X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=ipsilon%2Fproviders%2Fsaml2%2Flogout.py;h=f706c727a8627a033e1f20b9d03fcdf3bf608c46;hb=ee4d965a5d2329e9691059ddf08ab3a0a8f77330;hp=374e885bf2991c0991ac98089df19fd8e868352a;hpb=2751451f4158417e66974d6415d2da84f612ab3c;p=cascardo%2Fipsilon.git

diff --git a/ipsilon/providers/saml2/logout.py b/ipsilon/providers/saml2/logout.py
index 374e885..f706c72 100644
--- a/ipsilon/providers/saml2/logout.py
+++ b/ipsilon/providers/saml2/logout.py
@@ -28,8 +28,8 @@ class LogoutRequest(ProviderPageBase):
         deleted.
     """
 
-    def __init__(self, *args, **kwargs):
-        super(LogoutRequest, self).__init__(*args, **kwargs)
+    def __init__(self, site, provider, *args, **kwargs):
+        super(LogoutRequest, self).__init__(site, provider)
 
     def _handle_logout_request(self, us, logout, saml_sessions, message):
         self.debug('Logout request')
@@ -42,13 +42,18 @@ class LogoutRequest(ProviderPageBase):
                                                  e, message)
             self.error(msg)
             raise UnknownProvider(msg)
+        except lasso.DsInvalidSigalgError as e:
+            msg = 'Invalid SAML Request: missing or invalid signature ' \
+                  'algorithm'
+            self.error(msg)
+            raise InvalidRequest(msg)
         except (lasso.ProfileInvalidProtocolprofileError,
-                lasso.DsError), e:
+                lasso.DsError) as e:
             msg = 'Invalid SAML Request: %r (%r [%r])' % (logout.request,
                                                           e, message)
             self.error(msg)
             raise InvalidRequest(msg)
-        except lasso.Error, e:
+        except lasso.Error as e:
             self.error('SLO unknown error: %s' % message)
             raise cherrypy.HTTPError(400, 'Invalid logout request')
 
@@ -198,8 +203,9 @@ class LogoutRequest(ProviderPageBase):
 
         if response.status_code != 200:
             self.error('SOAP error (%s) (on %s)' %
-                       (response.status, logout.msgUrl))
-            raise InvalidRequest('SOAP HTTP error code', response.status_code)
+                       (response.status_code, logout.msgUrl))
+            raise InvalidRequest('SOAP HTTP error code %s' %
+                                 response.status_code)
 
         if not response.text:
             self.error('Empty SOAP response')
@@ -234,14 +240,18 @@ class LogoutRequest(ProviderPageBase):
 
         saml_sessions = self.cfg.idp.sessionfactory
 
-        if lasso.SAML2_FIELD_REQUEST in message:
-            self._handle_logout_request(us, logout, saml_sessions, message)
-        elif samlresponse:
-            self._handle_logout_response(us, logout, saml_sessions, message,
-                                         samlresponse)
-        else:
-            raise cherrypy.HTTPRedirect(400, 'Bad Request. Not a logout ' +
-                                        'request or response.')
+        try:
+            if lasso.SAML2_FIELD_REQUEST in message:
+                self._handle_logout_request(us, logout, saml_sessions,
+                                            message)
+            elif samlresponse:
+                self._handle_logout_response(us, logout, saml_sessions,
+                                             message, samlresponse)
+            else:
+                raise cherrypy.HTTPError(400, 'Bad Request. Not a ' +
+                                         'logout request or response.')
+        except InvalidRequest as e:
+            raise cherrypy.HTTPError(400, 'Bad Request. %s' % e)
 
         # Fall through to handle any remaining sessions.