feat: extend check_saml with logout

aa218b58 · Johana Supíková · 89860003 · aa218b58
Commit aa218b58 authored 2 years ago by Johana Supíková
--- a/perun/proxy/utils/nagios/check_saml.py
+++ b/perun/proxy/utils/nagios/check_saml.py
@@ -114,28 +114,29 @@ def get_args():
        help="string to expect after successful authentication",
        default="OSCIS",
    )
-    parser.add_argument("--idp-host", help="hostname of IdP", default="id.muni.cz")
    parser.add_argument(
-        "--hosts",
-        nargs="*",
-        default=[],
-        help="space separated list of hostname:ip or hostname:hostname pairs "
-        + "for replacing in all URLs",
+        "--logout-url",
+        help="URL to trigger logout",
+        default="https://inet.muni.cz/pub/appctl/logout",
    )
-    """
    parser.add_argument(
-        "--other-urls",
-        nargs="*",
-        default=[],
-        help="list of more services for testing single sign-on",
+        "--postlogout-string",
+        help="String to expect after successful logout",
+        default="successfully signed out",
+    )
+    parser.add_argument(
+        "--skip-logout-check",
+        action="store_true",
+        help="skip logout check",
    )
+    parser.add_argument("--idp-host", help="hostname of IdP", default="id.muni.cz")
    parser.add_argument(
-        "--other-urls-final",
+        "--hosts",
        nargs="*",
        default=[],
-        help="list of final URLs of the other services for testing single sign-on",
+        help="space separated list of hostname:ip or hostname:hostname pairs "
+        + "for replacing in all URLs",
    )
-    """
    parser.add_argument(
        "--warn-time",
        type=int,
@@ -507,11 +508,24 @@ class SAMLChecker:
                    "WARNING",
                )

-        self.finish(
-            "Authentication took {:.2f} seconds".format(elapsed_seconds),
-            status,
-            auth_time=elapsed_seconds,
-        )
+        if not self.args.skip_logout_check:
+            # test logout
+            logout_html, logout_url = self.initial_request(self.args.logout_url)
+            if self.args.verbose >= 3:
+                print(logout_html)
+            if self.args.postlogout_string not in logout_html:
+                self.finish(
+                    "Missing the testing string {} in the logout response.".format(
+                        self.args.postlogout_string
+                    ),
+                    "CRITICAL",
+                )
+
+            self.finish(
+                "Authentication took {:.2f} seconds".format(elapsed_seconds),
+                status,
+                auth_time=elapsed_seconds,
+            )

    def __init__(self, args):
        self.args = args