providers/saml: fix leftover data in session, fix IdP initiated login

move can_handle calls to binding endpoints (/login/ and /login/initiate/), so that /login/authorize/ works either way, can clean up the session and audit
2020-02-24 17:34:52 +01:00
parent f1f4cbef9b
commit a5bfef9b6b
3 changed files with 97 additions and 86 deletions
--- a/passbook/providers/saml/processors/base.py
+++ b/passbook/providers/saml/processors/base.py
@ -184,7 +184,7 @@ class Processor:
        try:
            self._extract_saml_request()
        except KeyError:
-            raise CannotHandleAssertion(f"Couldn't find SAML request in user session:")
+            raise CannotHandleAssertion(f"Couldn't find SAML request in user session")

        try:
            self._decode_and_parse_request()