Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for finding nested input elements in SAML HTML form #100

Merged
merged 1 commit into from Sep 9, 2021
Merged

Fix for finding nested input elements in SAML HTML form #100

merged 1 commit into from Sep 9, 2021

Conversation

aritgithub
Copy link
Contributor

@aritgithub aritgithub commented Sep 9, 2021
edited

Example of not retrieved input elements wrapped in a div element:

<form action="https://goolex.okta.com/app/goolex_a1_1/exk1hi6xl2jFdGu7A669/sso/saml" method="post">
    <div>
        <input type="hidden" name="SAMLRequest" value="PD9..."/>
        <input type="hidden" name="RelayState" value="RS1"/>
    </div>
    <noscript>
        <div>
            <input type="submit" value="Continue"/>
        </div>
    </noscript>
</form>

@aritgithub
Fix for finding nested input elements in SAML HTML form
36cf505 
Example of not retrieved input elements wrapped in a div element:

...
<form action="https://goolex.okta.com/app/goolex_a1_1/exk1hi6xl2jFdGu7A669/sso/saml" method="post">
    <div>
        <input type="hidden" name="SAMLRequest" value="PD9..."/>
        <input type="hidden" name="RelayState" value="RS1"/>
    </div>
    <noscript>
        <div>
            <input type="submit" value="Continue"/>
        </div>
    </noscript>
</form>
...
@peppelinux
Copy link
Member

ciao @aritgithub
is this PR improving the project, is this a bug fix or a special behaviour that's needed only in some cases?

@aritgithub
Copy link
Contributor Author

Some frameworks generate the SAML html form with the input elements wrapped in other elements, like div, and this misleads the SAMLRequest validation procedure (spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest).
With this fix the procedure is more generic and should correctly retrieve form input data values in all circumstances.

<form>
  <input .../>
  <input .../>
</form>

and

<form>
  <div>
    <input .../>
    <input .../>
  </div>
</form>

@aritgithub
Copy link
Contributor Author

The error appears at line 48 of authn_request.py module where try to retrieve a nonexistent reference:
data["SAMLRequest"] = form_dict["SAMLRequest"]

@peppelinux peppelinux merged commit ec3be6e into italia:main Sep 9, 2021
@peppelinux
Copy link
Member

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aritgithub @peppelinux