spulec / moto / 7298 / 4
95%
master: 95%

DEFAULT BRANCH: master
Ran
Files 422
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 55.387% (-0.007%) from 55.394%
TEST_SERVER_MODE=true

push

travis-ci

web-flow 
Fix saml-assertion parsing in assume-role-with-saml (#3523)

* Retrieve SAML Attribute by Name instead of relying on order which is too fragile

* Handle case when SAML Attribute SessionDuration is not provided, as it is not a required attribute from SAML response

When session duration not provided, AWS consider by default a duration of one hour as cited in the following documentation:
"If this attribute is not present, then the credential last for one hour (the default value of the DurationSeconds parameter of the AssumeRoleWithSAML API)."
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html#saml_role-session-duration

Traceback was:
[...]
  File "/Users/benjamin.brabant/Projects/PERSO/moto/moto/sts/responses.py", line 79, in assume_role_with_saml
    role = sts_backend.assume_role_with_saml(
  File "/Users/benjamin.brabant/Projects/PERSO/moto/moto/sts/models.py", line 99, in assume_role_with_saml
    role = AssumedRole(**kwargs)
TypeError: __init__() missing 1 required positional argument: 'duration'

* Process saml xml namespaces properly instead of relying on textual prefix that can vary between identity providers

* Handle when SAML response AttributeValue xml tag contains attributes that force xmltodict to build a dictionary as for complex types instead of directly returning string value

Leverage force_cdata option of xmltodict parser that always return a complex dictionary even if xml tag contains only text and no attributes.

* Improve existing test_assume_role_with_saml to be coherent with other assume_role_with_saml tests and remove dead code at the same time

25120 of 45354 relevant lines covered (55.39%)

0.55 hits per line

Source Files on job 7298.4 (TEST_SERVER_MODE=true)