Check code style using pre-commit and flake8

.bumpversion.cfg

@@ -4,4 +4,3 @@ commit = True
 tag = True
 
 [bumpversion:file:setup.py]
-

.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+---
+name: Continuous Integration
+
+# Trigger this workflow manually, by pushing commits to any branch, or
+# by filing a pull request.
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    steps:
+      - id: cache-workdir
+        uses: actions/cache@v3
+        with:
+          key: workdir-${{ github.sha }}
+          path: .
+      - if: steps.cache-workdir.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+          cache: pip
+          cache-dependency-path: setup.*
+      - run: python -m pip install .
+
+  lint:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/cache/restore@v3
+        with:
+          key: workdir-${{ github.sha }}
+          path: .
+      - uses: pre-commit/[email protected]

.pre-commit-config.yaml

@@ -0,0 +1,12 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: check-yaml
+        args: ["--unsafe"]
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  - repo: https://github.com/pycqa/flake8
+    rev: 7.0.0
+    hooks:
+      - id: flake8

LICENSE

@@ -174,4 +174,4 @@
       incurred by, or claims asserted against, such Contributor by reason
       of your accepting any such warranty or additional liability.
 
-   END OF TERMS AND CONDITIONS
+   END OF TERMS AND CONDITIONS

NOTICE

@@ -20,4 +20,4 @@ Copyright 2016 Umeå universitet
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

doc/SAML2-to-Social_logins.md

@@ -4,7 +4,7 @@
 1. The metadata generation script creates a new metadata file for every identity provider
 1. The service provider needs to know which identity provider it want to authenticate at. How this is decided is out of scope for this application.
 1. The SAML2 mirror front could handle the dynamic endpoint URL:s generated by the metadata generation script. Based on the url the request is forwarded to the corresponding backend module
-1. The backend communicates with the identity provider and receives user information  
+1. The backend communicates with the identity provider and receives user information
 1. The response is converted to an internal representation and returned to the frontend module
 1. The response is returned to the service provider
 
@@ -22,7 +22,7 @@ be configured with a SAML2 frontend and an SAML2 backend.
    cp example/plugins/frontends/saml2_frontend.yaml.example saml2-social/plugins/
    cp example/plugins/backends/{facebook,google}_backend.yaml.example saml2-social/plugins/
    ```
-   
+
 1. Configure the proxy:
   1. Rename `proxy_conf.yaml.example` to `proxy_conf.yaml`:
      ```bash
@@ -34,7 +34,7 @@ be configured with a SAML2 frontend and an SAML2 backend.
      for more information.
      To specify the necessary plugins make sure to include the following
      configuration parameter values:
-     ```yaml  
+     ```yaml
      BACKEND_MODULES:
        - saml2-social/plugins/facebook_backend.yaml
        - saml2-social/plugins/google_backend.yaml
@@ -60,8 +60,8 @@ be configured with a SAML2 frontend and an SAML2 backend.
      mv plugins/facebook_backend.yaml.example plugins/facebook_backend.yaml
      mv plugins/google_backend.yaml.example plugins/google_backend.yaml
      ```
-    
-  1. In `saml2_frontend.yaml`: Change the `module` configuration parameter to `satosa.frontends.saml2.SAMLMirrorFrontend`. 
+
+  1. In `saml2_frontend.yaml`: Change the `module` configuration parameter to `satosa.frontends.saml2.SAMLMirrorFrontend`.
   1. Specify the necessary configuration parameters, see the [Plugins](README.md#plugins) section
      of the proxy configuration instructions for more information.
 
@@ -71,4 +71,3 @@ be configured with a SAML2 frontend and an SAML2 backend.
 # Run
 1. Start the proxy application, see the [Running the proxy application](README.md#run) section of
    the proxy configuration instructions for more information.
-

doc/internals/authnrequ_flow.src

@@ -46,5 +46,5 @@ SAMLFrontend\n(Frontendmodule)-->-SAMLFrontend\n(Frontendmodule):
 SAMLFrontend\n(Frontendmodule)-->-WsgiApplication\n(SATOSABase):
 WsgiApplication\n(SATOSABase)-->-WsgiApplication\n(SATOSABase):
 WsgiApplication\n(SATOSABase)->WsgiApplication\n(SATOSABase): _save_state(Context)
-WsgiApplication\n(SATOSABase)-->-WsgiApplication\n(SATOSABase): 
+WsgiApplication\n(SATOSABase)-->-WsgiApplication\n(SATOSABase):
 WsgiApplication\n(SATOSABase)-->-Gunicorn:

doc/internals/authnresp_flow.src

@@ -54,4 +54,3 @@ WsgiApplication\n(SATOSABase)->+WsgiApplication\n(SATOSABase): _save_state(Conte
   destroy SATOSA_STATE
 WsgiApplication\n(SATOSABase)-->WsgiApplication\n(SATOSABase):
 WsgiApplication\n(SATOSABase)-->-Gunicorn:
-

doc/internals/state.md

@@ -22,7 +22,7 @@ If the consent is enabled, the consent module will save the following:
 * **CONSENT.internal_resp.auth_info.timestamp**: When the authentication was done
 * **CONSENT.internal_resp.auth_info.auth_class_ref**: Description of how the authentication was determined
 * **CONSENT.internal_resp.issuer**: Id of the identity provider
-* **CONSENT.internal_resp.hash_type**: Which id type the requester is asking for (persistent/transient/...)  
+* **CONSENT.internal_resp.hash_type**: Which id type the requester is asking for (persistent/transient/...)
 * **CONSENT.internal_resp.usr_id**: The id of the authenticated user
 * **CONSENT.internal_resp.attr**: Contains all attributes and values given by the authentication
 * **CONSENT.internal_resp.usr_id_attr**: An empty list

doc/mod_wsgi.md

@@ -187,12 +187,3 @@ ErrorDocument 500 /error.html
 
 Alias /error.html /var/www/html/error.html
 ```
-
-
-
-
-
-
-
-
-

doc/oidc-to-saml2.md

@@ -23,7 +23,7 @@ be configured with a OpenID Connect frontend and a SAML2 backend.
      for more information.
      To specify the necessary plugins make sure to include the following
      configuration parameter values:
-     ```yaml  
+     ```yaml
      BACKEND_MODULES:
        - "oidc-saml2/plugins/saml2_backend.yaml"
      FRONTEND_MODULES:
@@ -53,7 +53,7 @@ be configured with a OpenID Connect frontend and a SAML2 backend.
 
 1. Generate the SAML metadata, see the [SAML metadata](README.md#saml_metadata) section of the
    proxy configuration instructions for more information. Note: SAML metadata can only be generated
-   for the backend, so make sure to specify the option `-b`. 
+   for the backend, so make sure to specify the option `-b`.
 
 1. Start the proxy application, see the [Running the proxy application](README.md#run) section of
    the proxy configuration instructions for more information.

doc/one-to-many.md

@@ -4,16 +4,16 @@
 ![](images/one-to-many_proxy_uscase.png "one-to-many proxy overview image")
 
 1. The service provider sends a request to the proxy instance. The service provider only knows about the proxy and none of the actual identity providers.
-1. The proxy redirects the user to the discovery service 
-1. The entity ID of the identity provider selected by the user is returned to the proxy 
+1. The proxy redirects the user to the discovery service
+1. The entity ID of the identity provider selected by the user is returned to the proxy
 1. The proxy sent authentication request and when completed the the user get redirected back to the proxy
 1. The response returned from the Identity provider is returned to the Service provider
 
 ## many-to-one
 ![](images/many-to-one.png "many-to-one proxy overview image")
 
 1. Service provider sends request to proxy
-1. Proxy communicates with the identity provider which normally can't talk to the service provider. 
+1. Proxy communicates with the identity provider which normally can't talk to the service provider.
 A reason for this could be that it can't handle multiple entity ID's or that they are not really
 compatible.
 1. Response returned by the identity provider containing the user information.
@@ -33,7 +33,7 @@ be configured with a SAML2 frontend and an SAML2 backend.
    cp example/plugins/frontends/saml2_frontend.yaml.example saml2-saml2/plugins/
    cp example/plugins/backends/saml2_backend.yaml.example saml2-saml2/plugins/
    ```
-   
+
 1. Configure the proxy:
   1. Rename `proxy_conf.yaml.example` to `proxy_conf.yaml`:
      ```bash
@@ -45,7 +45,7 @@ be configured with a SAML2 frontend and an SAML2 backend.
      for more information.
      To specify the necessary plugins make sure to include the following
      configuration parameter values:
-     ```yaml  
+     ```yaml
      BACKEND_MODULES:
        - saml2-saml2/plugins/saml2_backend.yaml
      FRONTEND_MODULES:

doc/saml2-to-oidc.md

@@ -23,7 +23,7 @@ be configured with a SAML2 frontend and an OpenID Connect backend.
      for more information.
      To specify the necessary plugins make sure to include the following
      configuration parameter values:
-     ```yaml  
+     ```yaml
      BACKEND_MODULES:
        - saml2-oidc/plugins/openid_backend.yaml
      FRONTEND_MODULES:

example/plugins/backends/bitbucket_backend.yaml.example

@@ -4,7 +4,7 @@ config:
   authz_page: bitbucket/auth/callback
   base_url:  <base_url>
   client_config:
-    client_id: 
+    client_id:
   client_secret:
   scope: ["account", "email"]
   response_type: code
@@ -27,4 +27,3 @@ config:
       - ["Login to a service using your BitBucket credentials", "en"]
       display_name:
       - ["BitBucket", "en"]
-

example/plugins/backends/github_backend.yaml.example

@@ -26,4 +26,4 @@ config:
       description:
       - ["GitHub oauth", "en"]
       display_name:
-      - ["GitHub", "en"]
+      - ["GitHub", "en"]

example/plugins/backends/idpyoidc_backend.yaml.example

@@ -9,4 +9,4 @@ config:
   scopes_supported: ["openid", "profile", "email"]
   subject_type_supported: ["public"]
   provider_info:
-    issuer: !ENV SATOSA_OIDC_BACKEND_ISSUER
+    issuer: !ENV SATOSA_OIDC_BACKEND_ISSUER

example/plugins/microservices/attribute_policy.yaml.example

@@ -8,5 +8,3 @@ config:
                 - name
                 - givenname
                 - surname
-
-

example/plugins/microservices/attribute_processor.yaml.example

@@ -19,6 +19,5 @@ config:
     processors:
     - name: RegexSubProcessor
       module: satosa.micro_services.processors.regex_sub_processor
-      regex_sub_match_pattern: !ENV REGEX_MATCH_PATTERN 
-      regex_sub_replace_pattern: !ENV REGEX_REPLACE_PATTERN      
-
+      regex_sub_match_pattern: !ENV REGEX_MATCH_PATTERN
+      regex_sub_replace_pattern: !ENV REGEX_REPLACE_PATTERN

example/plugins/microservices/consent.yaml.example

@@ -3,4 +3,4 @@ name: Consent
 config:
   api_url: "https://127.0.0.1:8166"
   redirect_url: "https://localhost:8166/consent"
-  sign_key: "pki/mykey.pem"
+  sign_key: "pki/mykey.pem"

example/plugins/microservices/custom_routing_decide_by_requester.yaml.example

@@ -4,5 +4,3 @@ config:
   default_backend: Saml2
   requester_mapping:
      'requestor-id': 'backend_custom'
-
-

pull_request_template.md

@@ -6,5 +6,3 @@
 * [ ] Have you written new tests for your changes?
 * [ ] Does your submission pass tests?
 * [ ] This project follows PEP8 style guide. Have you run your code against the 'flake8' linter?
-
-

src/satosa/micro_services/processors/regex_sub_processor.py

@@ -8,7 +8,7 @@
 logger = logging.getLogger(__name__)
 class RegexSubProcessor(BaseProcessor):
     """
-    Performs a regex sub against an attribute value. 
+    Performs a regex sub against an attribute value.
     Example configuration:
     module: satosa.micro_services.attribute_processor.AttributeProcessor
     name: AttributeProcessor
@@ -19,25 +19,25 @@ class RegexSubProcessor(BaseProcessor):
         - name: RegexSubProcessor
           module: satosa.micro_services.custom.processors.regex_sub_processor
           regex_sub_match_pattern: (?<=saml-provider\/)(.*)(?=,)
-          regex_sub_replace_pattern: \1-Test  
+          regex_sub_replace_pattern: \1-Test
 
     """
-    
+
     def process(self, internal_data, attribute, **kwargs):
         regex_sub_match_pattern = r'{}'.format(kwargs.get(CONFIG_KEY_MATCH_PATTERN, ''))
         if regex_sub_match_pattern  == '':
             raise AttributeProcessorError("The regex_sub_match_pattern needs to be set")
-            
+
         regex_sub_replace_pattern = r'{}'.format(kwargs.get(CONFIG_KEY_REPLACE_PATTERN, ''))
         if regex_sub_replace_pattern  == '':
             raise AttributeProcessorError("The regex_sub_replace_pattern needs to be set")
         attributes = internal_data.attributes
-        
+
         values = attributes.get(attribute, [])
         new_values = []
         if not values:
             raise AttributeProcessorWarning("Cannot apply regex_sub to {}, it has no values".format(attribute))
         for value in values:
             new_values.append(re.sub(r'{}'.format(regex_sub_match_pattern), r'{}'.format(regex_sub_replace_pattern), value))
             logger.debug('regex_sub new_values: {}'.format(new_values))
-        attributes[attribute] = new_values
+        attributes[attribute] = new_values

src/satosa/micro_services/processors/scope_remover_processor.py

@@ -3,8 +3,8 @@
 
 class ScopeRemoverProcessor(BaseProcessor):
     """
-    Removes the scope from all values of a given attribute 
-    
+    Removes the scope from all values of a given attribute
+
     """
     def process(self, internal_data, attribute, **kwargs):
         attributes = internal_data.attributes

tests/satosa/backends/test_idpy_oidc.py

@@ -232,4 +232,3 @@ def test_start_auth_redirects_to_provider_authorization_endpoint(self, context):
         assert auth_params["redirect_uri"] == _client.context.claims.get_usage("redirect_uris")[0]
         assert "state" in auth_params
         assert "nonce" in auth_params
-

tests/test_resources/auth_response_with_encrypted_signed_assertion.xml

@@ -63,4 +63,4 @@
             </xenc:CipherData>
         </xenc:EncryptedData>
     </saml2:EncryptedAssertion>
-</saml2p:Response>
+</saml2p:Response>

tests/test_resources/cookie_state_name

@@ -1 +1 @@
-chocolate_chip
+chocolate_chip

tests/test_resources/encryption_key.pem

@@ -25,4 +25,4 @@ X2L+U86ag8SLVBxIokYlr9xtaXw+y2rpM5gETD4ZAoGBALCFeB5zy3berEN3+dfz
 /T5XVzgw1GOas0Wwol3vTXT/6J/phMcvW3c4idKa0a7j2CtYVYOSC+ViAbwKcHf7
 pFof5ecbwwGXoG+Ri0IM/2oD+QTwQHXWDvELFMrA9NV6BWeFnsCIEGW2KZWcoGJo
 aZkruIcaav539JB4Co2tWaVp
------END PRIVATE KEY-----
+-----END PRIVATE KEY-----

tests/test_resources/idp_metadata_for_encrypted_signed_auth_response.xml

@@ -29,4 +29,4 @@
             </ds:KeyInfo>
         </KeyDescriptor>
     </IDPSSODescriptor>
-</EntityDescriptor>
+</EntityDescriptor>