Added exception for responses that are not possible to unravel :-)

mlepine · Apr 23, 2013 · 9ae4d68 · 9ae4d68
1 parent 8326f5e
commit 9ae4d68
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 12 deletions.
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
@@ -42,7 +42,7 @@
     # Compatibility with Python <= 2.5
     from cgi import parse_qs
 
-from saml2.s_utils import signature
+from saml2.s_utils import signature, UnravelError
 from saml2.s_utils import do_attributes
 
 from saml2 import samlp, BINDING_SOAP
@@ -496,7 +496,7 @@ def parse_authn_request_response(self, xmlstr, binding, outstanding=None):
         :param outstanding: A dictionary with session IDs as keys and
             the original web request from the user before redirection
             as values.
-        :return: An response.AuthnResponse
+        :return: An response.AuthnResponse or None
         """
 
         try:
@@ -518,6 +518,8 @@ def parse_authn_request_response(self, xmlstr, binding, outstanding=None):
             except StatusError, err:
                 logger.error("SAML status error: %s" % err)
                 raise
+            except UnravelError:
+                return None
             except Exception, exc:
                 logger.error("%s" % exc)
                 raise

diff --git a/src/saml2/entity.py b/src/saml2/entity.py
@@ -23,6 +23,7 @@
 from saml2.response import LogoutResponse
 from saml2.time_util import instant
 from saml2.s_utils import sid
+from saml2.s_utils import UnravelError
 from saml2.s_utils import error_status_factory
 from saml2.s_utils import rndstr
 from saml2.s_utils import success_status_factory
@@ -287,17 +288,22 @@ def response_args(self, message, bindings=None, descr_type=""):
 
     def unravel(self, txt, binding, msgtype="response"):
         #logger.debug("unravel '%s'" % txt)
-        if binding == BINDING_HTTP_REDIRECT:
-            xmlstr = decode_base64_and_inflate(txt)
-        elif binding == BINDING_HTTP_POST:
-            xmlstr = base64.b64decode(txt)
-        elif binding == BINDING_SOAP:
-            func = getattr(soap, "parse_soap_enveloped_saml_%s" % msgtype)
-            xmlstr = func(txt)
-        elif binding == BINDING_URI or binding is None:
-            xmlstr = txt
-        else:
+        if binding not in [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST,
+                           BINDING_SOAP, BINDING_URI, None]:
             raise ValueError("Don't know how to handle '%s'" % binding)
+        else:
+            try:
+                if binding == BINDING_HTTP_REDIRECT:
+                    xmlstr = decode_base64_and_inflate(txt)
+                elif binding == BINDING_HTTP_POST:
+                    xmlstr = base64.b64decode(txt)
+                elif binding == BINDING_SOAP:
+                    func = getattr(soap, "parse_soap_enveloped_saml_%s" % msgtype)
+                    xmlstr = func(txt)
+                else:
+                    xmlstr = txt
+            except Exception:
+                raise UnravelError()
 
         return xmlstr
 
@@ -780,6 +786,8 @@ def _parse_response(self, xmlstr, response_cls, service, binding, **kwargs):
                 raise
 
             xmlstr = self.unravel(xmlstr, binding, response_cls.msgtype)
+            if not xmlstr:  # Not a valid reponse
+                return None
 
             logger.debug("XMLSTR: %s" % xmlstr)
 

diff --git a/src/saml2/s_utils.py b/src/saml2/s_utils.py
@@ -76,6 +76,10 @@ class BadRequest(Exception):
     pass
 
 
+class UnravelError(Exception):
+    pass
+
+
 EXCEPTION2STATUS = {
     VersionMismatch: samlp.STATUS_VERSION_MISMATCH,
     UnknownPrincipal: samlp.STATUS_UNKNOWN_PRINCIPAL,