ruby-openid 1.1.4 → 2.0.1

data/test/test_checkid_request.rb

@@ -0,0 +1,297 @@
+require "openid/consumer/checkid_request"
+require "openid/message"
+require "test/unit"
+require "testutil"
+require "util"
+
+module OpenID
+  class Consumer
+    class CheckIDRequest
+      # For testing
+      attr_reader :message
+
+      class DummyEndpoint
+        attr_accessor :preferred_namespace, :local_id, :server_url,
+          :is_op_identifier, :claimed_id
+
+        def initialize
+          @preferred_namespace = nil
+          @local_id = nil
+          @server_url = nil
+          @is_op_identifier = false
+        end
+
+        def get_local_id
+          @local_id
+        end
+
+        def compatibility_mode
+          @preferred_namespace == OPENID1_NS
+        end
+      end
+
+      module CheckIDTestMixin
+        include TestUtil
+
+        def setup
+          @endpoint = DummyEndpoint.new
+          @endpoint.local_id = 'http://server.unittest/joe'
+          @endpoint.claimed_id = 'http://joe.vanity.example/'
+          @endpoint.server_url = 'http://server.unittest/'
+          @endpoint.preferred_namespace = preferred_namespace
+          @realm = 'http://example/'
+          @return_to = 'http://example/return/'
+          @assoc = GoodAssoc.new
+          @checkid_req = CheckIDRequest.new(@assoc, @endpoint)
+        end
+
+        def assert_has_identifiers(msg, local_id, claimed_id)
+          assert_openid_value_equal(msg, 'identity', local_id)
+          assert_openid_value_equal(msg, 'claimed_id', claimed_id)
+        end
+
+        def assert_openid_key_exists(msg, key)
+          assert(msg.get_arg(OPENID_NS, key),
+                 "#{key} not present in #{msg.get_args(OPENID_NS).inspect}")
+        end
+
+        def assert_openid_key_absent(msg, key)
+          assert(msg.get_arg(OPENID_NS, key).nil?)
+        end
+
+        def assert_openid_value_equal(msg, key, expected)
+          actual = msg.get_arg(OPENID_NS, key, NO_DEFAULT)
+          error_text = ("Expected #{expected.inspect} for openid.#{key} "\
+                        "but got #{actual.inspect}: #{msg.inspect}")
+          assert_equal(expected, actual, error_text)
+        end
+
+        def assert_anonymous(msg)
+          ['claimed_id', 'identity'].each do |key|
+            assert_openid_key_absent(msg, key)
+          end
+        end
+
+        def assert_has_required_fields(msg)
+          internal_message = @checkid_req.instance_variable_get(:@message)
+          assert_equal(preferred_namespace,
+                       internal_message.get_openid_namespace)
+
+          assert_equal(preferred_namespace, msg.get_openid_namespace)
+          assert_openid_value_equal(msg, 'mode', expected_mode)
+
+          # Implement these in subclasses because they depend on
+          # protocol differences!
+          assert_has_realm(msg)
+          assert_identifiers_present(msg)
+        end
+
+        # TESTS
+
+        def test_check_no_assoc_handle
+          @checkid_req.instance_variable_set('@assoc', nil)
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_openid_key_absent(msg, 'assoc_handle')
+        end
+
+        def test_check_with_assoc_handle
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+
+          assert_openid_value_equal(msg, 'assoc_handle', @assoc.handle)
+        end
+
+        def test_add_extension_arg
+          @checkid_req.add_extension_arg('bag:', 'color', 'brown')
+          @checkid_req.add_extension_arg('bag:', 'material', 'paper')
+          assert(@checkid_req.message.namespaces.member?('bag:'))
+          assert_equal(@checkid_req.message.get_args('bag:'),
+                       {'color' => 'brown', 'material' => 'paper'})
+
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+
+          # XXX: this depends on the way that Message assigns
+          # namespaces. Really it doesn't care that it has alias "0",
+          # but that is tested anyway
+          post_args = msg.to_post_args()
+          assert_equal('brown', post_args['openid.ext0.color'])
+          assert_equal('paper', post_args['openid.ext0.material'])
+        end
+
+        def test_standard
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_identifiers(msg, @endpoint.local_id, @endpoint.claimed_id)
+        end
+
+        def test_send_redirect?
+          silence_logging {
+            url = @checkid_req.redirect_url(@realm, @return_to, immediate)
+            assert(url.length < OPENID1_URL_LIMIT)
+            assert(@checkid_req.send_redirect?(@realm, @return_to, immediate))
+
+            @return_to << '/foo' * 1000
+            url = @checkid_req.redirect_url(@realm, @return_to, immediate)
+            assert(url.length > OPENID1_URL_LIMIT)
+            actual = @checkid_req.send_redirect?(@realm, @return_to, immediate)
+            expected = preferred_namespace != OPENID2_NS
+            assert_equal(expected, actual)
+          }
+        end
+      end
+
+      class TestCheckIDRequestOpenID2 < Test::Unit::TestCase
+        include CheckIDTestMixin
+
+        def immediate
+          false
+        end
+
+        def expected_mode
+          'checkid_setup'
+        end
+
+        def preferred_namespace
+          OPENID2_NS
+        end
+
+        # check presence of proper realm key and absence of the wrong
+        # one.
+        def assert_has_realm(msg)
+          assert_openid_value_equal(msg, 'realm', @realm)
+          assert_openid_key_absent(msg, 'trust_root')
+        end
+
+        def assert_identifiers_present(msg)
+          identity_present = msg.has_key?(OPENID_NS, 'identity')
+          claimed_present = msg.has_key?(OPENID_NS, 'claimed_id')
+
+          assert_equal(claimed_present, identity_present)
+        end
+
+        # OpenID Checkid_Requests should be able to set 'anonymous' to true.
+        def test_set_anonymous_works_for_openid2
+          assert(@checkid_req.message.is_openid2)
+          assert_nothing_raised {@checkid_req.anonymous = true}
+          assert_nothing_raised {@checkid_req.anonymous = false}
+        end
+
+        def test_user_anonymous_ignores_identfier
+          @checkid_req.anonymous = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_anonymous(msg)
+        end
+
+        def test_op_anonymous_ignores_identifier
+          @endpoint.is_op_identifier = true
+          @checkid_req.anonymous = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_anonymous(msg)
+        end
+
+        def test_op_identifier_sends_identifier_select
+          @endpoint.is_op_identifier = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_has_identifiers(msg, IDENTIFIER_SELECT, IDENTIFIER_SELECT)
+        end
+      end
+
+      class TestCheckIDRequestOpenID1 < Test::Unit::TestCase
+        include CheckIDTestMixin
+
+        def immediate
+          false
+        end
+
+        def preferred_namespace
+          OPENID1_NS
+        end
+
+        def expected_mode
+          'checkid_setup'
+        end
+
+        # Make sure claimed_is is *absent* in request.
+        def assert_has_identifiers(msg, op_specific_id, claimed_id)
+          assert_openid_value_equal(msg, 'identity', op_specific_id)
+          assert_openid_key_absent(msg, 'claimed_id')
+        end
+
+        def assert_identifiers_present(msg)
+          assert_openid_key_absent(msg, 'claimed_id')
+          assert(msg.has_key?(OPENID_NS, 'identity'))
+        end
+
+        # check presence of proper realm key and absence of the wrong
+        # one.
+        def assert_has_realm(msg)
+          assert_openid_value_equal(msg, 'trust_root', @realm)
+          assert_openid_key_absent(msg, 'realm')
+        end
+
+        # TESTS
+
+        # OpenID 1 requests MUST NOT be able to set anonymous to true
+        def test_set_anonymous_fails_for_openid1
+          assert(@checkid_req.message.is_openid1)
+          assert_raises(ArgumentError) {
+            @checkid_req.anonymous = true
+          }
+          assert_nothing_raised{
+            @checkid_req.anonymous = false
+          }
+        end
+
+        # Identfier select SHOULD NOT be sent, but this pathway is in
+        # here in case some special discovery stuff is done to trigger
+        # it with OpenID 1. If it is triggered, it will send
+        # identifier_select just like OpenID 2.
+        def test_identifier_select
+          @endpoint.is_op_identifier = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_equal(IDENTIFIER_SELECT,
+                       msg.get_arg(OPENID1_NS, 'identity'))
+        end
+
+      end
+
+      class TestCheckIDRequestOpenID1Immediate < TestCheckIDRequestOpenID1
+        def immediate
+          true
+        end
+
+        def expected_mode
+          'checkid_immediate'
+        end
+      end
+
+      class TestCheckid_RequestOpenID2Immediate < TestCheckIDRequestOpenID2
+        def immediate
+          true
+        end
+
+        def expected_mode
+          'checkid_immediate'
+        end
+      end
+    end
+  end
+end

data/test/test_consumer.rb

@@ -0,0 +1,257 @@
+require "openid/consumer"
+require "test/unit"
+require "testutil"
+
+module OpenID
+  class Consumer
+    module TestConsumer
+      class TestLastEndpoint < Test::Unit::TestCase
+        def test_set_get
+          session = {}
+          consumer = Consumer.new(session, nil)
+          consumer.send(:last_requested_endpoint=, :endpoint)
+          ep = consumer.send(:last_requested_endpoint)
+          assert_equal(:endpoint, ep)
+          ep = consumer.send(:last_requested_endpoint)
+          assert_equal(:endpoint, ep)
+          consumer.send(:cleanup_last_requested_endpoint)
+          ep = consumer.send(:last_requested_endpoint)
+          assert_equal(nil, ep)
+        end
+      end
+
+      class TestBegin < Test::Unit::TestCase
+        attr_accessor :user_input, :anonymous, :services,
+          :discovered_identifier, :checkid_request, :service
+
+        def setup
+          @discovered_identifier = 'http://discovered/'
+          @user_input = 'user.input'
+          @service = :service
+          @services = [@service]
+          @session = {}
+          @anonymous = false
+          @checkid_request = :checkid_request
+        end
+
+        def consumer
+          test = self
+          consumer = Consumer.new(@session, nil)
+          consumer.extend(InstanceDefExtension)
+          consumer.instance_def(:discover) do |identifier|
+            test.assert_equal(test.user_input, identifier)
+            [test.discovered_identifier, test.services]
+          end
+          consumer.instance_def(:begin_without_discovery) do
+            |service, sent_anonymous|
+            test.assert_equal(test.service, service)
+            test.assert_equal(test.anonymous, sent_anonymous)
+            test.checkid_request
+          end
+          consumer
+        end
+
+        def test_begin
+          checkid_request = consumer.begin(@user_input, @anonymous)
+          assert_equal(:checkid_request, checkid_request)
+          assert_equal(['OpenID::Consumer::DiscoveredServices::'\
+                        'OpenID::Consumer::'], @session.keys.sort!)
+        end
+
+        def test_begin_failure
+          @services = []
+          assert_raises(DiscoveryFailure) {
+            consumer.begin(@user_input, @anonymous)
+          }
+        end
+
+        def test_begin_fallback
+          @services = [:service1, :service2]
+          consumer = self.consumer
+          @service = :service1
+          consumer.begin(@user_input, @anonymous)
+          @service = :service2
+          consumer.begin(@user_input, @anonymous)
+          @service = :service1
+          consumer.begin(@user_input, @anonymous)
+          @service = :service2
+          consumer.begin(@user_input, @anonymous)
+        end
+      end
+
+      class TestBeginWithoutDiscovery < Test::Unit::TestCase
+        attr_reader :assoc
+        def setup
+          @session = {}
+          @assoc = :assoc
+          @service = OpenIDServiceEndpoint.new
+          @claimed_id = 'http://claimed.id/'
+          @service.claimed_id = @claimed_id
+          @anonymous = false
+        end
+
+        def consumer
+          test = self
+          assoc_manager = Object.new
+          assoc_manager.extend(InstanceDefExtension)
+          assoc_manager.instance_def(:get_association) do
+            test.assoc
+          end
+
+          consumer = Consumer.new(@session, nil)
+          consumer.extend(InstanceDefExtension)
+          consumer.instance_def(:association_manager) do
+            assoc_manager
+          end
+          consumer
+        end
+
+        def call_begin_without_discovery
+          result = consumer.begin_without_discovery(@service, @anonymous)
+          assert(result.instance_of?(CheckIDRequest))
+          assert_equal(@anonymous, result.anonymous)
+          assert_equal(@service, consumer.send(:last_requested_endpoint))
+          assert_equal(result.instance_variable_get(:@assoc), @assoc)
+          return result
+        end
+
+        def cid_name
+          Consumer.openid1_return_to_claimed_id_name
+        end
+
+        def nonce_name
+          Consumer.openid1_return_to_nonce_name
+        end
+
+        def test_begin_without_openid1
+          result = call_begin_without_discovery
+
+          assert_equal(@claimed_id, result.return_to_args[cid_name])
+          assert_equal([cid_name, nonce_name].sort!,
+                       result.return_to_args.keys.sort!)
+        end
+
+        def test_begin_without_openid1_anonymous
+          @anonymous = true
+          assert_raises(ArgumentError) {
+            call_begin_without_discovery
+          }
+        end
+
+        def test_begin_without_openid2
+          @service.type_uris = [OPENID_2_0_TYPE]
+          result = call_begin_without_discovery
+
+          assert(result.return_to_args.empty?)
+        end
+
+        def test_begin_without_openid2_anonymous
+          @anonymous = true
+          @service.type_uris = [OPENID_2_0_TYPE]
+          result = call_begin_without_discovery
+
+          assert(result.return_to_args.empty?)
+        end
+      end
+
+      class TestComplete < Test::Unit::TestCase
+        def setup
+          @session = {}
+          @consumer = Consumer.new(@session, nil)
+        end
+
+        def test_bad_mode
+          response = @consumer.complete({'openid.ns' => OPENID2_NS,
+                                        'openid.mode' => 'bad'}, nil)
+          assert_equal(FAILURE, response.status)
+        end
+
+        def test_missing_mode
+          response = @consumer.complete({'openid.ns' => OPENID2_NS}, nil)
+          assert_equal(FAILURE, response.status)
+        end
+
+        def test_cancel
+          response = @consumer.complete({'openid.mode' => 'cancel'}, nil)
+          assert_equal(CANCEL, response.status)
+        end
+
+        def test_setup_needed_openid1
+          response = @consumer.complete({'openid.mode' => 'setup_needed'}, nil)
+          assert_equal(FAILURE, response.status)
+        end
+
+        def test_setup_needed_openid2
+          args = {'openid.ns' => OPENID2_NS, 'openid.mode' => 'setup_needed'}
+          response = @consumer.complete(args, nil)
+          assert_equal(SETUP_NEEDED, response.status)
+        end
+
+        def test_idres_setup_needed_openid1
+          setup_url = 'http://setup.url/'
+          args = {
+            'openid.user_setup_url' => setup_url,
+            'openid.mode' => 'id_res',
+          }
+          response = @consumer.complete(args, nil)
+          assert_equal(SETUP_NEEDED, response.status)
+        end
+
+        def test_error
+          contact = 'me'
+          reference = 'thing thing'
+          args = {
+            'openid.mode' => 'error',
+            'openid.contact' => contact,
+            'openid.reference' => reference,
+          }
+          response = @consumer.complete(args, nil)
+          assert_equal(FAILURE, response.status)
+          assert_equal(contact, response.contact)
+          assert_equal(reference, response.reference)
+
+          args['openid.ns'] = OPENID2_NS
+          response = @consumer.complete(args, nil)
+          assert_equal(FAILURE, response.status)
+          assert_equal(contact, response.contact)
+          assert_equal(reference, response.reference)
+        end
+
+        def test_idres_openid1
+          args = {
+            'openid.mode' => 'id_res',
+          }
+
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.claimed_id = :test_claimed_id
+
+          idres = Object.new
+          idres.extend(InstanceDefExtension)
+          idres.instance_def(:endpoint){endpoint}
+          idres.instance_def(:signed_fields){:test_signed_fields}
+
+          test = self
+          @consumer.extend(InstanceDefExtension)
+          @consumer.instance_def(:handle_idres) {|message, return_to|
+            test.assert_equal(args, message.to_post_args)
+            test.assert_equal(:test_return_to, return_to)
+            idres
+          }
+
+          response = @consumer.complete(args, :test_return_to)
+          assert_equal(SUCCESS, response.status, response.message)
+          assert_equal(:test_claimed_id, response.identity_url)
+          assert_equal(endpoint, response.endpoint)
+
+          error_message = "In Soviet Russia, id_res handles you!"
+          @consumer.instance_def(:handle_idres) {|message, return_to|
+            raise ProtocolError, error_message
+          }
+          response = @consumer.complete(args, :test_return_to)
+          assert_equal(FAILURE, response.status)
+          assert_equal(error_message, response.message)
+        end
+      end
+    end
+  end
+end

data/test/test_cryptutil.rb

@@ -0,0 +1,117 @@
+require 'test/unit'
+require "openid/cryptutil"
+
+class CryptUtilTestCase < Test::Unit::TestCase
+  BIG = 2 ** 256
+
+  def test_rand
+    # If this is not true, the rest of our test won't work
+    assert(BIG.is_a?(Bignum))
+
+    # It's possible that these will be small enough for fixnums, but
+    # extraorindarily unlikely.
+    a = OpenID::CryptUtil.rand(BIG)
+    b = OpenID::CryptUtil.rand(BIG)
+    assert(a.is_a?(Bignum))
+    assert(b.is_a?(Bignum))
+    assert_not_equal(a, b)
+  end
+
+  def test_rand_doesnt_depend_on_srand
+    Kernel.srand(1)
+    a = OpenID::CryptUtil.rand(BIG)
+    Kernel.srand(1)
+    b = OpenID::CryptUtil.rand(BIG)
+    assert_not_equal(a, b)
+  end
+
+  def test_random_binary_convert
+    (0..500).each do
+      n = (0..10).inject(0) {|sum, element| sum + OpenID::CryptUtil.rand(BIG) }
+      s = OpenID::CryptUtil.num_to_binary n
+      assert(s.is_a?(String))
+      n_converted_back = OpenID::CryptUtil.binary_to_num(s)
+      assert_equal(n, n_converted_back)
+    end
+  end
+
+  def test_enumerated_binary_convert
+    {
+        "\x00" => 0,
+        "\x01" => 1,
+        "\x7F" => 127,
+        "\x00\xFF" => 255,
+        "\x00\x80" => 128,
+        "\x00\x81" => 129,
+        "\x00\x80\x00" => 32768,
+        "OpenID is cool" => 1611215304203901150134421257416556,
+    }.each do |str, num|
+      num_prime = OpenID::CryptUtil.binary_to_num(str)
+      str_prime = OpenID::CryptUtil.num_to_binary(num)
+      assert_equal(num, num_prime)
+      assert_equal(str, str_prime)
+    end
+  end
+
+  def with_n2b64
+    test_dir = Pathname.new(__FILE__).dirname
+    filename = test_dir.join('data', 'n2b64')
+    File.open(filename) do |file|
+      file.each_line do |line|
+        base64, base10 = line.chomp.split
+        yield base64, base10.to_i
+      end
+    end
+  end
+
+  def test_base64_to_num
+    with_n2b64 do |base64, num|
+      assert_equal(num, OpenID::CryptUtil.base64_to_num(base64))
+    end
+  end
+
+  def test_base64_to_num_invalid
+    assert_raises(ArgumentError) {
+      OpenID::CryptUtil.base64_to_num('!@#$')
+    }
+  end
+
+  def test_num_to_base64
+    with_n2b64 do |base64, num|
+      assert_equal(base64, OpenID::CryptUtil.num_to_base64(num))
+    end
+  end
+
+  def test_randomstring
+    s1 = OpenID::CryptUtil.random_string(42)
+    assert_equal(42, s1.length)
+    s2 = OpenID::CryptUtil.random_string(42)
+    assert_equal(42, s2.length)
+    assert_not_equal(s1, s2)
+  end
+
+  def test_randomstring_population
+    s1 = OpenID::CryptUtil.random_string(42, "XO")
+    assert_match(/[XO]{42}/, s1)
+  end
+
+  def test_sha1
+    assert_equal("\x11\xf6\xad\x8e\xc5*)\x84\xab\xaa\xfd|;Qe\x03x\\ r",
+                 OpenID::CryptUtil.sha1('x'))
+  end
+
+  def test_hmac_sha1
+    assert_equal("\x8bo\xf7O\xa7\x18*\x90\xac ah\x16\xf7\xb8\x81JB\x9f|",
+                 OpenID::CryptUtil.hmac_sha1('x', 'x'))
+  end
+
+  def test_sha256
+    assert_equal("-q\x16B\xb7&\xb0D\x01b|\xa9\xfb\xac2\xf5\xc8S\x0f\xb1\x90<\xc4\xdb\x02%\x87\x17\x92\x1aH\x81",
+                 OpenID::CryptUtil.sha256('x'))
+  end
+
+  def test_hmac_sha256
+    assert_equal("\x94{\xd2w\xb2\xd3\\\xfc\x07\xfb\xc7\xe3b\xf2iuXz1\xf8:}\xffx\x8f\xda\xc1\xfaC\xc4\xb2\x87",
+                 OpenID::CryptUtil.hmac_sha256('x', 'x'))
+  end
+end