From 06c08984ae03b3f37c3cee2e47ad6ec98e4fb34d Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Fri, 11 Jan 2019 11:16:36 +0100
Subject: [PATCH] pythonPackages.pysaml2: 3.0.2 -> 4.6.5

Also run tests and hardcode path to xmlsec1.
---
 .../python-modules/pysaml2/default.nix        | 66 +++++++------------
 .../pysaml2/hardcode-xmlsec1-path.patch       | 39 +++++++++++
 pkgs/top-level/python-packages.nix            |  4 +-
 3 files changed, 65 insertions(+), 44 deletions(-)
 create mode 100644 pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch

diff --git a/pkgs/development/python-modules/pysaml2/default.nix b/pkgs/development/python-modules/pysaml2/default.nix
index 1e9ce18afb9..04d0d1c34a5 100644
--- a/pkgs/development/python-modules/pysaml2/default.nix
+++ b/pkgs/development/python-modules/pysaml2/default.nix
@@ -1,62 +1,42 @@
 { stdenv
 , buildPythonPackage
-, fetchPypi
-, fetchpatch
-, repoze_who
-, paste
-, cryptography
-, pycrypto
-, pyopenssl
-, ipaddress
-, six
-, cffi
-, idna
-, enum34
-, pytz
-, setuptools
-, zope_interface
-, dateutil
-, requests
-, pyasn1
-, webob
-, decorator
-, pycparser
-, defusedxml
-, Mako
-, pytest
-, memcached
-, pymongo
-, mongodict
-, pkgs
+, fetchFromGitHub
+, substituteAll
+, xmlsec
+, cryptography, defusedxml, future, pyopenssl, dateutil, pytz, requests, six
+, mock, pyasn1, pymongo, pytest, responses
 }:
 
 buildPythonPackage rec {
   pname = "pysaml2";
-  version = "3.0.2";
+  version = "4.6.5";
 
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "0y2iw1dddcvi13xjh3l52z1mvnrbc41ik9k4nn7lwj8x5kimnk9n";
+  # No tests in PyPI tarball
+  src = fetchFromGitHub {
+    owner = "IdentityPython";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0xlbr52vzx1j9sg65jhqv01vp4a49afjy03lc2zb0ggx0xxzngvb";
   };
 
   patches = [
-    (fetchpatch {
-      name = "CVE-2016-10127.patch";
-      url = "https://sources.debian.net/data/main/p/python-pysaml2/3.0.0-5/debian/patches/fix-xxe-in-xml-parsing.patch";
-      sha256 = "184lkwdayjqiahzsn4yp15parqpmphjsb1z7zwd636jvarxqgs2q";
+    (substituteAll {
+      src = ./hardcode-xmlsec1-path.patch;
+      inherit xmlsec;
     })
   ];
 
-  propagatedBuildInputs = [ repoze_who paste cryptography pycrypto pyopenssl ipaddress six cffi idna enum34 pytz setuptools zope_interface dateutil requests pyasn1 webob decorator pycparser defusedxml ];
-  buildInputs = [ Mako pytest memcached pymongo mongodict pkgs.xmlsec ];
+  propagatedBuildInputs = [ cryptography defusedxml future pyopenssl dateutil pytz requests six ];
 
-  preConfigure = ''
-    sed -i 's/pymongo==3.0.1/pymongo/' setup.py
+  checkInputs = [ mock pyasn1 pymongo pytest responses ];
+
+  # Disabled tests try to access the network
+  checkPhase = ''
+    py.test -k "not test_load_extern_incommon \
+            and not test_load_remote_encoding \
+            and not test_load_external"
   '';
 
-  # 16 failed, 427 passed, 17 error in 88.85 seconds
-  doCheck = false;
-
   meta = with stdenv.lib; {
     homepage = "https://github.com/rohe/pysaml2";
     description = "Python implementation of SAML Version 2 Standard";
diff --git a/pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch b/pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch
new file mode 100644
index 00000000000..d984c55a8a7
--- /dev/null
+++ b/pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch
@@ -0,0 +1,39 @@
+diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
+index 59fe2dee..0c24fbcc 100644
+--- a/src/saml2/sigver.py
++++ b/src/saml2/sigver.py
+@@ -165,33 +165,7 @@ def get_xmlsec_binary(paths=None):
+     :return: full name of the xmlsec1 binary found. If no binaries are
+         found then an exception is raised.
+     """
+-    if os.name == 'posix':
+-        bin_name = ['xmlsec1']
+-    elif os.name == 'nt':
+-        bin_name = ['xmlsec.exe', 'xmlsec1.exe']
+-    else:  # Default !?
+-        bin_name = ['xmlsec1']
+-
+-    if paths:
+-        for bname in bin_name:
+-            for path in paths:
+-                fil = os.path.join(path, bname)
+-                try:
+-                    if os.lstat(fil):
+-                        return fil
+-                except OSError:
+-                    pass
+-
+-    for path in os.environ['PATH'].split(os.pathsep):
+-        for bname in bin_name:
+-            fil = os.path.join(path, bname)
+-            try:
+-                if os.lstat(fil):
+-                    return fil
+-            except OSError:
+-                pass
+-
+-    raise SigverError('Cannot find {binary}'.format(binary=bin_name))
++    return '@xmlsec@/bin/xmlsec1'
+ 
+ 
+ def _get_xmlsec_cryptobackend(path=None, search_paths=None):
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 77ee88cc3fc..4d6c3ca4622 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -3528,7 +3528,9 @@ in {
 
   pysam = callPackage ../development/python-modules/pysam { };
 
-  pysaml2 = callPackage ../development/python-modules/pysaml2 { };
+  pysaml2 = callPackage ../development/python-modules/pysaml2 {
+    inherit (pkgs) xmlsec;
+  };
 
   python-pushover = callPackage ../development/python-modules/pushover {};