nov-ruby-openid 2.1.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (203) hide show
  1. data/CHANGELOG +215 -0
  2. data/CHANGES-2.1.0 +36 -0
  3. data/INSTALL +47 -0
  4. data/LICENSE +210 -0
  5. data/NOTICE +2 -0
  6. data/README +81 -0
  7. data/Rakefile +98 -0
  8. data/UPGRADE +127 -0
  9. data/VERSION +1 -0
  10. data/contrib/google/ruby-openid-apps-discovery-1.0.gem +0 -0
  11. data/contrib/google/ruby-openid-apps-discovery-1.01.gem +0 -0
  12. data/examples/README +32 -0
  13. data/examples/active_record_openid_store/README +58 -0
  14. data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +24 -0
  15. data/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb +26 -0
  16. data/examples/active_record_openid_store/init.rb +8 -0
  17. data/examples/active_record_openid_store/lib/association.rb +10 -0
  18. data/examples/active_record_openid_store/lib/nonce.rb +3 -0
  19. data/examples/active_record_openid_store/lib/open_id_setting.rb +4 -0
  20. data/examples/active_record_openid_store/lib/openid_ar_store.rb +57 -0
  21. data/examples/active_record_openid_store/test/store_test.rb +212 -0
  22. data/examples/discover +49 -0
  23. data/examples/rails_openid/README +153 -0
  24. data/examples/rails_openid/Rakefile +10 -0
  25. data/examples/rails_openid/app/controllers/application.rb +4 -0
  26. data/examples/rails_openid/app/controllers/consumer_controller.rb +122 -0
  27. data/examples/rails_openid/app/controllers/login_controller.rb +45 -0
  28. data/examples/rails_openid/app/controllers/server_controller.rb +265 -0
  29. data/examples/rails_openid/app/helpers/application_helper.rb +3 -0
  30. data/examples/rails_openid/app/helpers/login_helper.rb +2 -0
  31. data/examples/rails_openid/app/helpers/server_helper.rb +9 -0
  32. data/examples/rails_openid/app/views/consumer/index.rhtml +81 -0
  33. data/examples/rails_openid/app/views/layouts/server.rhtml +68 -0
  34. data/examples/rails_openid/app/views/login/index.rhtml +56 -0
  35. data/examples/rails_openid/app/views/server/decide.rhtml +26 -0
  36. data/examples/rails_openid/config/boot.rb +19 -0
  37. data/examples/rails_openid/config/database.yml +74 -0
  38. data/examples/rails_openid/config/environment.rb +54 -0
  39. data/examples/rails_openid/config/environments/development.rb +19 -0
  40. data/examples/rails_openid/config/environments/production.rb +19 -0
  41. data/examples/rails_openid/config/environments/test.rb +19 -0
  42. data/examples/rails_openid/config/routes.rb +24 -0
  43. data/examples/rails_openid/doc/README_FOR_APP +2 -0
  44. data/examples/rails_openid/public/.htaccess +40 -0
  45. data/examples/rails_openid/public/404.html +8 -0
  46. data/examples/rails_openid/public/500.html +8 -0
  47. data/examples/rails_openid/public/dispatch.cgi +12 -0
  48. data/examples/rails_openid/public/dispatch.fcgi +26 -0
  49. data/examples/rails_openid/public/dispatch.rb +12 -0
  50. data/examples/rails_openid/public/favicon.ico +0 -0
  51. data/examples/rails_openid/public/images/openid_login_bg.gif +0 -0
  52. data/examples/rails_openid/public/javascripts/controls.js +750 -0
  53. data/examples/rails_openid/public/javascripts/dragdrop.js +584 -0
  54. data/examples/rails_openid/public/javascripts/effects.js +854 -0
  55. data/examples/rails_openid/public/javascripts/prototype.js +1785 -0
  56. data/examples/rails_openid/public/robots.txt +1 -0
  57. data/examples/rails_openid/script/about +3 -0
  58. data/examples/rails_openid/script/breakpointer +3 -0
  59. data/examples/rails_openid/script/console +3 -0
  60. data/examples/rails_openid/script/destroy +3 -0
  61. data/examples/rails_openid/script/generate +3 -0
  62. data/examples/rails_openid/script/performance/benchmarker +3 -0
  63. data/examples/rails_openid/script/performance/profiler +3 -0
  64. data/examples/rails_openid/script/plugin +3 -0
  65. data/examples/rails_openid/script/process/reaper +3 -0
  66. data/examples/rails_openid/script/process/spawner +3 -0
  67. data/examples/rails_openid/script/process/spinner +3 -0
  68. data/examples/rails_openid/script/runner +3 -0
  69. data/examples/rails_openid/script/server +3 -0
  70. data/examples/rails_openid/test/functional/login_controller_test.rb +18 -0
  71. data/examples/rails_openid/test/functional/server_controller_test.rb +18 -0
  72. data/examples/rails_openid/test/test_helper.rb +28 -0
  73. data/lib/hmac/hmac.rb +112 -0
  74. data/lib/hmac/sha1.rb +11 -0
  75. data/lib/hmac/sha2.rb +25 -0
  76. data/lib/openid.rb +20 -0
  77. data/lib/openid/association.rb +249 -0
  78. data/lib/openid/consumer.rb +395 -0
  79. data/lib/openid/consumer/associationmanager.rb +344 -0
  80. data/lib/openid/consumer/checkid_request.rb +186 -0
  81. data/lib/openid/consumer/discovery.rb +497 -0
  82. data/lib/openid/consumer/discovery_manager.rb +123 -0
  83. data/lib/openid/consumer/html_parse.rb +134 -0
  84. data/lib/openid/consumer/idres.rb +523 -0
  85. data/lib/openid/consumer/responses.rb +148 -0
  86. data/lib/openid/cryptutil.rb +115 -0
  87. data/lib/openid/dh.rb +89 -0
  88. data/lib/openid/extension.rb +39 -0
  89. data/lib/openid/extensions/ax.rb +539 -0
  90. data/lib/openid/extensions/oauth.rb +91 -0
  91. data/lib/openid/extensions/pape.rb +179 -0
  92. data/lib/openid/extensions/sreg.rb +277 -0
  93. data/lib/openid/extensions/ui.rb +53 -0
  94. data/lib/openid/extras.rb +11 -0
  95. data/lib/openid/fetchers.rb +258 -0
  96. data/lib/openid/kvform.rb +136 -0
  97. data/lib/openid/kvpost.rb +58 -0
  98. data/lib/openid/message.rb +553 -0
  99. data/lib/openid/protocolerror.rb +8 -0
  100. data/lib/openid/server.rb +1544 -0
  101. data/lib/openid/store/filesystem.rb +271 -0
  102. data/lib/openid/store/interface.rb +75 -0
  103. data/lib/openid/store/memcache.rb +107 -0
  104. data/lib/openid/store/memory.rb +84 -0
  105. data/lib/openid/store/nonce.rb +68 -0
  106. data/lib/openid/trustroot.rb +349 -0
  107. data/lib/openid/urinorm.rb +75 -0
  108. data/lib/openid/util.rb +110 -0
  109. data/lib/openid/yadis/accept.rb +148 -0
  110. data/lib/openid/yadis/constants.rb +21 -0
  111. data/lib/openid/yadis/discovery.rb +153 -0
  112. data/lib/openid/yadis/filters.rb +205 -0
  113. data/lib/openid/yadis/htmltokenizer.rb +305 -0
  114. data/lib/openid/yadis/parsehtml.rb +45 -0
  115. data/lib/openid/yadis/services.rb +42 -0
  116. data/lib/openid/yadis/xrds.rb +155 -0
  117. data/lib/openid/yadis/xri.rb +90 -0
  118. data/lib/openid/yadis/xrires.rb +99 -0
  119. data/setup.rb +1551 -0
  120. data/test/data/accept.txt +124 -0
  121. data/test/data/dh.txt +29 -0
  122. data/test/data/example-xrds.xml +14 -0
  123. data/test/data/linkparse.txt +587 -0
  124. data/test/data/n2b64 +650 -0
  125. data/test/data/test1-discover.txt +137 -0
  126. data/test/data/test1-parsehtml.txt +152 -0
  127. data/test/data/test_discover/malformed_meta_tag.html +19 -0
  128. data/test/data/test_discover/openid.html +11 -0
  129. data/test/data/test_discover/openid2.html +11 -0
  130. data/test/data/test_discover/openid2_xrds.xml +12 -0
  131. data/test/data/test_discover/openid2_xrds_no_local_id.xml +11 -0
  132. data/test/data/test_discover/openid_1_and_2.html +11 -0
  133. data/test/data/test_discover/openid_1_and_2_xrds.xml +16 -0
  134. data/test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml +17 -0
  135. data/test/data/test_discover/openid_and_yadis.html +12 -0
  136. data/test/data/test_discover/openid_no_delegate.html +10 -0
  137. data/test/data/test_discover/openid_utf8.html +11 -0
  138. data/test/data/test_discover/yadis_0entries.xml +12 -0
  139. data/test/data/test_discover/yadis_2_bad_local_id.xml +15 -0
  140. data/test/data/test_discover/yadis_2entries_delegate.xml +22 -0
  141. data/test/data/test_discover/yadis_2entries_idp.xml +21 -0
  142. data/test/data/test_discover/yadis_another_delegate.xml +14 -0
  143. data/test/data/test_discover/yadis_idp.xml +12 -0
  144. data/test/data/test_discover/yadis_idp_delegate.xml +13 -0
  145. data/test/data/test_discover/yadis_no_delegate.xml +11 -0
  146. data/test/data/test_xrds/=j3h.2007.11.14.xrds +25 -0
  147. data/test/data/test_xrds/README +12 -0
  148. data/test/data/test_xrds/delegated-20060809-r1.xrds +34 -0
  149. data/test/data/test_xrds/delegated-20060809-r2.xrds +34 -0
  150. data/test/data/test_xrds/delegated-20060809.xrds +34 -0
  151. data/test/data/test_xrds/no-xrd.xml +7 -0
  152. data/test/data/test_xrds/not-xrds.xml +2 -0
  153. data/test/data/test_xrds/prefixsometimes.xrds +34 -0
  154. data/test/data/test_xrds/ref.xrds +109 -0
  155. data/test/data/test_xrds/sometimesprefix.xrds +34 -0
  156. data/test/data/test_xrds/spoof1.xrds +25 -0
  157. data/test/data/test_xrds/spoof2.xrds +25 -0
  158. data/test/data/test_xrds/spoof3.xrds +37 -0
  159. data/test/data/test_xrds/status222.xrds +9 -0
  160. data/test/data/test_xrds/subsegments.xrds +58 -0
  161. data/test/data/test_xrds/valid-populated-xrds.xml +39 -0
  162. data/test/data/trustroot.txt +153 -0
  163. data/test/data/urinorm.txt +79 -0
  164. data/test/discoverdata.rb +131 -0
  165. data/test/test_accept.rb +170 -0
  166. data/test/test_association.rb +266 -0
  167. data/test/test_associationmanager.rb +917 -0
  168. data/test/test_ax.rb +690 -0
  169. data/test/test_checkid_request.rb +294 -0
  170. data/test/test_consumer.rb +257 -0
  171. data/test/test_cryptutil.rb +119 -0
  172. data/test/test_dh.rb +86 -0
  173. data/test/test_discover.rb +852 -0
  174. data/test/test_discovery_manager.rb +262 -0
  175. data/test/test_extension.rb +46 -0
  176. data/test/test_extras.rb +35 -0
  177. data/test/test_fetchers.rb +565 -0
  178. data/test/test_filters.rb +270 -0
  179. data/test/test_idres.rb +963 -0
  180. data/test/test_kvform.rb +165 -0
  181. data/test/test_kvpost.rb +65 -0
  182. data/test/test_linkparse.rb +101 -0
  183. data/test/test_message.rb +1116 -0
  184. data/test/test_nonce.rb +89 -0
  185. data/test/test_oauth.rb +175 -0
  186. data/test/test_openid_yadis.rb +178 -0
  187. data/test/test_pape.rb +247 -0
  188. data/test/test_parsehtml.rb +80 -0
  189. data/test/test_responses.rb +63 -0
  190. data/test/test_server.rb +2457 -0
  191. data/test/test_sreg.rb +479 -0
  192. data/test/test_stores.rb +298 -0
  193. data/test/test_trustroot.rb +113 -0
  194. data/test/test_ui.rb +93 -0
  195. data/test/test_urinorm.rb +35 -0
  196. data/test/test_util.rb +145 -0
  197. data/test/test_xrds.rb +169 -0
  198. data/test/test_xri.rb +48 -0
  199. data/test/test_xrires.rb +63 -0
  200. data/test/test_yadis_discovery.rb +220 -0
  201. data/test/testutil.rb +127 -0
  202. data/test/util.rb +53 -0
  203. metadata +336 -0
@@ -0,0 +1,89 @@
1
+ require 'test/unit'
2
+ require 'openid/store/nonce'
3
+
4
+ module OpenID
5
+ class NonceTestCase < Test::Unit::TestCase
6
+
7
+ NONCE_RE = /\A\d{4}-\d\d-\d\dT\d\d:\d\d:\d\dZ/
8
+
9
+ def test_mk_nonce
10
+ nonce = Nonce::mk_nonce
11
+ assert(nonce.match(NONCE_RE))
12
+ assert(nonce.size == 26)
13
+ end
14
+
15
+ def test_mk_nonce_time
16
+ nonce = Nonce::mk_nonce(0)
17
+ assert(nonce.match(NONCE_RE))
18
+ assert(nonce.size == 26)
19
+ assert(nonce.match(/^1970-01-01T00:00:00Z/))
20
+ end
21
+
22
+ def test_split
23
+ s = '1970-01-01T00:00:00Z'
24
+ expected_t = 0
25
+ expected_salt = ''
26
+ actual_t, actual_salt = Nonce::split_nonce(s)
27
+ assert_equal(expected_t, actual_t)
28
+ assert_equal(expected_salt, actual_salt)
29
+ end
30
+
31
+ def test_mk_split
32
+ t = 42
33
+ nonce_str = Nonce::mk_nonce(t)
34
+ assert(nonce_str.match(NONCE_RE))
35
+ at, salt = Nonce::split_nonce(nonce_str)
36
+ assert_equal(6, salt.size)
37
+ assert_equal(t, at)
38
+ end
39
+
40
+ def test_bad_split
41
+ cases = [
42
+ '',
43
+ '1970-01-01T00:00:00+1:00',
44
+ '1969-01-01T00:00:00Z',
45
+ '1970-00-01T00:00:00Z',
46
+ '1970.01-01T00:00:00Z',
47
+ 'Thu Sep 7 13:29:31 PDT 2006',
48
+ 'monkeys',
49
+ ]
50
+ cases.each{|c|
51
+ assert_raises(ArgumentError, c.inspect) { Nonce::split_nonce(c) }
52
+ }
53
+ end
54
+
55
+ def test_check_timestamp
56
+ cases = [
57
+ # exact, no allowed skew
58
+ ['1970-01-01T00:00:00Z', 0, 0, true],
59
+
60
+ # exact, large skew
61
+ ['1970-01-01T00:00:00Z', 1000, 0, true],
62
+
63
+ # no allowed skew, one second old
64
+ ['1970-01-01T00:00:00Z', 0, 1, false],
65
+
66
+ # many seconds old, outside of skew
67
+ ['1970-01-01T00:00:00Z', 10, 50, false],
68
+
69
+ # one second old, one second skew allowed
70
+ ['1970-01-01T00:00:00Z', 1, 1, true],
71
+
72
+ # One second in the future, one second skew allowed
73
+ ['1970-01-01T00:00:02Z', 1, 1, true],
74
+
75
+ # two seconds in the future, one second skew allowed
76
+ ['1970-01-01T00:00:02Z', 1, 0, false],
77
+
78
+ # malformed nonce string
79
+ ['monkeys', 0, 0, false],
80
+ ]
81
+
82
+ cases.each{|c|
83
+ (nonce_str, allowed_skew, now, expected) = c
84
+ actual = Nonce::check_timestamp(nonce_str, allowed_skew, now)
85
+ assert_equal(expected, actual, c.inspect)
86
+ }
87
+ end
88
+ end
89
+ end
@@ -0,0 +1,175 @@
1
+ require 'openid/extensions/oauth'
2
+ require 'openid/message'
3
+ require 'openid/server'
4
+ require 'openid/consumer/responses'
5
+ require 'openid/consumer/discovery'
6
+
7
+ module OpenID
8
+ module OAuthTest
9
+ class OAuthRequestTestCase < Test::Unit::TestCase
10
+ def setup
11
+ @req = OAuth::Request.new
12
+ end
13
+
14
+ def test_construct
15
+ assert_nil(@req.consumer)
16
+ assert_nil(@req.scope)
17
+ assert_equal('oauth', @req.ns_alias)
18
+
19
+ req2 = OAuth::Request.new("CONSUMER","http://sample.com/some_scope")
20
+ assert_equal("CONSUMER",req2.consumer)
21
+ assert_equal("http://sample.com/some_scope",req2.scope)
22
+ end
23
+
24
+ def test_add_consumer
25
+ @req.consumer="CONSUMER"
26
+ assert_equal("CONSUMER",@req.consumer)
27
+ end
28
+
29
+ def test_add_scope
30
+ @req.scope="http://sample.com/some_scope"
31
+ assert_equal("http://sample.com/some_scope",@req.scope)
32
+ end
33
+
34
+ def test_get_extension_args
35
+ assert_equal({}, @req.get_extension_args)
36
+ @req.consumer="CONSUMER"
37
+ assert_equal({'consumer' => 'CONSUMER'}, @req.get_extension_args)
38
+ @req.scope="http://sample.com/some_scope"
39
+ assert_equal({'consumer' => 'CONSUMER', 'scope' => 'http://sample.com/some_scope'}, @req.get_extension_args)
40
+ end
41
+
42
+ def test_parse_extension_args
43
+ args = {'consumer' => 'CONSUMER', 'scope' => 'http://sample.com/some_scope'}
44
+ @req.parse_extension_args(args)
45
+ assert_equal("CONSUMER",@req.consumer)
46
+ assert_equal("http://sample.com/some_scope",@req.scope)
47
+ end
48
+
49
+ def test_parse_extension_args_empty
50
+ @req.parse_extension_args({})
51
+ assert_nil( @req.consumer )
52
+ assert_nil( @req.scope )
53
+ end
54
+
55
+ def test_from_openid_request
56
+ openid_req_msg = Message.from_openid_args({
57
+ 'mode' => 'checkid_setup',
58
+ 'ns' => OPENID2_NS,
59
+ 'ns.oauth' => OAuth::NS_URI,
60
+ 'oauth.consumer' => 'CONSUMER',
61
+ 'oauth.scope' => "http://sample.com/some_scope"
62
+ })
63
+ oid_req = Server::OpenIDRequest.new
64
+ oid_req.message = openid_req_msg
65
+ req = OAuth::Request.from_openid_request(oid_req)
66
+ assert_equal("CONSUMER",req.consumer)
67
+ assert_equal("http://sample.com/some_scope",req.scope)
68
+ end
69
+
70
+ def test_from_openid_request_no_oauth
71
+ message = Message.new
72
+ openid_req = Server::OpenIDRequest.new
73
+ openid_req.message = message
74
+ oauth_req = OAuth::Request.from_openid_request(openid_req)
75
+ assert(oauth_req.nil?)
76
+ end
77
+
78
+ end
79
+
80
+ class DummySuccessResponse
81
+ attr_accessor :message
82
+
83
+ def initialize(message, signed_stuff)
84
+ @message = message
85
+ @signed_stuff = signed_stuff
86
+ end
87
+
88
+ def get_signed_ns(ns_uri)
89
+ return @signed_stuff
90
+ end
91
+
92
+ end
93
+
94
+ class OAuthResponseTestCase < Test::Unit::TestCase
95
+ def setup
96
+ @req = OAuth::Response.new
97
+ end
98
+
99
+ def test_construct
100
+ assert_nil(@req.request_token)
101
+ assert_nil(@req.scope)
102
+
103
+ req2 = OAuth::Response.new("REQUESTTOKEN","http://sample.com/some_scope")
104
+ assert_equal("REQUESTTOKEN",req2.request_token)
105
+ assert_equal("http://sample.com/some_scope",req2.scope)
106
+ end
107
+
108
+ def test_add_request_token
109
+ @req.request_token="REQUESTTOKEN"
110
+ assert_equal("REQUESTTOKEN",@req.request_token)
111
+ end
112
+
113
+ def test_add_scope
114
+ @req.scope="http://sample.com/some_scope"
115
+ assert_equal("http://sample.com/some_scope",@req.scope)
116
+ end
117
+
118
+ def test_get_extension_args
119
+ assert_equal({}, @req.get_extension_args)
120
+ @req.request_token="REQUESTTOKEN"
121
+ assert_equal({'request_token' => 'REQUESTTOKEN'}, @req.get_extension_args)
122
+ @req.scope="http://sample.com/some_scope"
123
+ assert_equal({'request_token' => 'REQUESTTOKEN', 'scope' => 'http://sample.com/some_scope'}, @req.get_extension_args)
124
+ end
125
+
126
+ def test_parse_extension_args
127
+ args = {'request_token' => 'REQUESTTOKEN', 'scope' => 'http://sample.com/some_scope'}
128
+ @req.parse_extension_args(args)
129
+ assert_equal("REQUESTTOKEN",@req.request_token)
130
+ assert_equal("http://sample.com/some_scope",@req.scope)
131
+ end
132
+
133
+ def test_parse_extension_args_empty
134
+ @req.parse_extension_args({})
135
+ assert_nil( @req.request_token )
136
+ assert_nil( @req.scope )
137
+ end
138
+
139
+ def test_from_success_response
140
+
141
+ openid_req_msg = Message.from_openid_args({
142
+ 'mode' => 'id_res',
143
+ 'ns' => OPENID2_NS,
144
+ 'ns.oauth' => OAuth::NS_URI,
145
+ 'ns.oauth' => OAuth::NS_URI,
146
+ 'oauth.request_token' => 'REQUESTTOKEN',
147
+ 'oauth.scope' => "http://sample.com/some_scope"
148
+ })
149
+ signed_stuff = {
150
+ 'request_token' => 'REQUESTTOKEN',
151
+ 'scope' => "http://sample.com/some_scope"
152
+ }
153
+ oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff)
154
+ req = OAuth::Response.from_success_response(oid_req)
155
+ assert_equal("REQUESTTOKEN",req.request_token)
156
+ assert_equal("http://sample.com/some_scope",req.scope)
157
+ end
158
+
159
+ def test_from_success_response_unsigned
160
+ openid_req_msg = Message.from_openid_args({
161
+ 'mode' => 'id_res',
162
+ 'ns' => OPENID2_NS,
163
+ 'ns.oauth' => OAuth::NS_URI,
164
+ 'oauth.request_token' => 'REQUESTTOKEN',
165
+ 'oauth.scope' => "http://sample.com/some_scope"
166
+ })
167
+ signed_stuff = {}
168
+ endpoint = OpenIDServiceEndpoint.new
169
+ oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff)
170
+ req = OAuth::Response.from_success_response(oid_req)
171
+ assert(req.nil?, req.inspect)
172
+ end
173
+ end
174
+ end
175
+ end
@@ -0,0 +1,178 @@
1
+
2
+ require 'test/unit'
3
+ require 'openid/consumer/discovery'
4
+ require 'openid/yadis/services'
5
+
6
+ module OpenID
7
+
8
+ XRDS_BOILERPLATE = <<EOF
9
+ <?xml version="1.0" encoding="UTF-8"?>
10
+ <xrds:XRDS xmlns:xrds="xri://$xrds"
11
+ xmlns="xri://$xrd*($v*2.0)"
12
+ xmlns:openid="http://openid.net/xmlns/1.0">
13
+ <XRD>
14
+ %s
15
+ </XRD>
16
+ </xrds:XRDS>
17
+ EOF
18
+
19
+ def self.mkXRDS(services)
20
+ return sprintf(XRDS_BOILERPLATE, services)
21
+ end
22
+
23
+ def self.mkService(uris=nil, type_uris=nil, local_id=nil, dent=" ")
24
+ chunks = [dent, "<Service>\n"]
25
+ dent2 = dent + " "
26
+ if type_uris
27
+ type_uris.each { |type_uri|
28
+ chunks += [dent2 + "<Type>", type_uri, "</Type>\n"]
29
+ }
30
+ end
31
+
32
+ if uris
33
+ uris.each { |uri|
34
+ if uri.is_a?(Array)
35
+ uri, prio = uri
36
+ else
37
+ prio = nil
38
+ end
39
+
40
+ chunks += [dent2, "<URI"]
41
+ if !prio.nil?
42
+ chunks += [" priority='", str(prio), "'"]
43
+ end
44
+ chunks += [">", uri, "</URI>\n"]
45
+ }
46
+ end
47
+
48
+ if local_id
49
+ chunks += [dent2, "<openid:Delegate>", local_id, "</openid:Delegate>\n"]
50
+ end
51
+
52
+ chunks += [dent, "</Service>\n"]
53
+
54
+ return chunks.join("")
55
+ end
56
+
57
+ # Different sets of server URLs for use in the URI tag
58
+ SERVER_URL_OPTIONS = [
59
+ [], # This case should not generate an endpoint object
60
+ ['http://server.url/'],
61
+ ['https://server.url/'],
62
+ ['https://server.url/', 'http://server.url/'],
63
+ ['https://server.url/',
64
+ 'http://server.url/',
65
+ 'http://example.server.url/'],
66
+ ]
67
+
68
+ # Used for generating test data
69
+ def OpenID.subsets(l)
70
+ subsets_list = [[]]
71
+ l.each { |x|
72
+ subsets_list += subsets_list.collect { |t| [x] + t }
73
+ }
74
+
75
+ return subsets_list
76
+ end
77
+
78
+ # A couple of example extension type URIs. These are not at all
79
+ # official, but are just here for testing.
80
+ EXT_TYPES = [
81
+ 'http://janrain.com/extension/blah',
82
+ 'http://openid.net/sreg/1.0',
83
+ ]
84
+
85
+ # Range of valid Delegate tag values for generating test data
86
+ LOCAL_ID_OPTIONS = [
87
+ nil,
88
+ 'http://vanity.domain/',
89
+ 'https://somewhere/yadis/',
90
+ ]
91
+
92
+ class OpenIDYadisTest
93
+ def initialize(uris, type_uris, local_id)
94
+ super()
95
+ @uris = uris
96
+ @type_uris = type_uris
97
+ @local_id = local_id
98
+
99
+ @yadis_url = 'http://unit.test/'
100
+
101
+ # Create an XRDS document to parse
102
+ services = OpenID.mkService(@uris,
103
+ @type_uris,
104
+ @local_id)
105
+ @xrds = OpenID.mkXRDS(services)
106
+ end
107
+
108
+ def runTest(testcase)
109
+ # Parse into endpoint objects that we will check
110
+ endpoints = Yadis.apply_filter(@yadis_url, @xrds, OpenIDServiceEndpoint)
111
+
112
+ # make sure there are the same number of endpoints as URIs. This
113
+ # assumes that the type_uris contains at least one OpenID type.
114
+ testcase.assert_equal(@uris.length, endpoints.length)
115
+
116
+ # So that we can check equality on the endpoint types
117
+ type_uris = @type_uris.dup
118
+ type_uris.sort!
119
+
120
+ seen_uris = []
121
+ endpoints.each { |endpoint|
122
+ seen_uris << endpoint.server_url
123
+
124
+ # All endpoints will have same yadis_url
125
+ testcase.assert_equal(@yadis_url, endpoint.claimed_id)
126
+
127
+ # and local_id
128
+ testcase.assert_equal(@local_id, endpoint.local_id)
129
+
130
+ # and types
131
+ actual_types = endpoint.type_uris.dup
132
+ actual_types.sort!
133
+ testcase.assert_equal(type_uris, actual_types, actual_types.inspect)
134
+ }
135
+
136
+ # So that they will compare equal, because we don't care what
137
+ # order they are in
138
+ seen_uris.sort!
139
+ uris = @uris.dup
140
+ uris.sort!
141
+
142
+ # Make sure we saw all URIs, and saw each one once
143
+ testcase.assert_equal(uris, seen_uris)
144
+ end
145
+ end
146
+
147
+ class OpenIDYadisTests < Test::Unit::TestCase
148
+ def test_openid_yadis
149
+ data = []
150
+
151
+ # All valid combinations of Type tags that should produce an
152
+ # OpenID endpoint
153
+ type_uri_options = []
154
+
155
+ OpenID.subsets([OPENID_1_0_TYPE, OPENID_1_1_TYPE]).each { |ts|
156
+ OpenID.subsets(EXT_TYPES).each { |exts|
157
+ if !ts.empty?
158
+ type_uri_options << exts + ts
159
+ end
160
+ }
161
+ }
162
+
163
+ # All combinations of valid URIs, Type URIs and Delegate tags
164
+ SERVER_URL_OPTIONS.each { |uris|
165
+ type_uri_options.each { |type_uris|
166
+ LOCAL_ID_OPTIONS.each { |local_id|
167
+ data << [uris, type_uris, local_id]
168
+ }
169
+ }
170
+ }
171
+
172
+ data.each { |args|
173
+ t = OpenIDYadisTest.new(*args)
174
+ t.runTest(self)
175
+ }
176
+ end
177
+ end
178
+ end
@@ -0,0 +1,247 @@
1
+ require 'openid/extensions/pape'
2
+ require 'openid/message'
3
+ require 'openid/server'
4
+ require 'openid/consumer/responses'
5
+
6
+ module OpenID
7
+ module PAPETest
8
+ class PapeRequestTestCase < Test::Unit::TestCase
9
+ def setup
10
+ @req = PAPE::Request.new
11
+ end
12
+
13
+ def test_construct
14
+ assert_equal([], @req.preferred_auth_policies)
15
+ assert_equal(nil, @req.max_auth_age)
16
+ assert_equal('pape', @req.ns_alias)
17
+
18
+ req2 = PAPE::Request.new([PAPE::AUTH_MULTI_FACTOR], 1000)
19
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.preferred_auth_policies)
20
+ assert_equal(1000, req2.max_auth_age)
21
+ end
22
+
23
+ def test_add_policy_uri
24
+ assert_equal([], @req.preferred_auth_policies)
25
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
26
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies)
27
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
28
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies)
29
+ @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
30
+ assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies)
31
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
32
+ assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies)
33
+ end
34
+
35
+ def test_get_extension_args
36
+ assert_equal({'preferred_auth_policies' => ''}, @req.get_extension_args)
37
+ @req.add_policy_uri('http://uri')
38
+ assert_equal({'preferred_auth_policies' => 'http://uri'}, @req.get_extension_args)
39
+ @req.add_policy_uri('http://zig')
40
+ assert_equal({'preferred_auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
41
+ @req.max_auth_age = 789
42
+ assert_equal({'preferred_auth_policies' => 'http://uri http://zig', 'max_auth_age' => '789'}, @req.get_extension_args)
43
+ end
44
+
45
+ def test_parse_extension_args
46
+ args = {'preferred_auth_policies' => 'http://foo http://bar',
47
+ 'max_auth_age' => '9'}
48
+ @req.parse_extension_args(args)
49
+ assert_equal(9, @req.max_auth_age)
50
+ assert_equal(['http://foo','http://bar'], @req.preferred_auth_policies)
51
+ end
52
+
53
+ def test_parse_extension_args_empty
54
+ @req.parse_extension_args({})
55
+ assert_equal(nil, @req.max_auth_age)
56
+ assert_equal([], @req.preferred_auth_policies)
57
+ end
58
+
59
+ def test_from_openid_request
60
+ openid_req_msg = Message.from_openid_args({
61
+ 'mode' => 'checkid_setup',
62
+ 'ns' => OPENID2_NS,
63
+ 'ns.pape' => PAPE::NS_URI,
64
+ 'pape.preferred_auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
65
+ 'pape.max_auth_age' => '5476'
66
+ })
67
+ oid_req = Server::OpenIDRequest.new
68
+ oid_req.message = openid_req_msg
69
+ req = PAPE::Request.from_openid_request(oid_req)
70
+ assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.preferred_auth_policies)
71
+ assert_equal(5476, req.max_auth_age)
72
+ end
73
+
74
+ def test_from_openid_request_no_pape
75
+ message = Message.new
76
+ openid_req = Server::OpenIDRequest.new
77
+ openid_req.message = message
78
+ pape_req = PAPE::Request.from_openid_request(openid_req)
79
+ assert(pape_req.nil?)
80
+ end
81
+
82
+ def test_preferred_types
83
+ @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
84
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
85
+ pt = @req.preferred_types([PAPE::AUTH_MULTI_FACTOR,
86
+ PAPE::AUTH_MULTI_FACTOR_PHYSICAL])
87
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], pt)
88
+ end
89
+ end
90
+
91
+ class DummySuccessResponse
92
+ attr_accessor :message
93
+
94
+ def initialize(message, signed_stuff)
95
+ @message = message
96
+ @signed_stuff = signed_stuff
97
+ end
98
+
99
+ def get_signed_ns(ns_uri)
100
+ return @signed_stuff
101
+ end
102
+
103
+ end
104
+
105
+ class PapeResponseTestCase < Test::Unit::TestCase
106
+ def setup
107
+ @req = PAPE::Response.new
108
+ end
109
+
110
+ def test_construct
111
+ assert_equal([], @req.auth_policies)
112
+ assert_equal(nil, @req.auth_time)
113
+ assert_equal('pape', @req.ns_alias)
114
+ assert_equal(nil, @req.nist_auth_level)
115
+
116
+ req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR], "1983-11-05T12:30:24Z", 3)
117
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.auth_policies)
118
+ assert_equal("1983-11-05T12:30:24Z", req2.auth_time)
119
+ assert_equal(3, req2.nist_auth_level)
120
+ end
121
+
122
+ def test_add_policy_uri
123
+ assert_equal([], @req.auth_policies)
124
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
125
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies)
126
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
127
+ assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies)
128
+ @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
129
+ assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies)
130
+ @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
131
+ assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies)
132
+ end
133
+
134
+ def test_get_extension_args
135
+ assert_equal({'auth_policies' => 'none'}, @req.get_extension_args)
136
+ @req.add_policy_uri('http://uri')
137
+ assert_equal({'auth_policies' => 'http://uri'}, @req.get_extension_args)
138
+ @req.add_policy_uri('http://zig')
139
+ assert_equal({'auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
140
+ @req.auth_time = "1983-11-05T12:30:24Z"
141
+ assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z"}, @req.get_extension_args)
142
+ @req.nist_auth_level = 3
143
+ assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z", 'nist_auth_level' => '3'}, @req.get_extension_args)
144
+ end
145
+
146
+ def test_get_extension_args_error_auth_age
147
+ @req.auth_time = "the beginning of time"
148
+ assert_raises(ArgumentError) { @req.get_extension_args }
149
+ end
150
+
151
+ def test_get_extension_args_error_nist_auth_level
152
+ @req.nist_auth_level = "high as a kite"
153
+ assert_raises(ArgumentError) { @req.get_extension_args }
154
+ @req.nist_auth_level = 5
155
+ assert_raises(ArgumentError) { @req.get_extension_args }
156
+ @req.nist_auth_level = -1
157
+ assert_raises(ArgumentError) { @req.get_extension_args }
158
+ end
159
+
160
+ def test_parse_extension_args
161
+ args = {'auth_policies' => 'http://foo http://bar',
162
+ 'auth_time' => '1983-11-05T12:30:24Z'}
163
+ @req.parse_extension_args(args)
164
+ assert_equal('1983-11-05T12:30:24Z', @req.auth_time)
165
+ assert_equal(['http://foo','http://bar'], @req.auth_policies)
166
+ end
167
+
168
+ def test_parse_extension_args_empty
169
+ @req.parse_extension_args({})
170
+ assert_equal(nil, @req.auth_time)
171
+ assert_equal([], @req.auth_policies)
172
+ end
173
+
174
+ def test_parse_extension_args_strict_bogus1
175
+ args = {'auth_policies' => 'http://foo http://bar',
176
+ 'auth_time' => 'this one time'}
177
+ assert_raises(ArgumentError) {
178
+ @req.parse_extension_args(args, true)
179
+ }
180
+ end
181
+
182
+ def test_parse_extension_args_strict_bogus2
183
+ args = {'auth_policies' => 'http://foo http://bar',
184
+ 'auth_time' => '1983-11-05T12:30:24Z',
185
+ 'nist_auth_level' => 'some'}
186
+ assert_raises(ArgumentError) {
187
+ @req.parse_extension_args(args, true)
188
+ }
189
+ end
190
+
191
+ def test_parse_extension_args_strict_good
192
+ args = {'auth_policies' => 'http://foo http://bar',
193
+ 'auth_time' => '2007-10-11T05:25:18Z',
194
+ 'nist_auth_level' => '0'}
195
+ @req.parse_extension_args(args, true)
196
+ assert_equal(['http://foo','http://bar'], @req.auth_policies)
197
+ assert_equal('2007-10-11T05:25:18Z', @req.auth_time)
198
+ assert_equal(0, @req.nist_auth_level)
199
+ end
200
+
201
+ def test_parse_extension_args_nostrict_bogus
202
+ args = {'auth_policies' => 'http://foo http://bar',
203
+ 'auth_time' => 'some time ago',
204
+ 'nist_auth_level' => 'some'}
205
+ @req.parse_extension_args(args)
206
+ assert_equal(['http://foo','http://bar'], @req.auth_policies)
207
+ assert_equal(nil, @req.auth_time)
208
+ assert_equal(nil, @req.nist_auth_level)
209
+ end
210
+
211
+
212
+ def test_from_success_response
213
+
214
+ openid_req_msg = Message.from_openid_args({
215
+ 'mode' => 'id_res',
216
+ 'ns' => OPENID2_NS,
217
+ 'ns.pape' => PAPE::NS_URI,
218
+ 'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
219
+ 'pape.auth_time' => '1983-11-05T12:30:24Z'
220
+ })
221
+ signed_stuff = {
222
+ 'auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
223
+ 'auth_time' => '1983-11-05T12:30:24Z'
224
+ }
225
+ oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff)
226
+ req = PAPE::Response.from_success_response(oid_req)
227
+ assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.auth_policies)
228
+ assert_equal('1983-11-05T12:30:24Z', req.auth_time)
229
+ end
230
+
231
+ def test_from_success_response_unsigned
232
+ openid_req_msg = Message.from_openid_args({
233
+ 'mode' => 'id_res',
234
+ 'ns' => OPENID2_NS,
235
+ 'ns.pape' => PAPE::NS_URI,
236
+ 'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
237
+ 'pape.auth_time' => '1983-11-05T12:30:24Z'
238
+ })
239
+ signed_stuff = {}
240
+ endpoint = OpenIDServiceEndpoint.new
241
+ oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff)
242
+ req = PAPE::Response.from_success_response(oid_req)
243
+ assert(req.nil?, req.inspect)
244
+ end
245
+ end
246
+ end
247
+ end