pelle-ruby-openid 2.1.8

data/test/data/urinorm.txt

@@ -0,0 +1,79 @@
+Already normal form
+http://example.com/
+http://example.com/
+
+Add a trailing slash
+http://example.com
+http://example.com/
+
+Remove an empty port segment
+http://example.com:/
+http://example.com/
+
+Remove a default port segment
+http://example.com:80/
+http://example.com/
+
+Capitalization in host names
+http://wWw.exaMPLE.COm/
+http://www.example.com/
+
+Capitalization in scheme names
+htTP://example.com/
+http://example.com/
+
+Capitalization in percent-escaped reserved characters
+http://example.com/foo%2cbar
+http://example.com/foo%2Cbar
+
+Unescape percent-encoded unreserved characters
+http://example.com/foo%2Dbar%2dbaz
+http://example.com/foo-bar-baz
+
+remove_dot_segments example 1
+http://example.com/a/b/c/./../../g
+http://example.com/a/g
+
+remove_dot_segments example 2
+http://example.com/mid/content=5/../6
+http://example.com/mid/6
+
+remove_dot_segments: single-dot
+http://example.com/a/./b
+http://example.com/a/b
+
+remove_dot_segments: double-dot
+http://example.com/a/../b
+http://example.com/b
+
+remove_dot_segments: leading double-dot
+http://example.com/../b
+http://example.com/b
+
+remove_dot_segments: trailing single-dot
+http://example.com/a/.
+http://example.com/a/
+
+remove_dot_segments: trailing double-dot
+http://example.com/a/..
+http://example.com/
+
+remove_dot_segments: trailing single-dot-slash
+http://example.com/a/./
+http://example.com/a/
+
+remove_dot_segments: trailing double-dot-slash
+http://example.com/a/../
+http://example.com/
+
+Test of all kinds of syntax-based normalization
+hTTPS://a/./b/../b/%63/%7bfoo%7d
+https://a/b/c/%7Bfoo%7D
+
+Unsupported scheme
+ftp://example.com/
+fail
+
+Non-absolute URI
+http:/foo
+fail

data/test/discoverdata.rb

@@ -0,0 +1,131 @@
+
+require 'uri'
+require 'openid/yadis/constants'
+require 'openid/yadis/discovery'
+require 'openid/extras'
+require 'openid/util'
+
+module OpenID
+
+  module DiscoverData
+
+    include TestDataMixin
+    include Util
+
+    TESTLIST = [
+                # success,  input_name,          id_name,            result_name
+                [true,  "equiv",             "equiv",            "xrds"],
+                [true,  "header",            "header",           "xrds"],
+                [true,  "lowercase_header",  "lowercase_header", "xrds"],
+                [true,  "xrds",              "xrds",             "xrds"],
+                [true,  "xrds_ctparam",      "xrds_ctparam",     "xrds_ctparam"],
+                [true,  "xrds_ctcase",       "xrds_ctcase",      "xrds_ctcase"],
+                [false, "xrds_html",         "xrds_html",        "xrds_html"],
+                [true,  "redir_equiv",       "equiv",            "xrds"],
+                [true,  "redir_header",      "header",           "xrds"],
+                [true,  "redir_xrds",        "xrds",             "xrds"],
+                [false, "redir_xrds_html",   "xrds_html",        "xrds_html"],
+                [true,  "redir_redir_equiv", "equiv",            "xrds"],
+                [false, "404_server_response", nil,             nil],
+                [false, "404_with_header",     nil,             nil],
+                [false, "404_with_meta",       nil,             nil],
+                [false, "201_server_response", nil,             nil],
+                [false, "500_server_response", nil,             nil],
+             ]
+
+    @@example_xrds_file = 'example-xrds.xml'
+    @@default_test_file = 'test1-discover.txt'
+    @@discover_tests = {}
+
+    def readTests(filename)
+      data = read_data_file(filename, false)
+      tests = {}
+      data.split("\f\n", -1).each { |case_|
+        name, content = case_.split("\n", 2)
+        tests[name] = content
+      }
+
+      return tests
+    end
+
+    def getData(filename, name)
+      if !@@discover_tests.member?(filename)
+        @@discover_tests[filename] = readTests(filename)
+      end
+
+      file_tests = @@discover_tests[filename]
+      return file_tests[name]
+    end
+
+    def fillTemplate(test_name, template, base_url, example_xrds)
+      mapping = [
+                 ['URL_BASE/', base_url],
+                 ['<XRDS Content>', example_xrds],
+                 ['YADIS_HEADER', Yadis::YADIS_HEADER_NAME],
+                 ['NAME', test_name],
+                ]
+
+      mapping.each { |k, v|
+        template = template.gsub(/#{k}/, v)
+      }
+
+      return template
+    end
+
+    def generateSample(test_name, base_url,
+                       example_xrds=nil,
+                       filename=@@default_test_file)
+      if example_xrds.nil?
+        example_xrds = read_data_file(@@example_xrds_file, false)
+      end
+
+      begin
+        template = getData(filename, test_name)
+      rescue Errno::ENOENT
+        raise ArgumentError(filename)
+      end
+
+      return fillTemplate(test_name, template, base_url, example_xrds)
+    end
+
+    def generateResult(base_url, input_name, id_name, result_name, success)
+      uri = URI::parse(base_url)
+
+      input_url = (uri + input_name).to_s
+
+      # If the name is None then we expect the protocol to fail, which
+      # we represent by None
+      if id_name.nil?
+        Util.assert(result_name.nil?)
+        return input_url, DiscoveryFailure
+      end
+
+      result = generateSample(result_name, base_url)
+      headers, content = result.split("\n\n", 2)
+      header_lines = headers.split("\n")
+
+      ctype = nil
+      header_lines.each { |header_line|
+        if header_line.starts_with?('Content-Type:')
+          _, ctype = header_line.split(':', 2)
+          ctype = ctype.strip()
+          break
+        else
+          ctype = nil
+        end
+      }
+
+      id_url = (uri + id_name).to_s
+      result = Yadis::DiscoveryResult.new(input_url)
+      result.normalized_uri = id_url
+
+      if success
+        result.xrds_uri = (uri + result_name).to_s
+      end
+
+      result.content_type = ctype
+      result.response_text = content
+      return [input_url, result]
+    end
+  end
+end

data/test/test_accept.rb

@@ -0,0 +1,170 @@
+
+require 'test/unit'
+require 'openid/yadis/accept'
+require 'openid/extras'
+require 'openid/util'
+
+module OpenID
+
+  class AcceptTest < Test::Unit::TestCase
+    include TestDataMixin
+
+    def getTestData()
+      # Read the test data off of disk
+      #
+      # () -> [(int, str)]
+      lines = read_data_file('accept.txt')
+      line_no = 1
+      return lines.collect { |line|
+        pair = [line_no, line]
+        line_no += 1
+        pair
+      }
+    end
+
+    def chunk(lines)
+      # Return groups of lines separated by whitespace or comments
+      #
+      # [(int, str)] -> [[(int, str)]]
+      chunks = []
+      chunk = []
+      lines.each { |lineno, line|
+        stripped = line.strip()
+        if (stripped == '') or stripped.starts_with?('#')
+          if chunk.length > 0
+            chunks << chunk
+            chunk = []
+          end
+        else
+          chunk << [lineno, stripped]
+        end
+      }
+
+      if chunk.length > 0
+        chunks << chunk
+      end
+
+      return chunks
+    end
+
+    def parseLines(chunk)
+      # Take the given chunk of lines and turn it into a test data
+      # dictionary
+      #
+      # [(int, str)] -> {str:(int, str)}
+      items = {}
+      chunk.each { |lineno, line|
+        header, data = line.split(':', 2)
+        header = header.downcase
+        items[header] = [lineno, data.strip]
+      }
+      return items
+    end
+
+    def parseAvailable(available_text)
+      # Parse an Available: line's data
+      #
+      # str -> [str]
+      return available_text.split(',', -1).collect { |s| s.strip }
+    end
+
+    def parseExpected(expected_text)
+      # Parse an Expected: line's data
+      #
+      # str -> [(str, float)]
+      expected = []
+      if expected_text != ''
+        expected_text.split(',', -1).each { |chunk|
+          chunk = chunk.strip
+          mtype, qstuff = chunk.split(';', -1)
+          mtype = mtype.strip
+          Util.assert(!mtype.index('/').nil?)
+          qstuff = qstuff.strip
+          q, qstr = qstuff.split('=', -1)
+          Util.assert(q == 'q')
+          qval = qstr.to_f
+          expected << [mtype, qval]
+        }
+      end
+
+      return expected
+    end
+
+    def test_accept_headers
+      lines = getTestData()
+      chunks = chunk(lines)
+      data_sets = chunks.collect { |chunk| parseLines(chunk) }
+      cases = []
+      data_sets.each { |data|
+        lnos = []
+        lno, header = data['accept']
+        lnos << lno
+        lno, avail_data = data['available']
+        lnos << lno
+        begin
+          available = parseAvailable(avail_data)
+        rescue
+          print 'On line', lno
+          raise
+        end
+
+        lno, exp_data = data['expected']
+        lnos << lno
+        begin
+          expected = parseExpected(exp_data)
+        rescue
+          print 'On line', lno
+          raise
+        end
+
+        descr = sprintf('MatchAcceptTest for lines %s', lnos)
+
+        # Test:
+        accepted = Yadis.parse_accept_header(header)
+        actual = Yadis.match_types(accepted, available)
+        assert_equal(expected, actual)
+
+        assert_equal(Yadis.get_acceptable(header, available),
+                     expected.collect { |mtype, _| mtype })
+      }
+    end
+
+    def test_generate_accept_header
+      # TODO: move this into a test case file and write parsing code
+      # for it.
+
+      # Form: [input_array, expected_header_string]
+      cases = [
+               # Empty input list
+               [[], ""],
+               # Content type name only; no q value
+               [["test"], "test"],
+               # q = 1.0 should be omitted from the header
+               [[["test", 1.0]], "test"],
+               # Test conversion of float to string
+               [["test", ["with_q", 0.8]], "with_q; q=0.8, test"],
+               # Allow string q values, too
+               [["test", ["with_q_str", "0.7"]], "with_q_str; q=0.7, test"],
+               # Test q values out of bounds
+               [[["test", -1.0]], nil],
+               [[["test", 1.1]], nil],
+               # Test sorting of types by q value
+               [[["middle", 0.5], ["min", 0.1], "max"],
+                "min; q=0.1, middle; q=0.5, max"],
+
+              ].each { |input, expected_header|
+
+        if expected_header.nil?
+          assert_raise(ArgumentError) {
+            Yadis.generate_accept_header(*input)
+          }
+        else
+          assert_equal(expected_header, Yadis.generate_accept_header(*input),
+                       [input, expected_header].inspect)
+        end
+      }
+    end
+
+  end
+
+end

data/test/test_association.rb

@@ -0,0 +1,266 @@
+require "test/unit"
+require "openid/association"
+
+module OpenID
+  class AssociationTestCase < Test::Unit::TestCase
+    def setup
+      # Use this funny way of getting a time so that it does not have
+      # fractional seconds, and so can be serialized exactly using our
+      # standard code.
+      issued = Time.at(Time.now.to_i)
+      lifetime = 600
+
+      @assoc = Association.new('handle', 'secret', issued,
+                               lifetime, 'HMAC-SHA1')
+    end
+
+    def test_round_trip
+      assoc2 = Association.deserialize(@assoc.serialize())
+      [:handle, :secret, :lifetime, :assoc_type].each do |attr|
+        assert_equal(@assoc.send(attr), assoc2.send(attr))
+      end
+    end
+
+    def test_deserialize_failure
+      field_list = Util.kv_to_seq(@assoc.serialize)
+      kv = Util.seq_to_kv(field_list + [['monkeys', 'funny']])
+      assert_raises(ProtocolError) {
+        Association.deserialize(kv)
+      }
+
+      bad_version_list = field_list.dup
+      bad_version_list[0] = ['version', 'moon']
+      bad_version_kv = Util.seq_to_kv(bad_version_list)
+      assert_raises(ProtocolError) {
+        Association.deserialize(bad_version_kv)
+      }
+    end
+
+    def test_serialization_identity
+      assoc2 = Association.deserialize(@assoc.serialize)
+      assert_equal(@assoc, assoc2)
+    end
+
+    def test_expires_in
+      # Allow one second of slop
+      assert(@assoc.expires_in.between?(599,600))
+      assert(@assoc.expires_in(Time.now.to_i).between?(599,600))
+      assert_equal(0,@assoc.expires_in(Time.now.to_i + 10000),"negative expires_in")
+    end
+
+    def test_from_expires_in
+      start_time = Time.now
+      expires_in = @assoc.expires_in
+      assoc = Association.from_expires_in(expires_in,
+                                          @assoc.handle,
+                                          @assoc.secret,
+                                          @assoc.assoc_type)
+
+      # Allow one second of slop here for code execution time
+      assert_in_delta(1, assoc.expires_in, @assoc.expires_in)
+      [:handle, :secret, :assoc_type].each do |attr|
+        assert_equal(@assoc.send(attr), assoc.send(attr))
+      end
+
+      # Make sure the issued time is near the start
+      assert(assoc.issued >= start_time)
+      assert_in_delta(1, assoc.issued.to_f, start_time.to_f)
+    end
+
+    def test_sign_sha1
+      pairs = [['key1', 'value1'],
+               ['key2', 'value2']]
+
+      [['HMAC-SHA256', "\xfd\xaa\xfe;\xac\xfc*\x988\xad\x05d6-"\
+                       "\xeaVy\xd5\xa5Z.<\xa9\xed\x18\x82\\$"\
+                       "\x95x\x1c&"],
+       ['HMAC-SHA1', "\xe0\x1bv\x04\xf1G\xc0\xbb\x7f\x9a\x8b"\
+                     "\xe9\xbc\xee}\\\xe5\xbb7*"],
+      ].each do |assoc_type, expected|
+        assoc = Association.from_expires_in(3600, "handle", 'very_secret',
+                                            assoc_type)
+        sig = assoc.sign(pairs)
+        assert_equal(sig, expected)
+
+        m = Message.new(OPENID2_NS)
+        pairs.each { |k, v|
+          m.set_arg(OPENID_NS, k, v)
+        }
+        m.set_arg(BARE_NS, "not_an_openid_arg", "bogus")
+
+        signed_m = assoc.sign_message(m)
+        assert(signed_m.has_key?(OPENID_NS, 'sig'))
+        assert_equal(signed_m.get_arg(OPENID_NS, 'signed'),
+                     'assoc_handle,key1,key2,ns,signed')
+      end
+    end
+
+    def test_sign_message_with_sig
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'sig', 'noise')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+
+    def test_sign_message_with_signed
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'signed', 'fields')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+
+    def test_sign_different_assoc_handle
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'assoc_handle', 'different')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+
+    def test_sign_bad_assoc_type
+      @assoc.instance_eval { @assoc_type = 'Cookies' }
+      assert_raises(ProtocolError) {
+        @assoc.sign([])
+      }
+    end
+
+    def test_make_pairs
+      msg = Message.new(OPENID2_NS)
+      msg.update_args(OPENID2_NS, {
+                        'mode' => 'id_res',
+                        'identifier' => '=example',
+                        'signed' => 'identifier,mode',
+                        'sig' => 'cephalopod',
+                      })
+      msg.update_args(BARE_NS, {'xey' => 'value'})
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      pairs = assoc.make_pairs(msg)
+      assert_equal([['identifier', '=example'],
+                    ['mode', 'id_res']], pairs)
+    end
+
+    def test_check_message_signature_no_signed
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'sig' => 'coyote',
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert_raises(ProtocolError) {
+        assoc.check_message_signature(m)
+      }
+    end
+
+    def test_check_message_signature_no_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert_raises(ProtocolError) {
+        assoc.check_message_signature(m)
+      }
+    end
+
+    def test_check_message_signature_bad_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                      'sig' => Util.to_base64('coyote'),
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert(!assoc.check_message_signature(m))
+    end
+
+    def test_check_message_signature_good_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                      'sig' => Util.to_base64('coyote'),
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      class << assoc
+        # Override sign, because it's already tested elsewhere
+        def sign(pairs)
+          "coyote"
+        end
+      end
+
+      assert(assoc.check_message_signature(m))
+    end
+  end
+
+  class AssociationNegotiatorTestCase < Test::Unit::TestCase
+    def assert_equal_under(item1, item2)
+      val1 = yield(item1)
+      val2 = yield(item2)
+      assert_equal(val1, val2)
+    end
+
+    def test_copy
+      neg = AssociationNegotiator.new([['HMAC-SHA1', 'DH-SHA1']])
+      neg2 = neg.copy
+      assert_equal_under(neg, neg2) {|n| n.instance_eval{@allowed_types} }
+      assert(neg.object_id != neg2.object_id)
+    end
+
+    def test_add_allowed
+      neg = AssociationNegotiator.new([])
+      assert(!neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(!neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      neg.add_allowed_type('HMAC-SHA1')
+      assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      neg.add_allowed_type('HMAC-SHA256', 'DH-SHA256')
+      assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      assert_equal(neg.get_allowed_type, ['HMAC-SHA1', 'DH-SHA1'])
+    end
+
+    def test_bad_assoc_type
+      assert_raises(ProtocolError) {
+        AssociationNegotiator.new([['OMG', 'Ponies']])
+      }
+    end
+
+    def test_bad_session_type
+      assert_raises(ProtocolError) {
+        AssociationNegotiator.new([['HMAC-SHA1', 'OMG-Ponies']])
+      }
+    end
+
+    def test_default_negotiator
+      assert_equal(DefaultNegotiator.get_allowed_type,
+                   ['HMAC-SHA1', 'DH-SHA1'])
+      assert(DefaultNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
+    end
+
+    def test_encrypted_negotiator
+      assert_equal(EncryptedNegotiator.get_allowed_type,
+                   ['HMAC-SHA1', 'DH-SHA1'])
+      assert(!EncryptedNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
+    end
+  end
+end