_info.timestamp**: When the authentication was done * **CONSENT.internal_resp.auth_info.auth_class_ref**: Description of how the authentication was determined * **CONSENT.internal_resp.issuer**: Id of the identity provider -* **CONSENT.internal_resp.hash_type**: Which id type the requester is asking for (persistent/transient/...) +* **CONSENT.internal_resp.hash_type**: Which id type the requester is asking for (persistent/transient/...) * **CONSENT.internal_resp.usr_id**: The id of the authenticated user * **CONSENT.internal_resp.attr**: Contains all attributes and values given by the authentication * **CONSENT.internal_resp.usr_id_attr**: An empty list diff --git a/doc/mod_wsgi.md b/doc/mod_wsgi.md index e739028dc..95e3b7d99 100644 --- a/doc/mod_wsgi.md +++ b/doc/mod_wsgi.md @@ -187,12 +187,3 @@ ErrorDocument 500 /error.html Alias /error.html /var/www/html/error.html ``` - - - - - - - - - diff --git a/doc/oidc-to-saml2.md b/doc/oidc-to-saml2.md index 5cea7ace2..36ca0d6ac 100644 --- a/doc/oidc-to-saml2.md +++ b/doc/oidc-to-saml2.md @@ -23,7 +23,7 @@ be configured with a OpenID Connect frontend and a SAML2 backend. for more information. To specify the necessary plugins make sure to include the following configuration parameter values: - ```yaml + ```yaml BACKEND_MODULES: - "oidc-saml2/plugins/saml2_backend.yaml" FRONTEND_MODULES: @@ -53,7 +53,7 @@ be configured with a OpenID Connect frontend and a SAML2 backend. 1. Generate the SAML metadata, see the [SAML metadata](README.md#saml_metadata) section of the proxy configuration instructions for more information. Note: SAML metadata can only be generated - for the backend, so make sure to specify the option `-b`. + for the backend, so make sure to specify the option `-b`. 1. Start the proxy application, see the [Running the proxy application](README.md#run) section of the proxy configuration instructions for more information. diff --git a/doc/one-to-many.md b/doc/one-to-many.md index c9b08851f..9b2a9d887 100644 --- a/doc/one-to-many.md +++ b/doc/one-to-many.md @@ -4,8 +4,8 @@ ![](images/one-to-many_proxy_uscase.png "one-to-many proxy overview image") 1. The service provider sends a request to the proxy instance. The service provider only knows about the proxy and none of the actual identity providers. -1. The proxy redirects the user to the discovery service -1. The entity ID of the identity provider selected by the user is returned to the proxy +1. The proxy redirects the user to the discovery service +1. The entity ID of the identity provider selected by the user is returned to the proxy 1. The proxy sent authentication request and when completed the the user get redirected back to the proxy 1. The response returned from the Identity provider is returned to the Service provider @@ -13,7 +13,7 @@ ![](images/many-to-one.png "many-to-one proxy overview image") 1. Service provider sends request to proxy -1. Proxy communicates with the identity provider which normally can't talk to the service provider. +1. Proxy communicates with the identity provider which normally can't talk to the service provider. A reason for this could be that it can't handle multiple entity ID's or that they are not really compatible. 1. Response returned by the identity provider containing the user information. @@ -33,7 +33,7 @@ be configured with a SAML2 frontend and an SAML2 backend. cp example/plugins/frontends/saml2_frontend.yaml.example saml2-saml2/plugins/ cp example/plugins/backends/saml2_backend.yaml.example saml2-saml2/plugins/ ``` - + 1. Configure the proxy: 1. Rename `proxy_conf.yaml.example` to `proxy_conf.yaml`: ```bash @@ -45,7 +45,7 @@ be configured with a SAML2 frontend and an SAML2 backend. for more information. To specify the necessary plugins make sure to include the following configuration parameter values: - ```yaml + ```yaml BACKEND_MODULES: - saml2-saml2/plugins/saml2_backend.yaml FRONTEND_MODULES: diff --git a/doc/saml2-to-oidc.md b/doc/saml2-to-oidc.md index fc3e81b91..c43f89719 100644 --- a/doc/saml2-to-oidc.md +++ b/doc/saml2-to-oidc.md @@ -23,7 +23,7 @@ be configured with a SAML2 frontend and an OpenID Connect backend. for more information. To specify the necessary plugins make sure to include the following configuration parameter values: - ```yaml + ```yaml BACKEND_MODULES: - saml2-oidc/plugins/openid_backend.yaml FRONTEND_MODULES: diff --git a/example/plugins/backends/bitbucket_backend.yaml.example b/example/plugins/backends/bitbucket_backend.yaml.example index 699a17b1e..6fb1050c9 100644 --- a/example/plugins/backends/bitbucket_backend.yaml.example +++ b/example/plugins/backends/bitbucket_backend.yaml.example @@ -4,7 +4,7 @@ config: authz_page: bitbucket/auth/callback base_url: client_config: - client_id: + client_id: client_secret: scope: ["account", "email"] response_type: code @@ -27,4 +27,3 @@ config: - ["Login to a service using your BitBucket credentials", "en"] display_name: - ["BitBucket", "en"] - diff --git a/example/plugins/backends/github_backend.yaml.example b/example/plugins/backends/github_backend.yaml.example index fc9503bc1..634dd36ff 100644 --- a/example/plugins/backends/github_backend.yaml.example +++ b/example/plugins/backends/github_backend.yaml.example @@ -26,4 +26,4 @@ config: description: - ["GitHub oauth", "en"] display_name: - - ["GitHub", "en"] \ No newline at end of file + - ["GitHub", "en"] diff --git a/example/plugins/backends/idpyoidc_backend.yaml.example b/example/plugins/backends/idpyoidc_backend.yaml.example index 45d011b21..29481bde8 100644 --- a/example/plugins/backends/idpyoidc_backend.yaml.example +++ b/example/plugins/backends/idpyoidc_backend.yaml.example @@ -9,4 +9,4 @@ config: scopes_supported: ["openid", "profile", "email"] subject_type_supported: ["public"] provider_info: - issuer: !ENV SATOSA_OIDC_BACKEND_ISSUER \ No newline at end of file + issuer: !ENV SATOSA_OIDC_BACKEND_ISSUER diff --git a/example/plugins/microservices/attribute_policy.yaml.example b/example/plugins/microservices/attribute_policy.yaml.example index 3a32c78df..0fa149fa0 100644 --- a/example/plugins/microservices/attribute_policy.yaml.example +++ b/example/plugins/microservices/attribute_policy.yaml.example @@ -8,5 +8,3 @@ config: - name - givenname - surname - - diff --git a/example/plugins/microservices/attribute_processor.yaml.example b/example/plugins/microservices/attribute_processor.yaml.example index a20bb2faa..e84c8dd88 100644 --- a/example/plugins/microservices/attribute_processor.yaml.example +++ b/example/plugins/microservices/attribute_processor.yaml.example @@ -19,6 +19,5 @@ config: processors: - name: RegexSubProcessor module: satosa.micro_services.processors.regex_sub_processor - regex_sub_match_pattern: !ENV REGEX_MATCH_PATTERN - regex_sub_replace_pattern: !ENV REGEX_REPLACE_PATTERN - + regex_sub_match_pattern: !ENV REGEX_MATCH_PATTERN + regex_sub_replace_pattern: !ENV REGEX_REPLACE_PATTERN diff --git a/example/plugins/microservices/consent.yaml.example b/example/plugins/microservices/consent.yaml.example index f3e4ac038..16671abd0 100644 --- a/example/plugins/microservices/consent.yaml.example +++ b/example/plugins/microservices/consent.yaml.example @@ -3,4 +3,4 @@ name: Consent config: api_url: "https://127.0.0.1:8166" redirect_url: "https://localhost:8166/consent" - sign_key: "pki/mykey.pem" \ No newline at end of file + sign_key: "pki/mykey.pem" diff --git a/example/plugins/microservices/custom_routing_decide_by_requester.yaml.example b/example/plugins/microservices/custom_routing_decide_by_requester.yaml.example index 90aed60eb..2d0abe25d 100644 --- a/example/plugins/microservices/custom_routing_decide_by_requester.yaml.example +++ b/example/plugins/microservices/custom_routing_decide_by_requester.yaml.example @@ -4,5 +4,3 @@ config: default_backend: Saml2 requester_mapping: 'requestor-id': 'backend_custom' - - diff --git a/pull_request_template.md b/pull_request_template.md index b675bd4cd..0abcddd8f 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -6,5 +6,3 @@ * [ ] Have you written new tests for your changes? * [ ] Does your submission pass tests? * [ ] This project follows PEP8 style guide. Have you run your code against the 'flake8' linter? - - diff --git a/src/satosa/micro_services/processors/regex_sub_processor.py b/src/satosa/micro_services/processors/regex_sub_processor.py index 85b95b50a..cb786966b 100644 --- a/src/satosa/micro_services/processors/regex_sub_processor.py +++ b/src/satosa/micro_services/processors/regex_sub_processor.py @@ -8,7 +8,7 @@ logger = logging.getLogger(__name__) class RegexSubProcessor(BaseProcessor): """ - Performs a regex sub against an attribute value. + Performs a regex sub against an attribute value. Example configuration: module: satosa.micro_services.attribute_processor.AttributeProcessor name: AttributeProcessor @@ -19,20 +19,20 @@ class RegexSubProcessor(BaseProcessor): - name: RegexSubProcessor module: satosa.micro_services.custom.processors.regex_sub_processor regex_sub_match_pattern: (?<=saml-provider\/)(.*)(?=,) - regex_sub_replace_pattern: \1-Test + regex_sub_replace_pattern: \1-Test """ - + def process(self, internal_data, attribute, **kwargs): regex_sub_match_pattern = r'{}'.format(kwargs.get(CONFIG_KEY_MATCH_PATTERN, '')) if regex_sub_match_pattern == '': raise AttributeProcessorError("The regex_sub_match_pattern needs to be set") - + regex_sub_replace_pattern = r'{}'.format(kwargs.get(CONFIG_KEY_REPLACE_PATTERN, '')) if regex_sub_replace_pattern == '': raise AttributeProcessorError("The regex_sub_replace_pattern needs to be set") attributes = internal_data.attributes - + values = attributes.get(attribute, []) new_values = [] if not values: @@ -40,4 +40,4 @@ def process(self, internal_data, attribute, **kwargs): for value in values: new_values.append(re.sub(r'{}'.format(regex_sub_match_pattern), r'{}'.format(regex_sub_replace_pattern), value)) logger.debug('regex_sub new_values: {}'.format(new_values)) - attributes[attribute] = new_values \ No newline at end of file + attributes[attribute] = new_values diff --git a/src/satosa/micro_services/processors/scope_remover_processor.py b/src/satosa/micro_services/processors/scope_remover_processor.py index 82073b5b8..6cf878365 100644 --- a/src/satosa/micro_services/processors/scope_remover_processor.py +++ b/src/satosa/micro_services/processors/scope_remover_processor.py @@ -3,8 +3,8 @@ class ScopeRemoverProcessor(BaseProcessor): """ - Removes the scope from all values of a given attribute - + Removes the scope from all values of a given attribute + """ def process(self, internal_data, attribute, **kwargs): attributes = internal_data.attributes diff --git a/tests/satosa/backends/test_idpy_oidc.py b/tests/satosa/backends/test_idpy_oidc.py index 95e8b427c..373f59365 100644 --- a/tests/satosa/backends/test_idpy_oidc.py +++ b/tests/satosa/backends/test_idpy_oidc.py @@ -232,4 +232,3 @@ def test_start_auth_redirects_to_provider_authorization_endpoint(self, context): assert auth_params["redirect_uri"] == _client.context.claims.get_usage("redirect_uris")[0] assert "state" in auth_params assert "nonce" in auth_params - diff --git a/tests/test_resources/auth_response_with_encrypted_signed_assertion.xml b/tests/test_resources/auth_response_with_encrypted_signed_assertion.xml index 2514b3b9c..6327b2fb6 100644 --- a/tests/test_resources/auth_response_with_encrypted_signed_assertion.xml +++ b/tests/test_resources/auth_response_with_encrypted_signed_assertion.xml @@ -63,4 +63,4 @@ - \ No newline at end of file + diff --git a/tests/test_resources/cookie_state_name b/tests/test_resources/cookie_state_name index 84bb814b8..dd5b622b7 100644 --- a/tests/test_resources/cookie_state_name +++ b/tests/test_resources/cookie_state_name @@ -1 +1 @@ -chocolate_chip \ No newline at end of file +chocolate_chip diff --git a/tests/test_resources/encryption_key.pem b/tests/test_resources/encryption_key.pem index ca0ee8439..ffa09b870 100644 --- a/tests/test_resources/encryption_key.pem +++ b/tests/test_resources/encryption_key.pem @@ -25,4 +25,4 @@ X2L+U86ag8SLVBxIokYlr9xtaXw+y2rpM5gETD4ZAoGBALCFeB5zy3berEN3+dfz /T5XVzgw1GOas0Wwol3vTXT/6J/phMcvW3c4idKa0a7j2CtYVYOSC+ViAbwKcHf7 pFof5ecbwwGXoG+Ri0IM/2oD+QTwQHXWDvELFMrA9NV6BWeFnsCIEGW2KZWcoGJo aZkruIcaav539JB4Co2tWaVp ------END PRIVATE KEY----- \ No newline at end of file +-----END PRIVATE KEY----- diff --git a/tests/test_resources/idp_metadata_for_encrypted_signed_auth_response.xml b/tests/test_resources/idp_metadata_for_encrypted_signed_auth_response.xml index ecae34a26..24d1e8dc8 100644 --- a/tests/test_resources/idp_metadata_for_encrypted_signed_auth_response.xml +++ b/tests/test_resources/idp_metadata_for_encrypted_signed_auth_response.xml @@ -29,4 +29,4 @@ - \ No newline at end of file +