ruby-openid 2.0.4 → 2.1.2

data/lib/openid/yadis/discovery.rb

@@ -78,7 +78,7 @@ module OpenID
       rescue Exception
         raise DiscoveryFailure.new("Failed to fetch identity URL #{uri} : #{$!}", $!)
       end
-      if resp.code != "200"
+      if resp.code != "200" and resp.code != "206"
         raise DiscoveryFailure.new(
                 "HTTP Response status from identity URL host is not \"200\"."\
                 "Got status #{resp.code.inspect} for #{resp.final_url}", resp)
@@ -99,7 +99,7 @@ module OpenID
         rescue
           raise DiscoveryFailure.new("Failed to fetch Yadis URL #{result.xrds_uri} : #{$!}", $!)
         end
-        if resp.code != "200"
+        if resp.code != "200" and resp.code != "206"
             exc = DiscoveryFailure.new(
                     "HTTP Response status from Yadis host is not \"200\". " +
                                        "Got status #{resp.code.inspect} for #{resp.final_url}", resp)
@@ -128,7 +128,7 @@ module OpenID
 
       # According to the spec, the content-type header must be an
       # exact match, or else we have to look for an indirection.
-      if (!content_type.nil? and
+      if (!content_type.nil? and !content_type.to_s.empty? and
           content_type.split(';', 2)[0].downcase == YADIS_CONTENT_TYPE)
         return resp.final_url
       else

data/lib/openid/yadis/htmltokenizer.rb

@@ -74,7 +74,7 @@ class HTMLTokenizer
         # Token is a comment
         tag_end = @page.index('-->', (@cur_pos + 1))
         if tag_end.nil?
-          raise OpenIDError, "No end found to started comment:\n#{@page[@cur_pos,80]}"
+          raise HTMLTokenizerError, "No end found to started comment:\n#{@page[@cur_pos,80]}"
         end
         # p @page[@cur_pos .. (tag_end+2)]
         HTMLComment.new(@page[@cur_pos .. (tag_end + 2)])
@@ -82,7 +82,7 @@ class HTMLTokenizer
         # Token is a html tag
         tag_end = @page.index('>', (@cur_pos + 1))
         if tag_end.nil?
-          raise OpenIDError, "No end found to started tag:\n#{@page[@cur_pos,80]}"
+          raise HTMLTokenizerError, "No end found to started tag:\n#{@page[@cur_pos,80]}"
         end
         # p @page[@cur_pos .. tag_end]
         HTMLTag.new(@page[@cur_pos .. tag_end])
@@ -166,6 +166,9 @@ class HTMLTokenizer
 
 end
 
+class HTMLTokenizerError < Exception
+end
+
 # The parent class for all three types of HTML tokens
 class HTMLToken
   attr_accessor :raw
@@ -209,7 +212,7 @@ class HTMLComment < HTMLToken
     super(text)
     temp_arr = text.scan(/^<!--\s*(.*?)\s*-->$/m)
     if temp_arr[0].nil?
-      raise OpenIDError, "Text passed to HTMLComment.initialize is not a comment"
+      raise HTMLTokenizerError, "Text passed to HTMLComment.initialize is not a comment"
     end
 
     @contents = temp_arr[0][0]
@@ -222,7 +225,7 @@ class HTMLTag < HTMLToken
   def initialize(text)
     super(text)
     if ?< != text[0] or ?> != text[-1]
-      raise OpenIDError, "Text passed to HTMLComment.initialize is not a comment"
+      raise HTMLTokenizerError, "Text passed to HTMLComment.initialize is not a comment"
     end
 
     @attr_hash = Hash.new
@@ -230,7 +233,7 @@ class HTMLTag < HTMLToken
 
     tag_name = text.scan(/[\w:-]+/)[0]
     if tag_name.nil?
-      raise OpenIDError, "Error, tag is nil: #{tag_name}"
+      raise HTMLTokenizerError, "Error, tag is nil: #{tag_name}"
     end
 
     if ?/ == text[1]

data/lib/openid/yadis/parsehtml.rb

@@ -9,28 +9,36 @@ module OpenID
       # to keep track of whether or not we are in the head element
       in_head = false
 
-      while el = parser.getTag('head', '/head', 'meta', 'body', '/body', 'html')
+      begin
+        while el = parser.getTag('head', '/head', 'meta', 'body', '/body',
+                                 'html', 'script')
 
-        # we are leaving head or have reached body, so we bail
-        return nil if ['/head', 'body', '/body'].member?(el.tag_name)
+          # we are leaving head or have reached body, so we bail
+          return nil if ['/head', 'body', '/body'].member?(el.tag_name)
 
-        if el.tag_name == 'head'
-          unless el.to_s[-2] == ?/ # tag ends with a /: a short tag
-            in_head = true
+          if el.tag_name == 'head'
+            unless el.to_s[-2] == ?/ # tag ends with a /: a short tag
+              in_head = true
+            end
+          end
+          next unless in_head
+
+          if el.tag_name == 'script'
+            unless el.to_s[-2] == ?/ # tag ends with a /: a short tag
+              parser.getTag('/script')
+            end
           end
-        end
-        next unless in_head
 
-        return nil if el.tag_name == 'html'
+          return nil if el.tag_name == 'html'
 
-        if el.tag_name == 'meta' and (equiv = el.attr_hash['http-equiv'])
-          if ['x-xrds-location','x-yadis-location'].member?(equiv.downcase)
-            return CGI::unescapeHTML(el.attr_hash['content'])
+          if el.tag_name == 'meta' and (equiv = el.attr_hash['http-equiv'])
+            if ['x-xrds-location','x-yadis-location'].member?(equiv.downcase)
+              return CGI::unescapeHTML(el.attr_hash['content'])
+            end
           end
         end
-      
+      rescue HTMLTokenizerError # just stop parsing if there's an error
       end
     end
   end
 end
-

data/lib/openid/yadis/xrds.rb

@@ -53,7 +53,7 @@ module OpenID
         }
       end
 
-      cid_element = cid_elements[-1]
+      cid_element = cid_elements[0]
 
       if !cid_element
         return nil
@@ -61,19 +61,16 @@ module OpenID
 
       canonicalID = XRI.make_xri(cid_element.text)
 
-      childID = canonicalID
+      childID = canonicalID.downcase
 
       xrd_list[1..-1].each { |xrd|
         parent_sought = childID[0...childID.rindex('!')]
 
-        parent_list = []
-        xrd.elements.each("CanonicalID") { |c|
-          parent_list.push(XRI.make_xri(c.text))
-        }
+        parent = XRI.make_xri(xrd.elements["CanonicalID"].text)
 
-        if !parent_list.member?(parent_sought)
-          raise XRDSFraud.new(sprintf("%s can not come from any of %s", parent_sought,
-                                      parent_list))
+        if parent_sought != parent.downcase
+          raise XRDSFraud.new(sprintf("%s can not come from %s", parent_sought,
+                                      parent))
         end
 
         childID = parent_sought

data/test/data/linkparse.txt

@@ -1,7 +1,7 @@
 Num Tests: 72
 
 OpenID link parsing test cases
-Copyright (C) 2005-2006, JanRain, Inc.
+Copyright (C) 2005-2008, JanRain, Inc.
 See COPYING for license information.
 
 File format

data/test/data/test1-parsehtml.txt

@@ -3,6 +3,14 @@ found
 <html><head><meta http-equiv="X-XRDS-Location" content="found"></head></html>
 
 found
+<!-- minimal well-formed success case, xhtml closing, whitespace -->
+<html><head><meta http-equiv="X-XRDS-Location" content="found" /></head></html>
+
+found
+<!-- minimal well-formed success case, xhtml closing, no whitespace -->
+<html><head><meta http-equiv="X-XRDS-Location" content="found"/></head></html>
+
+found
 <!-- minimal success case -->
 <html><head><meta http-equiv="X-XRDS-Location" content="found">
 
@@ -19,6 +27,14 @@ found
 <head><meta http-equiv="X-XRDS-Location" content="found">
 
 found
+<!-- javascript in head -->
+<html><head><script type="text/javascript">document.write("<body>");</script><META http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- no close script tag in head -->
+<html><head><script type="text/javascript">document.write("<body>");<META http-equiv="X-XRDS-Location" content="found">
+
+found
 <!-- case folding for tag names -->
 <html><head><META http-equiv="X-XRDS-Location" content="found">
 
@@ -96,6 +112,14 @@ None
 <html><head><body><meta http-equiv="X-XRDS-Location" content="found">
 
 None
+<!-- <meta> is inside comment -->
+<html>
+  <head>
+    <!--<meta http-equiv="X-XRDS-Location" content="found">-->
+  </head>
+</html>
+
+None
 <!-- <meta> is inside of <body> -->
 <html>
   <head>

data/test/data/trustroot.txt

@@ -3,7 +3,7 @@ Trust root parsing checking
 ========================================
 
 ----------------------------------------
-19: Does not parse
+23: Does not parse
 ----------------------------------------
 baz.org
 *.foo.com
@@ -20,6 +20,10 @@ http://..it/
 http://.it/
 http://*:8081/
 http://*:80
+http://localhost:1900foo/
+http://foo.com\/
+http://π.pi.com/
+http://lambda.com/Λ
 
  
  	
@@ -70,7 +74,7 @@ return_to matching
 ========================================
 
 ----------------------------------------
-44: matches
+46: matches
 ----------------------------------------
 http://*/                             http://cnn.com/
 http://*/                             http://livejournal.com/
@@ -91,6 +95,7 @@ http://*.bar.co.uk                    http://www.bar.co.uk
 http://*.uoregon.edu                  http://x.cs.uoregon.edu
 http://x.com/abc                      http://x.com/abc
 http://x.com/abc                      http://x.com/abc/def
+http://10.0.0.1/abc                   http://10.0.0.1/abc
 http://*.x.com                        http://x.com/gallery
 http://*.x.com                        http://foo.x.com/gallery
 http://foo.x.com                      http://foo.x.com/gallery/xxx
@@ -116,6 +121,7 @@ http://foo.com:80/                    http://foo.com/stuff
 http://foo.com/path                   http://foo.com/path/extra
 http://foo.com/path2                  http://foo.com/path2?extra=query
 http://foo.com/path2                  http://foo.com/path2/?extra=query
+http://foo.com/                       HTTP://foo.com/
 
 ----------------------------------------
 25: does not match

data/test/test_association.rb

@@ -24,14 +24,14 @@ module OpenID
     def test_deserialize_failure
       field_list = Util.kv_to_seq(@assoc.serialize)
       kv = Util.seq_to_kv(field_list + [['monkeys', 'funny']])
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         Association.deserialize(kv)
       }
 
       bad_version_list = field_list.dup
       bad_version_list[0] = ['version', 'moon']
       bad_version_kv = Util.seq_to_kv(bad_version_list)
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         Association.deserialize(bad_version_kv)
       }
     end
@@ -127,7 +127,7 @@ module OpenID
 
     def test_sign_bad_assoc_type
       @assoc.instance_eval { @assoc_type = 'Cookies' }
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         @assoc.sign([])
       }
     end
@@ -156,7 +156,7 @@ module OpenID
                     })
       assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
                                           "HMAC-SHA1")
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         assoc.check_message_signature(m)
       }
     end
@@ -169,7 +169,7 @@ module OpenID
                     })
       assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
                                           "HMAC-SHA1")
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         assoc.check_message_signature(m)
       }
     end
@@ -240,13 +240,13 @@ module OpenID
     end
 
     def test_bad_assoc_type
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         AssociationNegotiator.new([['OMG', 'Ponies']])
       }
     end
 
     def test_bad_session_type
-      assert_raises(StandardError) {
+      assert_raises(ProtocolError) {
         AssociationNegotiator.new([['HMAC-SHA1', 'OMG-Ponies']])
       }
     end

data/test/test_associationmanager.rb

@@ -279,7 +279,7 @@ module OpenID
         def request_association(assoc_type, session_type)
           m = @responses.shift
           if m.is_a?(Message)
-            raise ServerError.from_message(m, nil)
+            raise ServerError.from_message(m)
           else
             return m
           end

data/test/test_extension.rb

@@ -0,0 +1,46 @@
+require 'openid/extension'
+require 'openid/message'
+require 'test/unit'
+
+module OpenID
+  class DummyExtension < OpenID::Extension
+    TEST_URI = 'http://an.extension'
+    TEST_ALIAS = 'dummy'
+    def initialize
+      @ns_uri = TEST_URI
+      @ns_alias = TEST_ALIAS
+    end
+
+    def get_extension_args
+      return {}
+    end
+  end
+
+  class ToMessageTest < Test::Unit::TestCase
+     def test_OpenID1
+       oid1_msg = Message.new(OPENID1_NS)
+       ext = DummyExtension.new
+       ext.to_message(oid1_msg)
+       namespaces = oid1_msg.namespaces
+       assert(namespaces.implicit?(DummyExtension::TEST_URI))
+       assert_equal(
+                    DummyExtension::TEST_URI,
+                    namespaces.get_namespace_uri(DummyExtension::TEST_ALIAS))
+       assert_equal(DummyExtension::TEST_ALIAS,
+                    namespaces.get_alias(DummyExtension::TEST_URI))
+     end
+ 
+     def test_OpenID2
+       oid2_msg = Message.new(OPENID2_NS)
+       ext = DummyExtension.new
+       ext.to_message(oid2_msg)
+       namespaces = oid2_msg.namespaces
+       assert(!namespaces.implicit?(DummyExtension::TEST_URI))
+       assert_equal(
+             DummyExtension::TEST_URI,
+             namespaces.get_namespace_uri(DummyExtension::TEST_ALIAS))
+       assert_equal(DummyExtension::TEST_ALIAS,
+                    namespaces.get_alias(DummyExtension::TEST_URI))
+     end
+   end
+end

data/test/test_idres.rb

@@ -99,6 +99,35 @@ module OpenID
           end
         end
 
+        def test_112
+          args = {'openid.assoc_handle' => 'fa1f5ff0-cde4-11dc-a183-3714bfd55ca8', 
+                  'openid.claimed_id' => 'http://binkley.lan/user/test01', 
+                  'openid.identity' => 'http://test01.binkley.lan/', 
+                  'openid.mode' => 'id_res', 
+                  'openid.ns' => 'http://specs.openid.net/auth/2.0', 
+                  'openid.ns.pape' => 'http://specs.openid.net/extensions/pape/1.0', 
+                  'openid.op_endpoint' => 'http://binkley.lan/server', 
+                  'openid.pape.auth_policies' => 'none', 
+                  'openid.pape.auth_time' => '2008-01-28T20:42:36Z', 
+                  'openid.pape.nist_auth_level' => '0', 
+                  'openid.response_nonce' => '2008-01-28T21:07:04Z99Q=', 
+                  'openid.return_to' => 'http://binkley.lan:8001/process?janrain_nonce=2008-01-28T21%3A07%3A02Z0tMIKx', 
+                  'openid.sig' => 'YJlWH4U6SroB1HoPkmEKx9AyGGg=', 
+                  'openid.signed' => 'assoc_handle,identity,response_nonce,return_to,claimed_id,op_endpoint,pape.auth_time,ns.pape,pape.nist_auth_level,pape.auth_policies' 
+	         } 
+          assert_equal(args['openid.ns'], OPENID2_NS)
+          incoming = Message.from_post_args(args)
+          assert(incoming.is_openid2)
+          idres = IdResHandler.new(incoming, nil)
+          car = idres.send(:create_check_auth_request)
+          expected_args = args.dup
+          expected_args['openid.mode'] = 'check_authentication'
+          expected = Message.from_post_args(expected_args)
+          assert(expected.is_openid2)
+          assert_equal(expected, car)
+          assert_equal(expected_args, car.to_post_args)
+        end        
+
         def test_no_signed_list
           msg = Message.new(OPENID2_NS)
           idres = IdResHandler.new(msg, nil)
@@ -201,6 +230,11 @@ module OpenID
           [ [base, {}],
             [base + "?another=arg", {'another' => 'arg'}],
             [base + "?another=arg#frag", {'another' => 'arg'}],
+            ['HTTP'+base[4..-1], {}],
+            [base.sub('com', 'COM'), {}],
+            ['http://example.janrain.com:80/path', {}],
+            ['http://example.janrain.com/p%61th', {}],
+            ['http://example.janrain.com/./path',{}],
           ].each do |return_to, args|
             args['openid.return_to'] = return_to
             msg = Message.from_post_args(args)
@@ -370,20 +404,12 @@ module OpenID
         end
 
         def test_create_check_auth_request_success
-          msg = call_idres_method(:create_check_auth_request) {}
-          openid_args = @message.get_args(OPENID_NS)
-          openid_args['mode'] = 'check_authentication'
-          assert_equal(openid_args, msg.to_args)
+          ca_msg = call_idres_method(:create_check_auth_request) {}
+          expected = @message.copy
+          expected.set_arg(OPENID_NS, 'mode', 'check_authentication')
+          assert_equal(expected, ca_msg)
         end
 
-        def test_create_check_auth_request_success_extra
-          @message.set_arg(OPENID_NS, 'cookies', 'chocolate_chip')
-          msg = call_idres_method(:create_check_auth_request) {}
-          openid_args = @message.get_args(OPENID_NS)
-          openid_args['mode'] = 'check_authentication'
-          openid_args.delete('cookies')
-          assert_equal(openid_args, msg.to_args)
-        end
       end
 
       class CheckAuthResponseTest < Test::Unit::TestCase
@@ -554,11 +580,43 @@ module OpenID
 
         def test_openid1_no_endpoint
           @endpoint = nil
-          assert_raises(StandardError) {
+          assert_raises(ProtocolError) {
             call_verify({'identity' => 'snakes on a plane'})
           }
         end
 
+        def test_openid1_fallback_1_0
+          claimed_id = 'http://claimed.id/'
+          @endpoint = nil
+          resp_mesg = Message.from_openid_args({
+            'ns' => OPENID1_NS,
+            'identity' => claimed_id,
+            })
+
+          # Pass the OpenID 1 claimed_id this way since we're passing
+          # None for the endpoint.
+          resp_mesg.set_arg(BARE_NS, 'openid1_claimed_id', claimed_id)
+
+          # We expect the OpenID 1 discovery verification to try
+          # matching the discovered endpoint against the 1.1 type and
+          # fall back to 1.0.
+          expected_endpoint = OpenIDServiceEndpoint.new
+          expected_endpoint.type_uris = [OPENID_1_0_TYPE]
+          expected_endpoint.local_id = nil
+          expected_endpoint.claimed_id = claimed_id
+  
+          hacked_discover = Proc.new { ['unused', [expected_endpoint]] }
+          idres = IdResHandler.new(resp_mesg, nil, nil, @endpoint)
+          assert_log_matches('Performing discovery') {
+            OpenID.with_method_overridden(:discover, hacked_discover) {
+              idres.send(:verify_discovery_results)
+            }
+          }
+          actual_endpoint = idres.instance_variable_get(:@endpoint)
+          assert_equal(actual_endpoint, expected_endpoint)
+
+        end
+
         def test_openid2_no_op_endpoint
           assert_protocol_error("Missing required field: "\
                                 "<#{OPENID2_NS}>op_endpoint") {
@@ -603,12 +661,12 @@ module OpenID
                                  'identity' => 'sour grapes',
                                  'claimed_id' => 'monkeysoft',
                                  'op_endpoint' => 'Phone Home'}) do |idres|
-              idres.instance_def(:discover_and_verify) do |to_match|
+              idres.instance_def(:discover_and_verify) do
                 @endpoint = endpoint
               end
             end
           }
-          assert(endpoint.equal?(result))
+          assert_equal(endpoint, result)
         end
 
 
@@ -626,7 +684,7 @@ module OpenID
                                  'claimed_id' => 'monkeysoft',
                                  'op_endpoint' => 'Green Cheese'}) do |idres|
                         idres.extend(InstanceDefExtension)
-              idres.instance_def(:discover_and_verify) do |to_match|
+              idres.instance_def(:discover_and_verify) do
                 @endpoint = endpoint
               end
             end
@@ -669,8 +727,9 @@ module OpenID
 
           idres = IdResHandler.new(msg, nil, nil, @endpoint)
           idres.extend(InstanceDefExtension)
-          idres.instance_def(:discover_and_verify) { |to_match|
-            me.assert_equal(endpoint.claimed_id, to_match.claimed_id)
+          idres.instance_def(:discover_and_verify) { |claimed_id, to_match|
+            me.assert_equal(endpoint.claimed_id, to_match[0].claimed_id)
+            me.assert_equal(claimed_id, endpoint.claimed_id)
             raise ProtocolError, text
           }
           assert_log_matches('Error attempting to use stored',
@@ -709,7 +768,7 @@ module OpenID
             assert_raises(verified_error) {
               call_verify_modify({'ns' => OPENID1_NS,
                                    'identity' => @endpoint.local_id}) { |idres|
-                idres.instance_def(:discover_and_verify) do |to_match|
+                idres.instance_def(:discover_and_verify) do
                   raise verified_error
                 end
               }
@@ -817,7 +876,7 @@ module OpenID
           assert_log_matches('Performing discovery on') do
             assert_protocol_error('No OpenID information found') do
               OpenID.with_method_overridden(:discover, disco) do
-                idres.send(:discover_and_verify, endpoint)
+                idres.send(:discover_and_verify, :sentinel, [endpoint])
               end
             end
           end
@@ -834,7 +893,8 @@ module OpenID
           idres = IdResHandler.new(nil, nil)
           assert_log_matches('Discovery verification failure') do
             assert_protocol_error('No matching endpoint') do
-              idres.send(:verify_discovered_services, [], endpoint)
+              idres.send(:verify_discovered_services,
+                         'http://bogus.id/', [], [endpoint])
             end
           end
         end