ruby-openid 1.1.4 → 2.0.1

data/test/test_stores.rb

@@ -0,0 +1,269 @@
+require 'test/unit'
+require 'openid/store/interface'
+require 'openid/store/filesystem'
+require 'openid/store/memory'
+require 'openid/util'
+require 'openid/store/nonce'
+require 'openid/association'
+
+module OpenID
+  module Store
+    module StoreTestCase
+      @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
+      @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+      
+      def _gen_nonce
+        OpenID::CryptUtil.random_string(8, @@allowed_nonce)
+      end
+
+      def _gen_handle(n)
+        OpenID::CryptUtil.random_string(n, @@allowed_handle)
+      end
+
+      def _gen_secret(n, chars=nil)
+        OpenID::CryptUtil.random_string(n, chars)
+      end
+
+      def _gen_assoc(issued, lifetime=600)
+        secret = _gen_secret(20)
+        handle = _gen_handle(128)
+        OpenID::Association.new(handle, secret, Time.now + issued, lifetime,
+                                'HMAC-SHA1') 
+      end
+      
+      def _check_retrieve(url, handle=nil, expected=nil)
+        ret_assoc = @store.get_association(url, handle)
+
+        if expected.nil?
+          assert_nil(ret_assoc)
+        else
+          assert_equal(expected, ret_assoc)
+          assert_equal(expected.handle, ret_assoc.handle)
+          assert_equal(expected.secret, ret_assoc.secret)
+        end
+      end
+
+      def _check_remove(url, handle, expected)
+        present = @store.remove_association(url, handle)
+        assert_equal(expected, present)
+      end
+
+      def test_store
+        server_url = "http://www.myopenid.com/openid"
+        assoc = _gen_assoc(issued=0)
+
+        # Make sure that a missing association returns no result
+        _check_retrieve(server_url)
+
+        # Check that after storage, getting returns the same result
+        @store.store_association(server_url, assoc)
+        _check_retrieve(server_url, nil, assoc)
+
+        # more than once
+        _check_retrieve(server_url, nil, assoc)
+
+        # Storing more than once has no ill effect
+        @store.store_association(server_url, assoc)
+        _check_retrieve(server_url, nil, assoc)
+
+        # Removing an association that does not exist returns not present
+        _check_remove(server_url, assoc.handle + 'x', false)
+
+        # Removing an association that does not exist returns not present
+        _check_remove(server_url + 'x', assoc.handle, false)
+
+        # Removing an association that is present returns present
+        _check_remove(server_url, assoc.handle, true)
+
+        # but not present on subsequent calls
+        _check_remove(server_url, assoc.handle, false)
+
+        # Put assoc back in the store
+        @store.store_association(server_url, assoc)
+
+        # More recent and expires after assoc
+        assoc2 = _gen_assoc(issued=1)
+        @store.store_association(server_url, assoc2)
+
+        # After storing an association with a different handle, but the
+        # same server_url, the handle with the later expiration is returned.
+        _check_retrieve(server_url, nil, assoc2)
+
+        # We can still retrieve the older association
+        _check_retrieve(server_url, assoc.handle, assoc)
+
+        # Plus we can retrieve the association with the later expiration
+        # explicitly
+        _check_retrieve(server_url, assoc2.handle, assoc2)
+
+        # More recent, and expires earlier than assoc2 or assoc. Make sure
+        # that we're picking the one with the latest issued date and not
+        # taking into account the expiration.
+        assoc3 = _gen_assoc(issued=2, lifetime=100)
+        @store.store_association(server_url, assoc3)
+
+        _check_retrieve(server_url, nil, assoc3)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, assoc2)
+        _check_retrieve(server_url, assoc3.handle, assoc3)
+
+        _check_remove(server_url, assoc2.handle, true)
+
+        _check_retrieve(server_url, nil, assoc3)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, assoc3)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc3.handle, true)
+
+        _check_retrieve(server_url, nil, assoc)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, nil)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc.handle, true)
+        _check_remove(server_url, assoc3.handle, false)
+
+        _check_retrieve(server_url, nil, nil)
+        _check_retrieve(server_url, assoc.handle, nil)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, nil)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc.handle, false)
+        _check_remove(server_url, assoc3.handle, false)
+
+        assocValid1 = _gen_assoc(-3600, 7200)
+        assocValid2 = _gen_assoc(-5)
+        assocExpired1 = _gen_assoc(-7200, 3600)
+        assocExpired2 = _gen_assoc(-7200, 3600)
+
+        @store.cleanup_associations
+        @store.store_association(server_url + '1', assocValid1)
+        @store.store_association(server_url + '1', assocExpired1)
+        @store.store_association(server_url + '2', assocExpired2)
+        @store.store_association(server_url + '3', assocValid2)
+
+        cleaned = @store.cleanup_associations()
+        assert_equal(2, cleaned, "cleaned up associations")
+      end
+
+      def _check_use_nonce(nonce, expected, server_url, msg='')
+        stamp, salt = Nonce::split_nonce(nonce)
+        actual = @store.use_nonce(server_url, stamp, salt)
+        assert_equal(expected, actual, msg)
+      end
+
+      def test_nonce
+        server_url = "http://www.myopenid.com/openid"
+        [server_url, ''].each{|url|
+          nonce1 = Nonce::mk_nonce
+
+          _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default") 
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice") 
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
+          
+          # old nonces shouldn't pass
+          old_nonce = Nonce::mk_nonce(3600)
+          _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
+
+        }
+
+        now = Time.now.to_i
+        old_nonce1 = Nonce::mk_nonce(now - 20000)
+        old_nonce2 = Nonce::mk_nonce(now - 10000)
+        recent_nonce = Nonce::mk_nonce(now - 600)
+
+        orig_skew = Nonce.skew
+        Nonce.skew = 0
+        count = @store.cleanup_nonces
+        Nonce.skew = 1000000
+        ts, salt = Nonce::split_nonce(old_nonce1)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce1")
+        ts, salt = Nonce::split_nonce(old_nonce2)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce2")
+        ts, salt = Nonce::split_nonce(recent_nonce)
+        assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
+
+        
+        Nonce.skew = 1000
+        cleaned = @store.cleanup_nonces
+        assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
+
+        Nonce.skew = 100000
+        ts, salt = Nonce::split_nonce(old_nonce1)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup")
+        ts, salt = Nonce::split_nonce(old_nonce2)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup")
+        ts, salt = Nonce::split_nonce(recent_nonce)
+        assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup")
+
+        Nonce.skew = orig_skew
+
+      end
+    end
+    
+    class FileStoreTestCase < Test::Unit::TestCase
+      include StoreTestCase
+
+      def setup
+        raise "filestoretest directory exists" if File.exists?('filestoretest')
+        @store = Filesystem.new('filestoretest')
+      end
+
+      def teardown
+        Kernel.system('rm -r filestoretest')
+      end
+    end
+
+    class MemoryStoreTestCase < Test::Unit::TestCase
+      include StoreTestCase
+      
+      def setup
+        @store = Memory.new
+      end
+    end
+
+    class AbstractStoreTestCase < Test::Unit::TestCase
+      def test_abstract_class
+        # the abstract made concrete
+        abc = Interface.new()
+        server_url = "http://server.com/"
+        association = OpenID::Association.new("foo", "bar", Time.now, Time.now + 10, "dummy")
+        
+        assert_raise(NotImplementedError) { 
+          abc.store_association(server_url, association)
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.get_association(server_url)
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.remove_association(server_url, association.handle)
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.use_nonce(server_url, Time.now.to_i, "foo")
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.cleanup_nonces()
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.cleanup_associations()
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.cleanup()
+        }
+        
+      end
+
+    end
+  end
+end
+

data/test/test_trustroot.rb

@@ -0,0 +1,112 @@
+require 'test/unit'
+require 'openid/trustroot'
+
+require "testutil"
+
+class TrustRootTest < Test::Unit::TestCase
+  include OpenID::TestDataMixin
+
+  def _test_sanity(case_, sanity, desc)
+    tr = OpenID::TrustRoot::TrustRoot.parse(case_)
+    if sanity == 'sane'
+      assert(tr.sane?, [case_, desc])
+      assert(OpenID::TrustRoot::TrustRoot.check_sanity(case_), [case_, desc])
+    elsif sanity == 'insane'
+      assert(!tr.sane?, [case_, desc])
+      assert(!OpenID::TrustRoot::TrustRoot.check_sanity(case_), [case_, desc])
+    else
+      assert(tr.nil?, case_)
+    end
+  end
+
+  def _test_match(trust_root, url, expected_match)
+    tr = OpenID::TrustRoot::TrustRoot.parse(trust_root)
+    actual_match = tr.validate_url(url)
+    if expected_match
+      assert(actual_match, [trust_root, url])
+      assert(OpenID::TrustRoot::TrustRoot.check_url(trust_root, url))
+    else
+      assert(!actual_match, [expected_match, actual_match, trust_root, url])
+      assert(!OpenID::TrustRoot::TrustRoot.check_url(trust_root, url))
+    end
+  end
+
+  def test_trustroots
+    data = read_data_file('trustroot.txt', false)
+
+    parts = data.split('=' * 40 + "\n").collect { |i| i.strip() }
+    assert(parts[0] == '')
+    _, ph, pdat, mh, mdat = parts
+
+    getTests(['bad', 'insane', 'sane'], ph, pdat).each { |tc|
+      sanity, desc, case_ = tc
+      _test_sanity(case_, sanity, desc)
+    }
+
+    getTests([true, false], mh, mdat).each { |tc|
+      match, desc, case_ = tc
+      trust_root, url = case_.split()
+      _test_match(trust_root, url, match)
+    }
+  end
+
+  def getTests(grps, head, dat)
+    tests = []
+    top = head.strip()
+    gdat = dat.split('-' * 40 + "\n").collect { |i| i.strip() }
+    assert(gdat[0] == '')
+    assert(gdat.length == (grps.length * 2 + 1), [gdat, grps])
+    i = 1
+    grps.each { |x|
+      n, desc = gdat[i].split(': ')
+      cases = gdat[i + 1].split("\n")
+      assert(cases.length == n.to_i, "Number of cases differs from header count")
+      cases.each { |case_|
+        tests += [[x, top + ' - ' + desc, case_]]
+      }
+      i += 2
+    }
+
+    return tests
+  end
+
+  def test_return_to_matches
+    data = [
+            [[], nil, false],
+            [[], "", false],
+            [[], "http://bogus/return_to", false],
+            [["http://bogus/"], nil, false],
+            [["://broken/"], nil, false],
+            [["://broken/"], "http://broken/", false],
+            [["http://*.broken/"], "http://foo.broken/", false],
+            [["http://x.broken/"], "http://foo.broken/", false],
+            [["http://first/", "http://second/path/"], "http://second/?query=x", false],
+
+            [["http://broken/"], "http://broken/", true],
+            [["http://first/", "http://second/"], "http://second/?query=x", true],
+           ]
+
+    data.each { |case_|
+      allowed_return_urls, return_to, expected_result = case_
+      actual_result = OpenID::TrustRoot::return_to_matches(allowed_return_urls,
+                                                           return_to)
+      assert(expected_result == actual_result)
+    }
+  end
+
+  def test_build_discovery_url
+    data = [
+            ["http://foo.com/path", "http://foo.com/path"],
+            ["http://foo.com/path?foo=bar", "http://foo.com/path?foo=bar"],
+            ["http://*.bogus.com/path", "http://www.bogus.com/path"],
+            ["http://*.bogus.com:122/path", "http://www.bogus.com:122/path"],
+           ]
+
+    data.each { |case_|
+      trust_root, expected_disco_url = case_
+      tr = OpenID::TrustRoot::TrustRoot.parse(trust_root)
+      actual_disco_url = tr.build_discovery_url()
+      assert(actual_disco_url == expected_disco_url, case_ + [actual_disco_url])
+    }
+  end
+end

data/test/{urinorm.rb → test_urinorm.rb}

@@ -1,10 +1,13 @@
 require 'test/unit'
+
 require "openid/urinorm"
+require "testutil"
 
 class URINormTestCase < Test::Unit::TestCase
+  include OpenID::TestDataMixin
 
   def test_normalize
-    lines = File.readlines('data/urinorm.txt')
+    lines = read_data_file('urinorm.txt')
 
     while lines.length > 0
 
@@ -15,14 +18,14 @@ class URINormTestCase < Test::Unit::TestCase
 
       if expected == 'fail'
         begin
-          OpenID::Util::urinorm(actual)
+          OpenID::URINorm.urinorm(actual)
         rescue URI::InvalidURIError
           assert true
         else
           raise 'Should have gotten URI error'
         end
       else
-        normalized = OpenID::Util.urinorm(actual)
+        normalized = OpenID::URINorm.urinorm(actual)
         assert_equal(expected, normalized, case_name)
       end
     end

data/test/test_util.rb

@@ -0,0 +1,144 @@
+require 'test/unit'
+
+require "openid/util"
+
+module OpenID
+  class UtilTestCase < Test::Unit::TestCase
+
+    def test_base64
+      cases = [
+               "",
+               "\000",
+               "\001",
+               "\000" * 100,
+               (0...256).collect{ |i| i.chr }.join('')
+              ]
+
+      cases.each do |c|
+        encoded = Util.to_base64(c)
+        decoded = Util.from_base64(encoded)
+        assert(c == decoded)
+      end
+
+    end
+
+    def test_base64_valid
+      [["foos", "~\212,"],
+       ["++++", "\373\357\276"],
+       ["/+==", "\377"],
+       ["", ""],
+       ["FOOSBALL", "\024\343\222\004\002\313"],
+       ["FoosBL==", "\026\212,\004"],
+       ["Foos\nBall", "\026\212,\005\251e"],
+       ["Foo\r\ns\nBall", "\026\212,\005\251e"]
+      ].each do | input, expected |
+        assert_equal(expected, Util.from_base64(input))
+      end
+    end
+
+    def test_base64_invalid
+      ['!',
+       'Foos!',
+       'Balls',
+       'B===',
+       'Foos Ball',
+       '=foo',
+      ].each do |invalid_input|
+        assert_raises(ArgumentError) do
+          Util.from_base64(invalid_input)
+        end
+      end
+    end
+
+    def test_append_args()
+      simple = 'http://www.example.com/'
+
+      cases = [
+               ['empty list',
+                [simple, []],
+                simple],
+
+               ['empty dict',
+                [simple, {}],
+                simple],
+
+               ['one list',
+                [simple, [['a', 'b']]],
+                simple + '?a=b'],
+
+               ['one dict',
+                [simple, {'a' => 'b'}],
+                simple + '?a=b'],
+
+               ['two list (same)',
+                [simple, [['a', 'b'], ['a', 'c']]],
+                simple + '?a=b&a=c'],
+
+               ['two list',
+                [simple, [['a', 'b'], ['b', 'c']]],
+                simple + '?a=b&b=c'],
+
+               ['two list (order)',
+                [simple, [['b', 'c'], ['a', 'b']]],
+                simple + '?b=c&a=b'],
+
+               ['two dict [order]',
+                [simple, {'b' => 'c', 'a' => 'b'}],
+                simple + '?a=b&b=c'],
+
+               ['args exist [empty]',
+                [simple + '?stuff=bother', []],
+                simple + '?stuff=bother'],
+
+               ['escape',
+                [simple, [['=', '=']]],
+                simple + '?%3D=%3D'],
+
+               ['escape [URL]',
+                [simple, [['this_url', simple]]],
+                simple + '?this_url=http%3A%2F%2Fwww.example.com%2F'],
+
+               ['use dots',
+                [simple, [['openid.stuff', 'bother']]],
+                simple + '?openid.stuff=bother'],
+
+               ['args exist',
+                [simple + '?stuff=bother', [['ack', 'ack']]],
+                simple + '?stuff=bother&ack=ack'],
+
+               ['args exist',
+                [simple + '?stuff=bother', [['ack', 'ack']]],
+                simple + '?stuff=bother&ack=ack'],
+
+               ['args exist [dict]',
+                [simple + '?stuff=bother', {'ack' => 'ack'}],
+                simple + '?stuff=bother&ack=ack'],
+
+               ['args exist [dict 2]',
+                [simple + '?stuff=bother', {'ack' => 'ack', 'zebra' => 'lion'}],
+                simple + '?stuff=bother&ack=ack&zebra=lion'],
+
+               ['three args [dict]',
+                [simple, {'stuff' => 'bother', 'ack' => 'ack', 'zebra' => 'lion'}],
+                simple + '?ack=ack&stuff=bother&zebra=lion'],
+
+               ['three args [list]',
+                [simple, [['stuff', 'bother'], ['ack', 'ack'], ['zebra', 'lion']]],
+                simple + '?stuff=bother&ack=ack&zebra=lion'],
+              ]
+
+      cases.each { |name, args, expected|
+        url, pairs = args
+        actual = Util.append_args(url, pairs)
+        msg = "[#{name}] Expected: #{expected}, actual: #{actual}"
+        assert_equal(expected, actual, msg)
+      }
+
+    end
+
+    def test_parse_query
+      assert_equal({'foo'=>'bar'}, Util.parse_query('foo=bar'))
+    end
+
+  end
+end