From f576babc87788908613707049bc4ad796c7d31bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Mon, 8 Feb 2021 09:35:35 +0100
Subject: [PATCH] Add way to deal with missing expiration date

This is a bug in SP, but it sems quite widespread, so allow way to
handle this using configuration.

See #96
---
 djangosaml2idp/utils.py | 4 ++++
 docs/configuration.rst  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/djangosaml2idp/utils.py b/djangosaml2idp/utils.py
index 6b5a1e2..0e7bd59 100644
--- a/djangosaml2idp/utils.py
+++ b/djangosaml2idp/utils.py
@@ -6,6 +6,7 @@
 import zlib
 from xml.parsers.expat import ExpatError
 from django.conf import settings
+from django.utils.timezone import now
 from django.utils.translation import gettext as _
 import arrow
 import requests
@@ -67,6 +68,9 @@ def extract_validuntil_from_metadata(metadata: str) -> datetime.datetime:
     try:
         metadata_expiration_dt = arrow.get(ET.fromstring(metadata).attrib['validUntil']).datetime
     except Exception as e:
+        fallback = settings.get("SAML_IDP_FALLBACK_EXPIRATION_DAYS")
+        if fallback:
+            return now() + datetime.timedelta(days=fallback)
         raise ValidationError(f'Could not extra ValidUntil timestamp from metadata: {e}')
 
     if not settings.USE_TZ:
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 6580c8f..33335f0 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -96,3 +96,7 @@ Other settings you can set as defaults to be used if not overriden by an SP are
 
     SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256
     SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256
+
+In case your SP does not properly expose validuntil in metadata, you can provide fallback setting for it using::
+
+   SAML_IDP_FALLBACK_EXPIRATION_DAYS = 30