fix for bad config check on sensitive keys

Author: leifj

src/satosa/satosa_config.py

@@ -18,7 +18,7 @@ class SATOSAConfig(object):
     """
     sensitive_dict_keys = ["STATE_ENCRYPTION_KEY", "USER_ID_HASH_SALT"]
     mandatory_dict_keys = ["BASE", "BACKEND_MODULES", "FRONTEND_MODULES",
-                           "INTERNAL_ATTRIBUTES", "COOKIE_STATE_NAME"] + sensitive_dict_keys
+                           "INTERNAL_ATTRIBUTES", "COOKIE_STATE_NAME"]
 
     def __init__(self, config):
         """
@@ -83,6 +83,10 @@ def _verify_dict(self, conf):
             if key not in conf:
                 raise SATOSAConfigurationError("Missing key '%s' in config" % key)
 
+        for key in SATOSAConfig.sensitive_dict_keys:
+            if key not in conf and "SATOSA_{key}".format(key=key) not in os.environ:
+                raise SATOSAConfigurationError("Missing key '%s' from config and ENVIRONMENT" % key)
+
     def __getitem__(self, item):
         """
         Returns data bound to the key 'item'.

tests/satosa/test_satosa_config.py

@@ -77,4 +77,4 @@ def test_can_read_endpoint_configs_from_file(self, satosa_config_dict, modules_k
         satosa_config_dict[modules_key] = ["/fake_file_path"]
 
         with pytest.raises(SATOSAConfigurationError):
-            SATOSAConfig(satosa_config_dict)
+            SATOSAConfig(satosa_config_dict)