From a50db00c7618ec96e5540f2b55ee4f6dda050030 Mon Sep 17 00:00:00 2001 From: peppelinux Date: Sat, 20 Mar 2021 22:55:40 +0100 Subject: [PATCH 1/2] fix: Destination missing or unvalued. Fixes: https://github.com/IdentityPython/pysaml2/issues/770 --- src/saml2/response.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/saml2/response.py b/src/saml2/response.py index 26963a04e..b70751f91 100644 --- a/src/saml2/response.py +++ b/src/saml2/response.py @@ -408,12 +408,16 @@ def _verify(self): else: raise RequestVersionTooHigh() + destination = self.response.destination if self.asynchop: + # Destination must be present if ( - self.response.destination - and self.response.destination not in self.return_addrs + not destination + or destination not in self.return_addrs ): - logger.error("%s not in %s", self.response.destination, self.return_addrs) + logger.error( + f"{destination} not in {self.return_addrs}" + ) return None valid = self.issue_instant_ok() and self.status_ok() @@ -1116,7 +1120,7 @@ def session_info(self): raise StatusInvalidAuthnResponseStatement( "The Authn Response Statement is not valid" ) - + def __str__(self): return self.xmlstr From b757975cbde3a8e0271ea72a7b70b180c8a23daa Mon Sep 17 00:00:00 2001 From: peppelinux Date: Sun, 13 Jun 2021 09:30:37 +0200 Subject: [PATCH 2/2] fix: Destination must be validated only if present --- src/saml2/response.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/saml2/response.py b/src/saml2/response.py index b70751f91..a9978461a 100644 --- a/src/saml2/response.py +++ b/src/saml2/response.py @@ -409,12 +409,9 @@ def _verify(self): raise RequestVersionTooHigh() destination = self.response.destination - if self.asynchop: + if self.asynchop and destination: # Destination must be present - if ( - not destination - or destination not in self.return_addrs - ): + if destination not in self.return_addrs: logger.error( f"{destination} not in {self.return_addrs}" )