ruby-openid 2.0.4 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-openid might be problematic. Click here for more details.
- data/CHANGELOG +65 -28
- data/LICENSE +4 -1
- data/README +19 -12
- data/UPGRADE +5 -0
- data/examples/README +8 -22
- data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +6 -6
- data/examples/active_record_openid_store/lib/association.rb +2 -1
- data/examples/active_record_openid_store/lib/openid_ar_store.rb +3 -3
- data/examples/rails_openid/app/controllers/consumer_controller.rb +11 -5
- data/lib/openid.rb +4 -0
- data/lib/openid/association.rb +7 -7
- data/lib/openid/consumer/checkid_request.rb +11 -0
- data/lib/openid/consumer/discovery.rb +12 -3
- data/lib/openid/consumer/idres.rb +35 -43
- data/lib/openid/extension.rb +9 -1
- data/lib/openid/extensions/pape.rb +22 -25
- data/lib/openid/extensions/sreg.rb +1 -0
- data/lib/openid/fetchers.rb +25 -5
- data/lib/openid/kvform.rb +8 -5
- data/lib/openid/kvpost.rb +6 -5
- data/lib/openid/message.rb +53 -34
- data/lib/openid/server.rb +87 -52
- data/lib/openid/trustroot.rb +25 -17
- data/lib/openid/util.rb +19 -4
- data/lib/openid/yadis/discovery.rb +3 -3
- data/lib/openid/yadis/htmltokenizer.rb +8 -5
- data/lib/openid/yadis/parsehtml.rb +22 -14
- data/lib/openid/yadis/xrds.rb +6 -9
- data/test/data/linkparse.txt +1 -1
- data/test/data/test1-parsehtml.txt +24 -0
- data/test/data/trustroot.txt +8 -2
- data/test/test_association.rb +7 -7
- data/test/test_associationmanager.rb +1 -1
- data/test/test_extension.rb +46 -0
- data/test/test_idres.rb +81 -21
- data/test/test_kvform.rb +5 -5
- data/test/test_message.rb +61 -3
- data/test/test_pape.rb +36 -22
- data/test/test_server.rb +190 -12
- data/test/test_sreg.rb +0 -1
- data/test/test_trustroot.rb +1 -0
- data/test/test_yadis_discovery.rb +13 -0
- metadata +3 -19
- data/examples/rails_openid/app/views/consumer/start.rhtml +0 -8
- data/examples/rails_openid_login_generator/USAGE +0 -23
- data/examples/rails_openid_login_generator/gemspec +0 -13
- data/examples/rails_openid_login_generator/openid_login_generator.rb +0 -36
- data/examples/rails_openid_login_generator/templates/README +0 -116
- data/examples/rails_openid_login_generator/templates/controller.rb +0 -113
- data/examples/rails_openid_login_generator/templates/controller_test.rb +0 -0
- data/examples/rails_openid_login_generator/templates/helper.rb +0 -2
- data/examples/rails_openid_login_generator/templates/openid_login_system.rb +0 -87
- data/examples/rails_openid_login_generator/templates/user.rb +0 -14
- data/examples/rails_openid_login_generator/templates/user_test.rb +0 -0
- data/examples/rails_openid_login_generator/templates/users.yml +0 -0
- data/examples/rails_openid_login_generator/templates/view_login.rhtml +0 -15
- data/examples/rails_openid_login_generator/templates/view_logout.rhtml +0 -10
- data/examples/rails_openid_login_generator/templates/view_welcome.rhtml +0 -9
data/test/test_kvform.rb
CHANGED
|
@@ -54,10 +54,10 @@ class KVFormTests < Test::Unit::TestCase
|
|
|
54
54
|
# Convert KVForm to dict
|
|
55
55
|
d = Util.kv_to_dict(kv)
|
|
56
56
|
|
|
57
|
-
# Strict mode should raise
|
|
57
|
+
# Strict mode should raise KVFormError instead of logging
|
|
58
58
|
# messages
|
|
59
59
|
if warnings > 0
|
|
60
|
-
assert_raise(
|
|
60
|
+
assert_raise(KVFormError) do
|
|
61
61
|
Util.kv_to_seq(kv, true)
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -117,10 +117,10 @@ class KVFormTests < Test::Unit::TestCase
|
|
|
117
117
|
assert_equal(kvform, actual)
|
|
118
118
|
assert actual.is_a?(String)
|
|
119
119
|
|
|
120
|
-
# Strict mode should raise
|
|
120
|
+
# Strict mode should raise KVFormError instead of logging
|
|
121
121
|
# messages
|
|
122
122
|
if warnings > 0
|
|
123
|
-
assert_raise(
|
|
123
|
+
assert_raise(KVFormError) do
|
|
124
124
|
Util.seq_to_kv(seq, true)
|
|
125
125
|
end
|
|
126
126
|
end
|
|
@@ -151,7 +151,7 @@ class KVFormTests < Test::Unit::TestCase
|
|
|
151
151
|
def _run_kvexcTest(case_)
|
|
152
152
|
seq = case_
|
|
153
153
|
|
|
154
|
-
assert_raise(
|
|
154
|
+
assert_raise(KVFormError) do
|
|
155
155
|
Util.seq_to_kv(seq)
|
|
156
156
|
end
|
|
157
157
|
end
|
data/test/test_message.rb
CHANGED
|
@@ -255,8 +255,8 @@ module OpenID
|
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
def test_set_openid_namespace
|
|
258
|
-
assert_raise(
|
|
259
|
-
@m.set_openid_namespace('http://invalid/')
|
|
258
|
+
assert_raise(InvalidOpenIDNamespace) {
|
|
259
|
+
@m.set_openid_namespace('http://invalid/', false)
|
|
260
260
|
}
|
|
261
261
|
end
|
|
262
262
|
end
|
|
@@ -317,6 +317,7 @@ module OpenID
|
|
|
317
317
|
'openid.error' => 'unit test',
|
|
318
318
|
'openid.foos.ball' => 'awesome',
|
|
319
319
|
'xey' => 'value',
|
|
320
|
+
'openid.ns.foos' => 'http://invalid/'
|
|
320
321
|
}, @m.to_post_args)
|
|
321
322
|
end
|
|
322
323
|
|
|
@@ -522,7 +523,7 @@ module OpenID
|
|
|
522
523
|
end
|
|
523
524
|
end
|
|
524
525
|
|
|
525
|
-
class OpenID1ExplicitMessageTest <
|
|
526
|
+
class OpenID1ExplicitMessageTest < Test::Unit::TestCase
|
|
526
527
|
# XXX - check to make sure the test suite will get built the way this
|
|
527
528
|
# expects.
|
|
528
529
|
def setup
|
|
@@ -530,6 +531,62 @@ module OpenID
|
|
|
530
531
|
'openid.error'=>'unit test',
|
|
531
532
|
'openid.ns'=>OPENID1_NS})
|
|
532
533
|
end
|
|
534
|
+
|
|
535
|
+
def test_to_post_args
|
|
536
|
+
assert_equal({'openid.mode' => 'error',
|
|
537
|
+
'openid.error' => 'unit test',
|
|
538
|
+
'openid.ns'=>OPENID1_NS,
|
|
539
|
+
},
|
|
540
|
+
@m.to_post_args)
|
|
541
|
+
end
|
|
542
|
+
|
|
543
|
+
def test_to_post_args_ns
|
|
544
|
+
invalid_ns = 'http://invalid/'
|
|
545
|
+
@m.namespaces.add_alias(invalid_ns, 'foos')
|
|
546
|
+
@m.set_arg(invalid_ns, 'ball', 'awesome')
|
|
547
|
+
@m.set_arg(BARE_NS, 'xey', 'value')
|
|
548
|
+
assert_equal({'openid.mode' => 'error',
|
|
549
|
+
'openid.error' => 'unit test',
|
|
550
|
+
'openid.foos.ball' => 'awesome',
|
|
551
|
+
'xey' => 'value',
|
|
552
|
+
'openid.ns'=>OPENID1_NS,
|
|
553
|
+
'openid.ns.foos' => 'http://invalid/'
|
|
554
|
+
}, @m.to_post_args)
|
|
555
|
+
end
|
|
556
|
+
|
|
557
|
+
def test_to_args
|
|
558
|
+
assert_equal({'mode' => 'error',
|
|
559
|
+
'error' => 'unit test',
|
|
560
|
+
'ns'=>OPENID1_NS
|
|
561
|
+
},
|
|
562
|
+
@m.to_args)
|
|
563
|
+
end
|
|
564
|
+
|
|
565
|
+
def test_to_kvform
|
|
566
|
+
assert_equal("error:unit test\nmode:error\nns:#{OPENID1_NS}\n",
|
|
567
|
+
@m.to_kvform)
|
|
568
|
+
end
|
|
569
|
+
|
|
570
|
+
def test_to_url_encoded
|
|
571
|
+
assert_equal('openid.error=unit+test&openid.mode=error&openid.ns=http%3A%2F%2Fopenid.net%2Fsignon%2F1.0',
|
|
572
|
+
@m.to_url_encoded)
|
|
573
|
+
end
|
|
574
|
+
|
|
575
|
+
def test_to_url
|
|
576
|
+
base_url = 'http://base.url/'
|
|
577
|
+
actual = @m.to_url(base_url)
|
|
578
|
+
actual_base = actual[0...base_url.length]
|
|
579
|
+
assert_equal(base_url, actual_base)
|
|
580
|
+
assert_equal('?', actual[base_url.length].chr)
|
|
581
|
+
query = actual[base_url.length+1..-1]
|
|
582
|
+
assert_equal({'openid.mode'=>['error'],
|
|
583
|
+
'openid.error'=>['unit test'],
|
|
584
|
+
'openid.ns'=>[OPENID1_NS],
|
|
585
|
+
},
|
|
586
|
+
CGI.parse(query))
|
|
587
|
+
end
|
|
588
|
+
|
|
589
|
+
|
|
533
590
|
end
|
|
534
591
|
|
|
535
592
|
class OpenID2MessageTest < Test::Unit::TestCase
|
|
@@ -1041,6 +1098,7 @@ module OpenID
|
|
|
1041
1098
|
|
|
1042
1099
|
# It gets used automatically by the Message class:
|
|
1043
1100
|
msg = Message.from_openid_args({'invalid.stuff' => 'things'})
|
|
1101
|
+
assert(msg.is_openid1)
|
|
1044
1102
|
assert_equal(alias_, msg.namespaces.get_alias(invalid_ns))
|
|
1045
1103
|
assert_equal(invalid_ns, msg.namespaces.get_namespace_uri(alias_))
|
|
1046
1104
|
end
|
data/test/test_pape.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'openid/extensions/pape'
|
|
2
2
|
require 'openid/message'
|
|
3
3
|
require 'openid/server'
|
|
4
|
+
require 'openid/consumer/responses'
|
|
4
5
|
|
|
5
6
|
module OpenID
|
|
6
7
|
module PAPETest
|
|
@@ -108,13 +109,13 @@ module OpenID
|
|
|
108
109
|
|
|
109
110
|
def test_construct
|
|
110
111
|
assert_equal([], @req.auth_policies)
|
|
111
|
-
assert_equal(nil, @req.
|
|
112
|
+
assert_equal(nil, @req.auth_time)
|
|
112
113
|
assert_equal('pape', @req.ns_alias)
|
|
113
114
|
assert_equal(nil, @req.nist_auth_level)
|
|
114
115
|
|
|
115
|
-
req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR],
|
|
116
|
+
req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR], "1983-11-05T12:30:24Z", 3)
|
|
116
117
|
assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.auth_policies)
|
|
117
|
-
assert_equal(
|
|
118
|
+
assert_equal("1983-11-05T12:30:24Z", req2.auth_time)
|
|
118
119
|
assert_equal(3, req2.nist_auth_level)
|
|
119
120
|
end
|
|
120
121
|
|
|
@@ -131,21 +132,19 @@ module OpenID
|
|
|
131
132
|
end
|
|
132
133
|
|
|
133
134
|
def test_get_extension_args
|
|
134
|
-
assert_equal({'auth_policies' => ''}, @req.get_extension_args)
|
|
135
|
+
assert_equal({'auth_policies' => 'none'}, @req.get_extension_args)
|
|
135
136
|
@req.add_policy_uri('http://uri')
|
|
136
137
|
assert_equal({'auth_policies' => 'http://uri'}, @req.get_extension_args)
|
|
137
138
|
@req.add_policy_uri('http://zig')
|
|
138
139
|
assert_equal({'auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
|
|
139
|
-
@req.
|
|
140
|
-
assert_equal({'auth_policies' => 'http://uri http://zig', '
|
|
140
|
+
@req.auth_time = "1983-11-05T12:30:24Z"
|
|
141
|
+
assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z"}, @req.get_extension_args)
|
|
141
142
|
@req.nist_auth_level = 3
|
|
142
|
-
assert_equal({'auth_policies' => 'http://uri http://zig', '
|
|
143
|
+
assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z", 'nist_auth_level' => '3'}, @req.get_extension_args)
|
|
143
144
|
end
|
|
144
145
|
|
|
145
146
|
def test_get_extension_args_error_auth_age
|
|
146
|
-
@req.
|
|
147
|
-
assert_raises(ArgumentError) { @req.get_extension_args }
|
|
148
|
-
@req.auth_age = -10
|
|
147
|
+
@req.auth_time = "the beginning of time"
|
|
149
148
|
assert_raises(ArgumentError) { @req.get_extension_args }
|
|
150
149
|
end
|
|
151
150
|
|
|
@@ -160,21 +159,21 @@ module OpenID
|
|
|
160
159
|
|
|
161
160
|
def test_parse_extension_args
|
|
162
161
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
163
|
-
'
|
|
162
|
+
'auth_time' => '1983-11-05T12:30:24Z'}
|
|
164
163
|
@req.parse_extension_args(args)
|
|
165
|
-
assert_equal(
|
|
164
|
+
assert_equal('1983-11-05T12:30:24Z', @req.auth_time)
|
|
166
165
|
assert_equal(['http://foo','http://bar'], @req.auth_policies)
|
|
167
166
|
end
|
|
168
167
|
|
|
169
168
|
def test_parse_extension_args_empty
|
|
170
169
|
@req.parse_extension_args({})
|
|
171
|
-
assert_equal(nil, @req.
|
|
170
|
+
assert_equal(nil, @req.auth_time)
|
|
172
171
|
assert_equal([], @req.auth_policies)
|
|
173
172
|
end
|
|
174
173
|
|
|
175
174
|
def test_parse_extension_args_strict_bogus1
|
|
176
175
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
177
|
-
'
|
|
176
|
+
'auth_time' => 'this one time'}
|
|
178
177
|
assert_raises(ArgumentError) {
|
|
179
178
|
@req.parse_extension_args(args, true)
|
|
180
179
|
}
|
|
@@ -182,7 +181,7 @@ module OpenID
|
|
|
182
181
|
|
|
183
182
|
def test_parse_extension_args_strict_bogus2
|
|
184
183
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
185
|
-
'
|
|
184
|
+
'auth_time' => '1983-11-05T12:30:24Z',
|
|
186
185
|
'nist_auth_level' => 'some'}
|
|
187
186
|
assert_raises(ArgumentError) {
|
|
188
187
|
@req.parse_extension_args(args, true)
|
|
@@ -191,21 +190,21 @@ module OpenID
|
|
|
191
190
|
|
|
192
191
|
def test_parse_extension_args_strict_good
|
|
193
192
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
194
|
-
'
|
|
193
|
+
'auth_time' => '2007-10-11T05:25:18Z',
|
|
195
194
|
'nist_auth_level' => '0'}
|
|
196
195
|
@req.parse_extension_args(args, true)
|
|
197
196
|
assert_equal(['http://foo','http://bar'], @req.auth_policies)
|
|
198
|
-
assert_equal(
|
|
197
|
+
assert_equal('2007-10-11T05:25:18Z', @req.auth_time)
|
|
199
198
|
assert_equal(0, @req.nist_auth_level)
|
|
200
199
|
end
|
|
201
200
|
|
|
202
201
|
def test_parse_extension_args_nostrict_bogus
|
|
203
202
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
204
|
-
'
|
|
203
|
+
'auth_time' => 'some time ago',
|
|
205
204
|
'nist_auth_level' => 'some'}
|
|
206
205
|
@req.parse_extension_args(args)
|
|
207
206
|
assert_equal(['http://foo','http://bar'], @req.auth_policies)
|
|
208
|
-
assert_equal(nil, @req.
|
|
207
|
+
assert_equal(nil, @req.auth_time)
|
|
209
208
|
assert_equal(nil, @req.nist_auth_level)
|
|
210
209
|
end
|
|
211
210
|
|
|
@@ -217,16 +216,31 @@ module OpenID
|
|
|
217
216
|
'ns' => OPENID2_NS,
|
|
218
217
|
'ns.pape' => PAPE::NS_URI,
|
|
219
218
|
'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
|
|
220
|
-
'pape.
|
|
219
|
+
'pape.auth_time' => '1983-11-05T12:30:24Z'
|
|
221
220
|
})
|
|
222
221
|
signed_stuff = {
|
|
223
222
|
'auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
|
|
224
|
-
'
|
|
223
|
+
'auth_time' => '1983-11-05T12:30:24Z'
|
|
225
224
|
}
|
|
226
225
|
oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff)
|
|
227
226
|
req = PAPE::Response.from_success_response(oid_req)
|
|
228
227
|
assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.auth_policies)
|
|
229
|
-
assert_equal(
|
|
228
|
+
assert_equal('1983-11-05T12:30:24Z', req.auth_time)
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
def test_from_success_response_unsigned
|
|
232
|
+
openid_req_msg = Message.from_openid_args({
|
|
233
|
+
'mode' => 'id_res',
|
|
234
|
+
'ns' => OPENID2_NS,
|
|
235
|
+
'ns.pape' => PAPE::NS_URI,
|
|
236
|
+
'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
|
|
237
|
+
'pape.auth_time' => '1983-11-05T12:30:24Z'
|
|
238
|
+
})
|
|
239
|
+
signed_stuff = {}
|
|
240
|
+
endpoint = OpenIDServiceEndpoint.new
|
|
241
|
+
oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff)
|
|
242
|
+
req = PAPE::Response.from_success_response(oid_req)
|
|
243
|
+
assert(req.nil?, req.inspect)
|
|
230
244
|
end
|
|
231
245
|
end
|
|
232
246
|
end
|
data/test/test_server.rb
CHANGED
|
@@ -149,6 +149,7 @@ module OpenID
|
|
|
149
149
|
def test_no_message
|
|
150
150
|
e = Server::ProtocolError.new(nil, "no message")
|
|
151
151
|
assert(e.get_return_to.nil?)
|
|
152
|
+
assert_equal(e.which_encoding, nil)
|
|
152
153
|
end
|
|
153
154
|
|
|
154
155
|
def test_which_encoding_no_message
|
|
@@ -656,6 +657,17 @@ module OpenID
|
|
|
656
657
|
@decode.call(args)
|
|
657
658
|
}
|
|
658
659
|
end
|
|
660
|
+
|
|
661
|
+
def test_invalidns
|
|
662
|
+
args = {'openid.ns' => 'Vegetables',
|
|
663
|
+
'openid.mode' => 'associate'}
|
|
664
|
+
begin
|
|
665
|
+
r = @decode.call(args)
|
|
666
|
+
rescue Server::ProtocolError => err
|
|
667
|
+
assert(err.openid_message)
|
|
668
|
+
assert(err.to_s.index('Vegetables'))
|
|
669
|
+
end
|
|
670
|
+
end
|
|
659
671
|
end
|
|
660
672
|
|
|
661
673
|
class BogusEncoder < Server::Encoder
|
|
@@ -689,6 +701,7 @@ module OpenID
|
|
|
689
701
|
'http://burr.unittest/',
|
|
690
702
|
false,
|
|
691
703
|
nil)
|
|
704
|
+
request.message = Message.new(OPENID2_NS)
|
|
692
705
|
response = Server::OpenIDResponse.new(request)
|
|
693
706
|
response.fields = Message.from_openid_args({
|
|
694
707
|
'ns' => OPENID2_NS,
|
|
@@ -714,6 +727,7 @@ module OpenID
|
|
|
714
727
|
'http://burr.unittest/',
|
|
715
728
|
false,
|
|
716
729
|
nil)
|
|
730
|
+
request.message = Message.new(OPENID2_NS)
|
|
717
731
|
response = Server::OpenIDResponse.new(request)
|
|
718
732
|
response.fields = Message.from_openid_args({
|
|
719
733
|
'ns' => OPENID2_NS,
|
|
@@ -730,6 +744,48 @@ module OpenID
|
|
|
730
744
|
assert_equal(webresponse.body, response.to_form_markup)
|
|
731
745
|
end
|
|
732
746
|
|
|
747
|
+
def test_to_form_markup
|
|
748
|
+
request = Server::CheckIDRequest.new(
|
|
749
|
+
'http://bombom.unittest/',
|
|
750
|
+
'http://burr.unittest/999',
|
|
751
|
+
@server.op_endpoint,
|
|
752
|
+
'http://burr.unittest/',
|
|
753
|
+
false,
|
|
754
|
+
nil)
|
|
755
|
+
request.message = Message.new(OPENID2_NS)
|
|
756
|
+
response = Server::OpenIDResponse.new(request)
|
|
757
|
+
response.fields = Message.from_openid_args({
|
|
758
|
+
'ns' => OPENID2_NS,
|
|
759
|
+
'mode' => 'id_res',
|
|
760
|
+
'identity' => request.identity,
|
|
761
|
+
'claimed_id' => request.identity,
|
|
762
|
+
'return_to' => 'x' * OPENID1_URL_LIMIT,
|
|
763
|
+
})
|
|
764
|
+
form_markup = response.to_form_markup({'foo'=>'bar'})
|
|
765
|
+
assert(/ foo="bar"/ =~ form_markup, form_markup)
|
|
766
|
+
end
|
|
767
|
+
|
|
768
|
+
def test_to_html
|
|
769
|
+
request = Server::CheckIDRequest.new(
|
|
770
|
+
'http://bombom.unittest/',
|
|
771
|
+
'http://burr.unittest/999',
|
|
772
|
+
@server.op_endpoint,
|
|
773
|
+
'http://burr.unittest/',
|
|
774
|
+
false,
|
|
775
|
+
nil)
|
|
776
|
+
request.message = Message.new(OPENID2_NS)
|
|
777
|
+
response = Server::OpenIDResponse.new(request)
|
|
778
|
+
response.fields = Message.from_openid_args({
|
|
779
|
+
'ns' => OPENID2_NS,
|
|
780
|
+
'mode' => 'id_res',
|
|
781
|
+
'identity' => request.identity,
|
|
782
|
+
'claimed_id' => request.identity,
|
|
783
|
+
'return_to' => 'x' * OPENID1_URL_LIMIT,
|
|
784
|
+
})
|
|
785
|
+
html = response.to_html
|
|
786
|
+
assert(html)
|
|
787
|
+
end
|
|
788
|
+
|
|
733
789
|
def test_id_res_OpenID1_exceeds_limit
|
|
734
790
|
# Check that when an OpenID 1 response exceeds the OpenID 1
|
|
735
791
|
# message size, a GET response is issued. Technically, this
|
|
@@ -742,6 +798,7 @@ module OpenID
|
|
|
742
798
|
'http://burr.unittest/',
|
|
743
799
|
false,
|
|
744
800
|
nil)
|
|
801
|
+
request.message = Message.new(OPENID1_NS)
|
|
745
802
|
|
|
746
803
|
response = Server::OpenIDResponse.new(request)
|
|
747
804
|
response.fields = Message.from_openid_args({
|
|
@@ -764,6 +821,7 @@ module OpenID
|
|
|
764
821
|
@server.op_endpoint,
|
|
765
822
|
'http://burr.unittest/',
|
|
766
823
|
false, nil)
|
|
824
|
+
request.message = Message.new(OPENID1_NS)
|
|
767
825
|
response = Server::OpenIDResponse.new(request)
|
|
768
826
|
response.fields = Message.from_openid_args({
|
|
769
827
|
'mode' => 'id_res',
|
|
@@ -791,6 +849,7 @@ module OpenID
|
|
|
791
849
|
@server.op_endpoint,
|
|
792
850
|
'http://burr.unittest/',
|
|
793
851
|
false, nil)
|
|
852
|
+
request.message = Message.new(OPENID2_NS)
|
|
794
853
|
response = Server::OpenIDResponse.new(request)
|
|
795
854
|
response.fields = Message.from_openid_args({
|
|
796
855
|
'mode' => 'cancel',
|
|
@@ -800,6 +859,22 @@ module OpenID
|
|
|
800
859
|
assert(webresponse.headers.member?('location'))
|
|
801
860
|
end
|
|
802
861
|
|
|
862
|
+
def test_cancel_to_form
|
|
863
|
+
request = Server::CheckIDRequest.new(
|
|
864
|
+
'http://bombom.unittest/',
|
|
865
|
+
'http://burr.unittest/999',
|
|
866
|
+
@server.op_endpoint,
|
|
867
|
+
'http://burr.unittest/',
|
|
868
|
+
false, nil)
|
|
869
|
+
request.message = Message.new(OPENID2_NS)
|
|
870
|
+
response = Server::OpenIDResponse.new(request)
|
|
871
|
+
response.fields = Message.from_openid_args({
|
|
872
|
+
'mode' => 'cancel',
|
|
873
|
+
})
|
|
874
|
+
form = response.to_form_markup
|
|
875
|
+
assert(form.index(request.return_to))
|
|
876
|
+
end
|
|
877
|
+
|
|
803
878
|
def test_assocReply
|
|
804
879
|
msg = Message.new(OPENID2_NS)
|
|
805
880
|
msg.set_arg(OPENID2_NS, 'session_type', 'no-encryption')
|
|
@@ -819,6 +894,7 @@ module OpenID
|
|
|
819
894
|
request = Server::CheckAuthRequest.new('a_sock_monkey',
|
|
820
895
|
'siggggg',
|
|
821
896
|
[])
|
|
897
|
+
request.message = Message.new(OPENID2_NS)
|
|
822
898
|
response = Server::OpenIDResponse.new(request)
|
|
823
899
|
response.fields = Message.from_openid_args({
|
|
824
900
|
'is_valid' => 'true',
|
|
@@ -867,6 +943,7 @@ module OpenID
|
|
|
867
943
|
@server.op_endpoint,
|
|
868
944
|
'http://burr.unittest/',
|
|
869
945
|
false, nil)
|
|
946
|
+
@request.message = Message.new(OPENID2_NS)
|
|
870
947
|
|
|
871
948
|
@response = Server::OpenIDResponse.new(@request)
|
|
872
949
|
@response.fields = Message.from_openid_args({
|
|
@@ -923,6 +1000,7 @@ module OpenID
|
|
|
923
1000
|
@server.op_endpoint,
|
|
924
1001
|
'http://burr.unittest/',
|
|
925
1002
|
false, nil)
|
|
1003
|
+
request.message = Message.new(OPENID2_NS)
|
|
926
1004
|
response = Server::OpenIDResponse.new(request)
|
|
927
1005
|
response.fields.set_arg(OPENID_NS, 'mode', 'cancel')
|
|
928
1006
|
webresponse = @encode.call(response)
|
|
@@ -965,6 +1043,7 @@ module OpenID
|
|
|
965
1043
|
@server.op_endpoint,
|
|
966
1044
|
'http://bar.unittest/',
|
|
967
1045
|
false)
|
|
1046
|
+
@request.message = Message.new(OPENID2_NS)
|
|
968
1047
|
end
|
|
969
1048
|
|
|
970
1049
|
def test_trustRootInvalid
|
|
@@ -1133,7 +1212,7 @@ module OpenID
|
|
|
1133
1212
|
end
|
|
1134
1213
|
|
|
1135
1214
|
def test_immediate_openid1_no_identity
|
|
1136
|
-
@request.
|
|
1215
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1137
1216
|
@request.immediate = true
|
|
1138
1217
|
@request.mode = 'checkid_immediate'
|
|
1139
1218
|
resp = @request.answer(false)
|
|
@@ -1141,7 +1220,7 @@ module OpenID
|
|
|
1141
1220
|
end
|
|
1142
1221
|
|
|
1143
1222
|
def test_checkid_setup_openid1_no_identity
|
|
1144
|
-
@request.
|
|
1223
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1145
1224
|
@request.immediate = false
|
|
1146
1225
|
@request.mode = 'checkid_setup'
|
|
1147
1226
|
resp = @request.answer(false)
|
|
@@ -1149,7 +1228,7 @@ module OpenID
|
|
|
1149
1228
|
end
|
|
1150
1229
|
|
|
1151
1230
|
def test_immediate_openid1_no_server_url
|
|
1152
|
-
@request.
|
|
1231
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1153
1232
|
@request.immediate = true
|
|
1154
1233
|
@request.mode = 'checkid_immediate'
|
|
1155
1234
|
@request.op_endpoint = nil
|
|
@@ -1160,7 +1239,7 @@ module OpenID
|
|
|
1160
1239
|
end
|
|
1161
1240
|
|
|
1162
1241
|
def test_immediate_encode_to_url
|
|
1163
|
-
@request.
|
|
1242
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1164
1243
|
@request.immediate = true
|
|
1165
1244
|
@request.mode = 'checkid_immediate'
|
|
1166
1245
|
@request.trust_root = "BOGUS"
|
|
@@ -1196,7 +1275,7 @@ module OpenID
|
|
|
1196
1275
|
|
|
1197
1276
|
def test_answerAllowWithDelegatedIdentityOpenID1
|
|
1198
1277
|
# claimed_id parameter doesn't exist in OpenID 1.
|
|
1199
|
-
@request.
|
|
1278
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1200
1279
|
# claimed_id delegates to selected_id here.
|
|
1201
1280
|
@request.identity = IDENTIFIER_SELECT
|
|
1202
1281
|
selected_id = 'http://anon.unittest/9861'
|
|
@@ -1215,7 +1294,7 @@ module OpenID
|
|
|
1215
1294
|
end
|
|
1216
1295
|
|
|
1217
1296
|
def test_answerAllowNoIdentityOpenID1
|
|
1218
|
-
@request.
|
|
1297
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1219
1298
|
@request.identity = nil
|
|
1220
1299
|
assert_raise(ArgumentError) {
|
|
1221
1300
|
@request.answer(true, nil, nil)
|
|
@@ -1241,6 +1320,43 @@ module OpenID
|
|
|
1241
1320
|
}
|
|
1242
1321
|
end
|
|
1243
1322
|
|
|
1323
|
+
def test_fromMessageClaimedIDWithoutIdentityOpenID2
|
|
1324
|
+
msg = Message.new(OPENID2_NS)
|
|
1325
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1326
|
+
msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
|
|
1327
|
+
msg.set_arg(OPENID_NS, 'claimed_id', 'https://example.myopenid.com')
|
|
1328
|
+
|
|
1329
|
+
assert_raise(Server::ProtocolError) {
|
|
1330
|
+
Server::CheckIDRequest.from_message(msg, @server)
|
|
1331
|
+
}
|
|
1332
|
+
end
|
|
1333
|
+
|
|
1334
|
+
def test_fromMessageIdentityWithoutClaimedIDOpenID2
|
|
1335
|
+
msg = Message.new(OPENID2_NS)
|
|
1336
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1337
|
+
msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
|
|
1338
|
+
msg.set_arg(OPENID_NS, 'identity', 'https://example.myopenid.com')
|
|
1339
|
+
|
|
1340
|
+
assert_raise(Server::ProtocolError) {
|
|
1341
|
+
Server::CheckIDRequest.from_message(msg, @server)
|
|
1342
|
+
}
|
|
1343
|
+
end
|
|
1344
|
+
|
|
1345
|
+
def test_fromMessageWithEmptyTrustRoot
|
|
1346
|
+
return_to = 'http://some.url/foo?bar=baz'
|
|
1347
|
+
msg = Message.from_post_args({
|
|
1348
|
+
'openid.assoc_handle' => '{blah}{blah}{OZivdQ==}',
|
|
1349
|
+
'openid.claimed_id' => 'http://delegated.invalid/',
|
|
1350
|
+
'openid.identity' => 'http://op-local.example.com/',
|
|
1351
|
+
'openid.mode' => 'checkid_setup',
|
|
1352
|
+
'openid.ns' => 'http://openid.net/signon/1.0',
|
|
1353
|
+
'openid.return_to' => return_to,
|
|
1354
|
+
'openid.trust_root' => ''
|
|
1355
|
+
});
|
|
1356
|
+
result = Server::CheckIDRequest.from_message(msg, @server)
|
|
1357
|
+
assert_equal(return_to, result.trust_root)
|
|
1358
|
+
end
|
|
1359
|
+
|
|
1244
1360
|
def test_trustRootOpenID1
|
|
1245
1361
|
# Ignore openid.realm in OpenID 1
|
|
1246
1362
|
msg = Message.new(OPENID1_NS)
|
|
@@ -1302,16 +1418,16 @@ module OpenID
|
|
|
1302
1418
|
def test_answerImmediateDenyOpenID1
|
|
1303
1419
|
# Look for user_setup_url in checkid_immediate negative response
|
|
1304
1420
|
# in OpenID 1 case.
|
|
1305
|
-
@request.
|
|
1421
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1306
1422
|
@request.mode = 'checkid_immediate'
|
|
1307
1423
|
@request.immediate = true
|
|
1308
1424
|
server_url = "http://setup-url.unittest/"
|
|
1309
1425
|
# crappiting setup_url, you dirty my interface with your presence!
|
|
1310
1426
|
answer = @request.answer(false, server_url)
|
|
1311
1427
|
assert_equal(answer.request, @request)
|
|
1312
|
-
assert_equal(answer.fields.to_post_args.length,
|
|
1313
|
-
assert_equal(answer.fields.get_openid_namespace
|
|
1314
|
-
assert_equal(answer.fields.get_arg(OPENID_NS, 'mode')
|
|
1428
|
+
assert_equal(2, answer.fields.to_post_args.length, answer.fields)
|
|
1429
|
+
assert_equal(OPENID1_NS, answer.fields.get_openid_namespace)
|
|
1430
|
+
assert_equal('id_res', answer.fields.get_arg(OPENID_NS, 'mode'))
|
|
1315
1431
|
assert(answer.fields.get_arg(
|
|
1316
1432
|
OPENID_NS, 'user_setup_url', '').starts_with?(server_url))
|
|
1317
1433
|
end
|
|
@@ -1358,6 +1474,31 @@ module OpenID
|
|
|
1358
1474
|
@request.cancel_url
|
|
1359
1475
|
}
|
|
1360
1476
|
end
|
|
1477
|
+
|
|
1478
|
+
def test_fromMessageWithoutTrustRoot
|
|
1479
|
+
msg = Message.new(OPENID2_NS)
|
|
1480
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1481
|
+
msg.set_arg(OPENID_NS, 'return_to', 'http://real.trust.root/foo')
|
|
1482
|
+
msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
|
|
1483
|
+
msg.set_arg(OPENID_NS, 'identity', 'george')
|
|
1484
|
+
msg.set_arg(OPENID_NS, 'claimed_id', 'george')
|
|
1485
|
+
|
|
1486
|
+
result = Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
|
|
1487
|
+
|
|
1488
|
+
assert_equal(result.trust_root, 'http://real.trust.root/foo')
|
|
1489
|
+
end
|
|
1490
|
+
|
|
1491
|
+
def test_fromMessageWithoutTrustRootOrReturnTo
|
|
1492
|
+
msg = Message.new(OPENID2_NS)
|
|
1493
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1494
|
+
msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
|
|
1495
|
+
msg.set_arg(OPENID_NS, 'identity', 'george')
|
|
1496
|
+
msg.set_arg(OPENID_NS, 'claimed_id', 'george')
|
|
1497
|
+
|
|
1498
|
+
assert_raises(Server::ProtocolError) {
|
|
1499
|
+
Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
|
|
1500
|
+
}
|
|
1501
|
+
end
|
|
1361
1502
|
end
|
|
1362
1503
|
|
|
1363
1504
|
class TestCheckIDExtension < Test::Unit::TestCase
|
|
@@ -1372,6 +1513,7 @@ module OpenID
|
|
|
1372
1513
|
@server.op_endpoint,
|
|
1373
1514
|
'http://bar.unittest/',
|
|
1374
1515
|
false)
|
|
1516
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1375
1517
|
@response = Server::OpenIDResponse.new(@request)
|
|
1376
1518
|
@response.fields.set_arg(OPENID_NS, 'mode', 'id_res')
|
|
1377
1519
|
@response.fields.set_arg(OPENID_NS, 'blue', 'star')
|
|
@@ -1446,6 +1588,7 @@ module OpenID
|
|
|
1446
1588
|
})
|
|
1447
1589
|
@request = Server::CheckAuthRequest.new(
|
|
1448
1590
|
@assoc_handle, @message)
|
|
1591
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1449
1592
|
|
|
1450
1593
|
@signatory = MockSignatory.new([true, @assoc_handle])
|
|
1451
1594
|
end
|
|
@@ -1522,6 +1665,7 @@ module OpenID
|
|
|
1522
1665
|
server_dh = DiffieHellman.from_defaults()
|
|
1523
1666
|
session = Server::DiffieHellmanSHA1ServerSession.new(server_dh, cpub)
|
|
1524
1667
|
@request = Server::AssociateRequest.new(session, 'HMAC-SHA1')
|
|
1668
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1525
1669
|
response = @request.answer(@assoc)
|
|
1526
1670
|
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
|
|
1527
1671
|
assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
|
|
@@ -1545,6 +1689,7 @@ module OpenID
|
|
|
1545
1689
|
server_dh = DiffieHellman.from_defaults()
|
|
1546
1690
|
session = Server::DiffieHellmanSHA256ServerSession.new(server_dh, cpub)
|
|
1547
1691
|
@request = Server::AssociateRequest.new(session, 'HMAC-SHA256')
|
|
1692
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1548
1693
|
response = @request.answer(@assoc)
|
|
1549
1694
|
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
|
|
1550
1695
|
assert_equal(rfg.call("assoc_type"), "HMAC-SHA256")
|
|
@@ -1676,6 +1821,38 @@ module OpenID
|
|
|
1676
1821
|
assert(!rfg.call("dh_server_public"))
|
|
1677
1822
|
end
|
|
1678
1823
|
|
|
1824
|
+
def test_plaintext_v2
|
|
1825
|
+
# The main difference between this and the v1 test is that
|
|
1826
|
+
# session_type is always returned in v2.
|
|
1827
|
+
args = {
|
|
1828
|
+
'openid.ns' => OPENID2_NS,
|
|
1829
|
+
'openid.mode' => 'associate',
|
|
1830
|
+
'openid.assoc_type' => 'HMAC-SHA1',
|
|
1831
|
+
'openid.session_type' => 'no-encryption',
|
|
1832
|
+
}
|
|
1833
|
+
@request = Server::AssociateRequest.from_message(
|
|
1834
|
+
Message.from_post_args(args))
|
|
1835
|
+
|
|
1836
|
+
assert(!@request.message.is_openid1())
|
|
1837
|
+
|
|
1838
|
+
@assoc = @signatory.create_association(false, 'HMAC-SHA1')
|
|
1839
|
+
response = @request.answer(@assoc)
|
|
1840
|
+
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
|
|
1841
|
+
|
|
1842
|
+
assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
|
|
1843
|
+
assert_equal(rfg.call("assoc_handle"), @assoc.handle)
|
|
1844
|
+
|
|
1845
|
+
failUnlessExpiresInMatches(
|
|
1846
|
+
response.fields, @signatory.secret_lifetime)
|
|
1847
|
+
|
|
1848
|
+
assert_equal(
|
|
1849
|
+
rfg.call("mac_key"), Util.to_base64(@assoc.secret))
|
|
1850
|
+
|
|
1851
|
+
assert_equal(rfg.call("session_type"), "no-encryption")
|
|
1852
|
+
assert(!rfg.call("enc_mac_key"))
|
|
1853
|
+
assert(!rfg.call("dh_server_public"))
|
|
1854
|
+
end
|
|
1855
|
+
|
|
1679
1856
|
def test_plaintext256
|
|
1680
1857
|
@assoc = @signatory.create_association(false, 'HMAC-SHA256')
|
|
1681
1858
|
response = @request.answer(@assoc)
|
|
@@ -1764,7 +1941,7 @@ module OpenID
|
|
|
1764
1941
|
def test_failed_dispatch
|
|
1765
1942
|
request = Server::OpenIDRequest.new()
|
|
1766
1943
|
request.mode = "monkeymode"
|
|
1767
|
-
request.
|
|
1944
|
+
request.message = Message.new(OPENID1_NS)
|
|
1768
1945
|
assert_raise(RuntimeError) {
|
|
1769
1946
|
webresult = @server.handle_request(request)
|
|
1770
1947
|
}
|
|
@@ -1790,7 +1967,7 @@ module OpenID
|
|
|
1790
1967
|
|
|
1791
1968
|
request = Server::OpenIDRequest.new()
|
|
1792
1969
|
request.mode = "monkeymode"
|
|
1793
|
-
request.
|
|
1970
|
+
request.message = Message.new(OPENID1_NS)
|
|
1794
1971
|
assert_raise(UnhandledError) {
|
|
1795
1972
|
webresult = @server.handle_request(request)
|
|
1796
1973
|
}
|
|
@@ -1897,6 +2074,7 @@ module OpenID
|
|
|
1897
2074
|
|
|
1898
2075
|
def test_checkAuth
|
|
1899
2076
|
request = Server::CheckAuthRequest.new('arrrrrf', '0x3999', [])
|
|
2077
|
+
request.message = Message.new(OPENID2_NS)
|
|
1900
2078
|
response = nil
|
|
1901
2079
|
silence_logging {
|
|
1902
2080
|
response = @server.openid_check_authentication(request)
|