rots 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 172f3bd6eee16ac007608e427e6dac75ddab29657cdb701c6bce562a1959f66d
+  data.tar.gz: 386ee12b9e29481d6c7a3c063e730510bf2e5718d89b3aedf3211d37fefd4ea9
+SHA512:
+  metadata.gz: e2610b68941ba6da18d9e1b189aa4341bbb17b37d38e18912c0ea5ee121e42f1cc1cd96eb9338170db8af09cedb90aabe4bdd63064432cc3117b1be9e3c50586
+  data.tar.gz: 65f012defce46b5ebad95bc43bc7820a7843b10de6cc7e167c26d65aae679d3789b6b7b5170492ce16feb0f216f9623fb58bb19a6c57a11c9576915f45f1d6f7

checksums.yaml.gz.sig

@@ -0,0 +1,3 @@
+;5�00c\��'��D+���X
+�j��?�=�Kb����l�d�p�)�='Y(����*�v�+��)ѣBc4�*@)֑�5i6�B��'�z�&3�FF=1�{�wdR���f���WnB%��F'.�0�Tu<�)+@b�:�׍���@�hǩ�K�
+�q�	?\�~���Y�%>x���5t����;��|[ڹ�^4ƙ��QW+�y�X޲�d��wE3z]<d��M�֬��)N���ڕ��>q���.t＾

data/AUTHORS

@@ -0,0 +1,4 @@
+* Roman Gonzalez <romanandreg@gmail.com>
+* Anibal Rojas <anibal@rojas.net.ve>
+* Tom Quackenbush <tquackenbush@agoragames.com>
+* Peter Boling <peter.boling@gmail.com>

data/CHANGELOG.md

@@ -0,0 +1,22 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+Since version 3.0.0, the format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+### Added
+### Changed
+### Fixed
+### Removed
+
+## 1.0.0 - 2024-09-24
+COVERAGE:  96.33% -- 236/245 lines in 11 files
+BRANCH COVERAGE:  77.78% -- 35/45 branches in 11 files
+37.84% documented
+### Fixed
+- More tests & switch to RSpec
+- Modernized code (require_relative)
+- Refactored
+- GitHub Actions for CI
+- Upgraded to ruby-openid2 v3.1.0

data/CONTRIBUTING.md

@@ -0,0 +1,55 @@
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/oauth-xx/rots][🚎src-main]
+. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
+the [code of conduct][🤝conduct].
+
+To submit a patch, please fork the project and create a patch with tests.
+Once you're happy with it send a pull request.
+
+## Release
+
+### One-time, Per-developer, Setup
+
+**IMPORTANT**: Your public key for signing gems will need to be picked up by the line in the
+`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there),
+in order to sign the new release.
+See: [RubyGems Security Guide][🔒️rubygems-security-guide]
+
+### To release a new version:
+
+1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+2. Update the version number in `version.rb`
+3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
+4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
+5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
+   - NOTE: Remember to [check the build][🧪build]!
+6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
+7. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
+8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code
+9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
+   - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
+   - If the echo above has no output, then it didn't work.
+   - Note that you'll need the `zsh/datetime` module, if running `zsh`.
+   - In `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
+10. Run `bundle exec rake build`
+11. Run `bin/checksums` (more [context][🔒️rubygems-checksums-pr]) to create SHA-256 and SHA-512 checksums
+    - Checksums will be committed automatically by the script, but not pushed
+12. Run `bundle exec rake release` which will create a git tag for the version,
+    push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
+
+## Contributors
+
+[![Contributors][🖐contributors-img]][🖐contributors]
+
+Made with [contributors-img][🖐contrib-rocks].
+
+[🧪build]: https://github.com/oauth-xx/rots/actions
+[🤝conduct]: https://github.com/oauth-xx/rots/blob/main/CODE_OF_CONDUCT.md
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/oauth-xx/rots/graphs/contributors
+[🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/rots
+[💎rubygems]: https://rubygems.org
+[🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
+[🔒️rubygems-checksums-pr]: https://github.com/rubygems/guides/pull/325
+[🚎src-main]: https://github.com/oauth-xx/rots

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2009 - 2011, 2013 - 2014, 2017 Roman Gonzalez <romanandreg@gmail.com>
+Copyright (c) 2024 Peter H. Boling, http://railsbling.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,255 @@
+# ROTS - Ruby OpenID Test Server
+
+<div id="badges">
+
+<div align="center">
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
+[![Version](https://img.shields.io/gem/v/rots.svg)](https://rubygems.org/gems/rots)
+[![Downloads Today](https://img.shields.io/gem/rd/rots.svg)](https://github.com/oauth-xx/rots)
+[![CodeCov][🖇codecov-img♻️]][🖇codecov]
+[![CI Supported Build][🚎s-wfi]][🚎s-wf]
+[![CI Unsupported Build][🚎us-wfi]][🚎us-wf]
+[![CI Style Build][🚎st-wfi]][🚎st-wf]
+[![CI Coverage Build][🚎cov-wfi]][🚎cov-wf]
+[![CI Heads Build][🚎hd-wfi]][🚎hd-wf]
+[![CI Ancient Build][🚎an-wfi]][🚎an-wf]
+
+[🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/rots/graph/badge.svg?token=qycnWzl6qM
+[🖇codecov]: https://codecov.io/gh/oauth-xx/rots
+[🚎s-wf]: https://github.com/oauth-xx/rots/actions/workflows/supported.yml
+[🚎s-wfi]: https://github.com/oauth-xx/rots/actions/workflows/supported.yml/badge.svg
+[🚎us-wf]: https://github.com/oauth-xx/rots/actions/workflows/unsupported.yml
+[🚎us-wfi]: https://github.com/oauth-xx/rots/actions/workflows/unsupported.yml/badge.svg
+[🚎st-wf]: https://github.com/oauth-xx/rots/actions/workflows/style.yml
+[🚎st-wfi]: https://github.com/oauth-xx/rots/actions/workflows/style.yml/badge.svg
+[🚎cov-wf]: https://github.com/oauth-xx/rots/actions/workflows/coverage.yml
+[🚎cov-wfi]: https://github.com/oauth-xx/rots/actions/workflows/coverage.yml/badge.svg
+[🚎hd-wf]: https://github.com/oauth-xx/rots/actions/workflows/heads.yml
+[🚎hd-wfi]: https://github.com/oauth-xx/rots/actions/workflows/heads.yml/badge.svg
+[🚎an-wf]: https://github.com/oauth-xx/rots/actions/workflows/ancient.yml
+[🚎an-wfi]: https://github.com/oauth-xx/rots/actions/workflows/ancient.yml/badge.svg
+
+</div>
+
+-----
+
+<div align="center">
+
+[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay]
+[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor]
+[![Polar Shield][🖇polar-img]][🖇polar]
+[![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi]
+[![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+
+[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+[🖇polar-img]: https://polar.sh/embed/seeks-funding-shield.svg?org=pboling
+[🖇polar]: https://polar.sh/pboling
+[🖇kofi-img]: https://img.shields.io/badge/buy%20me%20coffee-donate-yellow.svg
+[🖇kofi]: https://ko-fi.com/O5O86SNP4
+[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-yellow.svg
+[🖇patreon]: https://patreon.com/galtzo
+
+<span class="badge-buymealatte">
+<a href="https://www.buymeacoffee.com/pboling"><img src="https://img.buymeacoffee.com/button-api/?text=Buy me a latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff" /></a>
+</span>
+
+</div>
+</div>
+
+Ruby OpenID Test Server (ROTS) is a dummy OpenID server that makes consumer tests dead easy.
+
+ROTS is a minimal implementation of an OpenID server, developed on top of the Rack middleware, this
+server provides an easy to use interface to make testing OpenID consumers really easy.
+
+## No more mocks
+
+Have you always wanted to test the authentication of an OpenID consumer implementation, but find your self
+in a point where is to hard to mock? A lot of people have been there.
+
+With ROTS, you only need to specify an identity url provided by the dummy server, passing with it a flag
+saying that you want the authentication to be successful. It handles SREG extensions as well.
+
+### Or do use mocks, maybe?
+
+You can also require a library of mocks and request helpers which might be useful in your tests (perhaps in your `spec_helper.rb`):
+
+```ruby
+require "rots/mocks"
+require "rots/test"
+
+OpenID.fetcher = Rots::Mocks::Fetcher.new(Rots::Mocks::RotsServer.new)
+
+RSpec.configure do |config|
+  config.include(Rots::Test::RackTestHelpers)
+end
+```
+
+Helpers are written with minitest syntax,
+but RSpec supports that, so it should work in both RSpec and MiniTest,
+and you don't need to switch your other tests to use minitest syntax.
+Use them interchangeably, as needed.
+```ruby
+RSpec.configure do |config|
+  config.expect_with(:rspec, :minitest)
+end
+```
+
+And in another file (see `spec/rots/mocks/integration_spec.rb` for more):
+
+```ruby
+RSpec.describe("openid") do
+  subject(:app) { Rots::Mocks::ClientApp.new(**options) }
+
+  let(:options) { {identifier: "#{Rots::Mocks::RotsServer::SERVER_URL}/john.doe?openid.success=true"} }
+
+  it "with_get" do
+    mock_openid_request(app, "/", method: "GET")
+    follow_openid_redirect!(app)
+
+    assert_equal 200, @response.status
+    assert_equal "GET", @response.headers["X-Method"]
+    assert_equal "/", @response.headers["X-Path"]
+    assert_equal "success", @response.body
+  end
+end
+```
+
+### Note about the deprecation of stdlib gems `logger`, `rexml`, `stringio`, `net-http`, and `uri`
+
+They will not be direct dependencies until the situation with bundler is resolved.
+You will need to add them directly to downstream tools.
+
+See [this discussion](https://github.com/rubygems/rubygems/issues/7178#issuecomment-2372558363) for more information.
+
+## How does it work?
+
+When you install the ROTS gem, a binary called rots is provided for starting the server (for more
+info about what options you have when executing this file, check the -h option).
+
+By default, rots will have a test user called "John Doe", with an OpenID identity "john.doe".
+If you want to use your own test user name, you can specify a config file to rots. The
+default configuration file looks like this:
+
+### Default configuration file
+```yaml
+identity: john.doe
+sreg:
+  nickname: jdoe
+  fullname: John Doe
+  email: jhon@doe.com
+  dob: 1985-09-21
+  gender: M
+```
+
+You can specify a new config file using the option `--config`.
+
+## Getting Started
+
+The best way to get started, is running the rots server, and then starting to execute your OpenID consumer tests/specs. You just have to specify the identity url of your test user, if you want the OpenID response be successful just add the openid.success=true flag to the user identity url. If you don't specify the flag it
+will return a cancel response instead.
+
+Example:
+```ruby
+it "should authenticate with OpenID" do
+  post("/consumer_openid_login", "identity_url" => "http://localhost:1132/john.doe?openid.success=true")
+end
+```
+
+## 🤝 Contributing
+
+See [CONTRIBUTING.md][🤝contributing]
+
+[🤝contributing]: CONTRIBUTING.md
+
+### Code Coverage
+
+If you need some ideas of where to help, you could work on adding more code coverage.
+
+[![Coverage Graph][🔑codecov-g]][🖇codecov]
+
+[🔑codecov-g]: https://codecov.io/gh/oauth-xx/rots/graphs/tree.svg?token=qycnWzl6qM
+
+## 🌈 Contributors
+
+[![Contributors][🖐contributors-img]][🖐contributors]
+
+Made with [contributors-img][🖐contrib-rocks].
+
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/oauth-xx/rots/graphs/contributors
+[🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/rots
+
+## Star History
+
+<a href="https://star-history.com/#oauth-xx/rots&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=oauth-xx/rots&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=oauth-xx/rots&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=oauth-xx/rots&type=Date" />
+ </picture>
+</a>
+
+## 🪇 Code of Conduct
+
+Everyone interacting in this project's codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the [code of conduct][🪇conduct].
+
+[🪇conduct]: CODE_OF_CONDUCT.md
+
+## 📌 Versioning
+
+This Library adheres to [Semantic Versioning 2.0.0][📌semver].
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.
+
+To get a better understanding of how SemVer is intended to work over a project's lifetime,
+read this article from the creator of SemVer:
+
+- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]
+
+As a result of this policy, you can (and should) specify a dependency on these libraries using
+the [Pessimistic Version Constraint][📌pvc] with two digits of precision.
+
+For example:
+
+```ruby
+spec.add_dependency("rots", "~> 1.0")
+```
+
+See [CHANGELOG.md][📌changelog] for list of releases.
+
+[comment]: <> ( 📌 VERSIONING LINKS )
+
+[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
+[📌semver]: http://semver.org/
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📌changelog]: CHANGELOG.md
+
+## 📄 License
+
+The gem is available as open source under the terms of
+the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
+See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
+
+[comment]: <> ( 📄 LEGAL LINKS )
+
+[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
+[📄license]: LICENSE.txt
+[📄license-ref]: https://opensource.org/licenses/MIT
+[📄license-img]: https://img.shields.io/badge/License-MIT-green.svg
+
+### © Copyright
+
+* Copyright (c) 2013 - 2014, 2016 - 2020, 2023 - 2024 [Peter H. Boling][peterboling] of [Rails Bling][railsbling]
+
+[railsbling]: http://www.railsbling.com
+[peterboling]: http://www.peterboling.com
+[bundle-group-pattern]: https://gist.github.com/pboling/4564780
+[documentation]: http://rdoc.info/github/oauth-xx/rots/frames
+[homepage]: https://github.com/oauth-xx/rots

data/SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 1.x     | ✅         |
+| 0.x     | ❌         |
+
+## Reporting a Vulnerability
+
+Peter Boling is the primary maintainer of this gem. Please find a way
+to [contact him directly](https://railsbling.com/contact) to report the issue. Include as much relevant information as
+possible.

data/exe/rots

@@ -0,0 +1,98 @@
+#!/usr/bin/env ruby
+# -*- ruby -*-
+
+require "rots"
+
+server_options = {
+  debugger: false,
+  port: 1123,
+  verbose: true,
+  storage: File.join(".", "tmp", "rots"),
+  config: <<~DEFAULT_CONFIG,
+    # Default configuration file
+    identity: john.doe
+    sreg:
+      nickname: jdoe
+      fullname: John Doe
+      email: jhon@doe.com
+      dob: 1985-09-21
+      gender: M
+    
+  DEFAULT_CONFIG
+}
+
+opts = OptionParser.new do |opts|
+  opts.banner = "Usage: rots [options]"
+
+  opts.separator("")
+  opts.separator("Options:")
+
+  opts.on(
+    "-p",
+    "--port PORT",
+    "use PORT (default: 1123)",
+  ) do |port|
+    server_options[:port] = port
+  end
+
+  opts.on(
+    "-s",
+    "--storage PATH",
+    "use PATH as the OpenID Server storage path (default: ./tmp/rots)",
+  ) do |storage_path|
+    server_options[:storage] = storage_path
+  end
+
+  opts.on(
+    "-c",
+    "--config FILE.yaml",
+    "server configuration YAML file",
+  ) do |config_path|
+    abort("\x1B[31mConfiguration file #{config_path} not found\x1B[0m") unless File.exist?(config_path)
+    server_options[:config] = File.new(config_path)
+  end
+
+  opts.on(
+    "-s",
+    "--silent",
+    "If specified, the server will be in silent mode",
+  ) do
+    server_options[:verbose] = false
+  end
+
+  opts.on("-d", "--debugger") do
+    server_options[:debugger] = true
+  end
+
+  opts.separator("")
+  opts.separator("Common options:")
+
+  opts.on_tail("-h", "--help", "Show this help message") do
+    puts opts
+    exit
+  end
+end
+
+opts.parse!(ARGV)
+
+config = YAML.load(server_options[:config], permitted_classes: [Date])
+
+require "ruby-debug" if server_options[:debugger]
+
+server = Rack::Builder.new do
+  use(Rack::Lint)
+  if server_options[:verbose]
+    use(Rack::CommonLogger, $stdout)
+    use(Rack::ShowExceptions)
+  end
+  map("/%s" % config["identity"]) do
+    run(Rots::IdentityPageApp.new(config, server_options))
+  end
+  map("/server") do
+    run(Rots::ServerApp.new(config, server_options))
+  end
+end
+
+puts "\x1B[32mRunning Ruby OpenID Test Server (ROTS) on port #{server_options[:port]}\x1B[0m" if server_options[:verbose]
+
+Rackup::Server.start(app: server, Port: server_options[:port])

data/lib/rots/identity_page_app.rb

@@ -0,0 +1,37 @@
+# external libraries
+require "rack/request"
+require "rack/response"
+require "rack/utils"
+require "openid"
+
+class Rots::IdentityPageApp
+  def initialize(config, server_options)
+    @server_options = server_options
+    @config = config
+  end
+
+  def call(env)
+    @request = Rack::Request.new(env)
+    Rack::Response.new do |response|
+      response.write(<<~HERE)
+        <html>
+          <head>
+          <link rel="openid2.provider" href="#{op_endpoint}" />
+          <link rel="openid.server" href="#{op_endpoint}" />
+          </head>
+          <body>
+            <h1>This is #{@config["identity"]} identity page</h1>
+          </body>
+        </html>
+      HERE
+    end.finish
+  end
+
+  def op_endpoint
+    "http://%s:%d/server/%s" % [
+      @request.host,
+      @request.port,
+      (@request.params["openid.success"] ? "?openid.success=true" : ""),
+    ]
+  end
+end

data/lib/rots/mocks/client_app.rb

@@ -0,0 +1,53 @@
+require "rack/openid" # rack-openid2
+require "rack/session"
+
+module Rots
+  module Mocks
+    class ClientApp
+      extend Forwardable
+
+      attr_reader :app, :options
+
+      def_delegator :@app, :call
+
+      def initialize(**options)
+        @options = options.dup
+
+        @options[:identifier] ||= "#{Rots::Mocks::RotsServer::SERVER_URL}/john.doe?openid.success=true"
+
+        @app = Rack::Session::Pool.new(Rack::OpenID.new(rack_app))
+      end
+
+      private
+
+      def rack_app
+        # block passed to new is evaluated with instance_eval,
+        #   which searches `binding` for local variables,
+        #   while `self` is searched for instance variables and methods.
+        # A local pointer in `binding` to @options makes it accessible.
+        options = @options
+        lambda { |env|
+          if (resp = env[Rack::OpenID::RESPONSE])
+            headers = {
+              "X-Path" => env["PATH_INFO"],
+              "X-Method" => env["REQUEST_METHOD"],
+              "X-Query-String" => env["QUERY_STRING"],
+            }
+            if resp.status == :success
+              [200, headers, [resp.status.to_s]]
+            elsif resp.status == :setup_needed
+              headers["Location"] = Rots::Mocks::RotsServer::SERVER_URL # TODO update Rots to properly send user_setup_url. This should come from resp.
+              [307, headers, [resp.status.to_s]]
+            else
+              [400, headers, [resp.status.to_s]]
+            end
+          elsif env["MOCK_HTTP_BASIC_AUTH"]
+            [401, {Rack::OpenID::AUTHENTICATE_HEADER => 'Realm="Example"'}, []]
+          else
+            [401, {Rack::OpenID::AUTHENTICATE_HEADER => Rack::OpenID.build_header(options)}, []]
+          end
+        }
+      end
+    end
+  end
+end

data/lib/rots/mocks/mock_fetcher.rb

@@ -0,0 +1,34 @@
+require "openid" # ruby-openid2
+require "rack/utils"
+require "net/http" # stdlib in Ruby < 3, gem after
+require "net/protocol"
+
+module Rots
+  module Mocks
+    class Fetcher
+      def initialize(app)
+        @app = app
+      end
+
+      def fetch(url, body = nil, headers = nil, limit = nil)
+        opts = (headers || {}).dup
+        opts[:input] = body
+        opts[:method] = "POST" if body
+        env = Rack::MockRequest.env_for(url, opts)
+
+        status, headers, body = @app.call(env)
+
+        buf = []
+        buf << "HTTP/1.1 #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]}"
+        headers.each { |header, value| buf << "#{header}: #{value}" }
+        buf << ""
+        body.each { |part| buf << part }
+
+        io = Net::BufferedIO.new(StringIO.new(buf.join("\n")))
+        res = Net::HTTPResponse.read_new(io)
+        res.reading_body(io, true) {}
+        OpenID::HTTPResponse._from_net_response(res, url)
+      end
+    end
+  end
+end

data/lib/rots/mocks/rots_server.rb

@@ -0,0 +1,49 @@
+module Rots
+  module Mocks
+    class RotsServer
+      extend Forwardable
+      SERVER_URL = "http://localhost:9292"
+      DEFAULT_CONFIG = {
+        "identity" => "john.doe",
+        "sreg" => {
+          "nickname" => "jdoe",
+          "fullname" => "John Doe",
+          "email" => "jhon@doe.com",
+          "dob" => Date.parse("1985-09-21"),
+          "gender" => "M",
+        }.freeze,
+      }.freeze
+
+      attr_reader :app, :config
+
+      def_delegator :@app, :call
+
+      # @param config [Hash, nil] - the configuration of the app's authorizable identity
+      def initialize(config = nil)
+        @config ||= DEFAULT_CONFIG
+        raise ArgumentError, "config must be a Hash" unless self.config.is_a?(Hash)
+
+        @app = rack_app
+      end
+
+      private
+
+      def rack_app
+        # block passed to new is evaluated with instance_eval,
+        #   which searches `binding` for local variables,
+        #   while `self` is searched for instance variables and methods.
+        # A local pointer in `binding` to @config makes it accessible.
+        config = @config
+        Rack::Builder.new do
+          map("/%s" % config["identity"]) do
+            run(Rots::IdentityPageApp.new(config, {}))
+          end
+
+          map("/server") do
+            run(Rots::ServerApp.new(config, storage: Dir.tmpdir))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rots/mocks.rb

@@ -0,0 +1,8 @@
+# Not in the runtime dependencies.
+# If you use the mocks, you need to add `rack-openid2` to your Gemfile.
+require "rack/openid" # rack-openid2
+
+# this gem's test support files:
+require_relative "mocks/mock_fetcher"
+require_relative "mocks/rots_server"
+require_relative "mocks/client_app"