ruby-openid 2.0.4 → 2.1.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-openid might be problematic. Click here for more details.
- data/CHANGELOG +65 -28
- data/LICENSE +4 -1
- data/README +19 -12
- data/UPGRADE +5 -0
- data/examples/README +8 -22
- data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +6 -6
- data/examples/active_record_openid_store/lib/association.rb +2 -1
- data/examples/active_record_openid_store/lib/openid_ar_store.rb +3 -3
- data/examples/rails_openid/app/controllers/consumer_controller.rb +11 -5
- data/lib/openid.rb +4 -0
- data/lib/openid/association.rb +7 -7
- data/lib/openid/consumer/checkid_request.rb +11 -0
- data/lib/openid/consumer/discovery.rb +12 -3
- data/lib/openid/consumer/idres.rb +35 -43
- data/lib/openid/extension.rb +9 -1
- data/lib/openid/extensions/pape.rb +22 -25
- data/lib/openid/extensions/sreg.rb +1 -0
- data/lib/openid/fetchers.rb +25 -5
- data/lib/openid/kvform.rb +8 -5
- data/lib/openid/kvpost.rb +6 -5
- data/lib/openid/message.rb +53 -34
- data/lib/openid/server.rb +87 -52
- data/lib/openid/trustroot.rb +25 -17
- data/lib/openid/util.rb +19 -4
- data/lib/openid/yadis/discovery.rb +3 -3
- data/lib/openid/yadis/htmltokenizer.rb +8 -5
- data/lib/openid/yadis/parsehtml.rb +22 -14
- data/lib/openid/yadis/xrds.rb +6 -9
- data/test/data/linkparse.txt +1 -1
- data/test/data/test1-parsehtml.txt +24 -0
- data/test/data/trustroot.txt +8 -2
- data/test/test_association.rb +7 -7
- data/test/test_associationmanager.rb +1 -1
- data/test/test_extension.rb +46 -0
- data/test/test_idres.rb +81 -21
- data/test/test_kvform.rb +5 -5
- data/test/test_message.rb +61 -3
- data/test/test_pape.rb +36 -22
- data/test/test_server.rb +190 -12
- data/test/test_sreg.rb +0 -1
- data/test/test_trustroot.rb +1 -0
- data/test/test_yadis_discovery.rb +13 -0
- metadata +3 -19
- data/examples/rails_openid/app/views/consumer/start.rhtml +0 -8
- data/examples/rails_openid_login_generator/USAGE +0 -23
- data/examples/rails_openid_login_generator/gemspec +0 -13
- data/examples/rails_openid_login_generator/openid_login_generator.rb +0 -36
- data/examples/rails_openid_login_generator/templates/README +0 -116
- data/examples/rails_openid_login_generator/templates/controller.rb +0 -113
- data/examples/rails_openid_login_generator/templates/controller_test.rb +0 -0
- data/examples/rails_openid_login_generator/templates/helper.rb +0 -2
- data/examples/rails_openid_login_generator/templates/openid_login_system.rb +0 -87
- data/examples/rails_openid_login_generator/templates/user.rb +0 -14
- data/examples/rails_openid_login_generator/templates/user_test.rb +0 -0
- data/examples/rails_openid_login_generator/templates/users.yml +0 -0
- data/examples/rails_openid_login_generator/templates/view_login.rhtml +0 -15
- data/examples/rails_openid_login_generator/templates/view_logout.rhtml +0 -10
- data/examples/rails_openid_login_generator/templates/view_welcome.rhtml +0 -9
data/test/test_kvform.rb
CHANGED
|
@@ -54,10 +54,10 @@ class KVFormTests < Test::Unit::TestCase
|
|
|
54
54
|
# Convert KVForm to dict
|
|
55
55
|
d = Util.kv_to_dict(kv)
|
|
56
56
|
|
|
57
|
-
# Strict mode should raise
|
|
57
|
+
# Strict mode should raise KVFormError instead of logging
|
|
58
58
|
# messages
|
|
59
59
|
if warnings > 0
|
|
60
|
-
assert_raise(
|
|
60
|
+
assert_raise(KVFormError) do
|
|
61
61
|
Util.kv_to_seq(kv, true)
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -117,10 +117,10 @@ class KVFormTests < Test::Unit::TestCase
|
|
|
117
117
|
assert_equal(kvform, actual)
|
|
118
118
|
assert actual.is_a?(String)
|
|
119
119
|
|
|
120
|
-
# Strict mode should raise
|
|
120
|
+
# Strict mode should raise KVFormError instead of logging
|
|
121
121
|
# messages
|
|
122
122
|
if warnings > 0
|
|
123
|
-
assert_raise(
|
|
123
|
+
assert_raise(KVFormError) do
|
|
124
124
|
Util.seq_to_kv(seq, true)
|
|
125
125
|
end
|
|
126
126
|
end
|
|
@@ -151,7 +151,7 @@ class KVFormTests < Test::Unit::TestCase
|
|
|
151
151
|
def _run_kvexcTest(case_)
|
|
152
152
|
seq = case_
|
|
153
153
|
|
|
154
|
-
assert_raise(
|
|
154
|
+
assert_raise(KVFormError) do
|
|
155
155
|
Util.seq_to_kv(seq)
|
|
156
156
|
end
|
|
157
157
|
end
|
data/test/test_message.rb
CHANGED
|
@@ -255,8 +255,8 @@ module OpenID
|
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
def test_set_openid_namespace
|
|
258
|
-
assert_raise(
|
|
259
|
-
@m.set_openid_namespace('http://invalid/')
|
|
258
|
+
assert_raise(InvalidOpenIDNamespace) {
|
|
259
|
+
@m.set_openid_namespace('http://invalid/', false)
|
|
260
260
|
}
|
|
261
261
|
end
|
|
262
262
|
end
|
|
@@ -317,6 +317,7 @@ module OpenID
|
|
|
317
317
|
'openid.error' => 'unit test',
|
|
318
318
|
'openid.foos.ball' => 'awesome',
|
|
319
319
|
'xey' => 'value',
|
|
320
|
+
'openid.ns.foos' => 'http://invalid/'
|
|
320
321
|
}, @m.to_post_args)
|
|
321
322
|
end
|
|
322
323
|
|
|
@@ -522,7 +523,7 @@ module OpenID
|
|
|
522
523
|
end
|
|
523
524
|
end
|
|
524
525
|
|
|
525
|
-
class OpenID1ExplicitMessageTest <
|
|
526
|
+
class OpenID1ExplicitMessageTest < Test::Unit::TestCase
|
|
526
527
|
# XXX - check to make sure the test suite will get built the way this
|
|
527
528
|
# expects.
|
|
528
529
|
def setup
|
|
@@ -530,6 +531,62 @@ module OpenID
|
|
|
530
531
|
'openid.error'=>'unit test',
|
|
531
532
|
'openid.ns'=>OPENID1_NS})
|
|
532
533
|
end
|
|
534
|
+
|
|
535
|
+
def test_to_post_args
|
|
536
|
+
assert_equal({'openid.mode' => 'error',
|
|
537
|
+
'openid.error' => 'unit test',
|
|
538
|
+
'openid.ns'=>OPENID1_NS,
|
|
539
|
+
},
|
|
540
|
+
@m.to_post_args)
|
|
541
|
+
end
|
|
542
|
+
|
|
543
|
+
def test_to_post_args_ns
|
|
544
|
+
invalid_ns = 'http://invalid/'
|
|
545
|
+
@m.namespaces.add_alias(invalid_ns, 'foos')
|
|
546
|
+
@m.set_arg(invalid_ns, 'ball', 'awesome')
|
|
547
|
+
@m.set_arg(BARE_NS, 'xey', 'value')
|
|
548
|
+
assert_equal({'openid.mode' => 'error',
|
|
549
|
+
'openid.error' => 'unit test',
|
|
550
|
+
'openid.foos.ball' => 'awesome',
|
|
551
|
+
'xey' => 'value',
|
|
552
|
+
'openid.ns'=>OPENID1_NS,
|
|
553
|
+
'openid.ns.foos' => 'http://invalid/'
|
|
554
|
+
}, @m.to_post_args)
|
|
555
|
+
end
|
|
556
|
+
|
|
557
|
+
def test_to_args
|
|
558
|
+
assert_equal({'mode' => 'error',
|
|
559
|
+
'error' => 'unit test',
|
|
560
|
+
'ns'=>OPENID1_NS
|
|
561
|
+
},
|
|
562
|
+
@m.to_args)
|
|
563
|
+
end
|
|
564
|
+
|
|
565
|
+
def test_to_kvform
|
|
566
|
+
assert_equal("error:unit test\nmode:error\nns:#{OPENID1_NS}\n",
|
|
567
|
+
@m.to_kvform)
|
|
568
|
+
end
|
|
569
|
+
|
|
570
|
+
def test_to_url_encoded
|
|
571
|
+
assert_equal('openid.error=unit+test&openid.mode=error&openid.ns=http%3A%2F%2Fopenid.net%2Fsignon%2F1.0',
|
|
572
|
+
@m.to_url_encoded)
|
|
573
|
+
end
|
|
574
|
+
|
|
575
|
+
def test_to_url
|
|
576
|
+
base_url = 'http://base.url/'
|
|
577
|
+
actual = @m.to_url(base_url)
|
|
578
|
+
actual_base = actual[0...base_url.length]
|
|
579
|
+
assert_equal(base_url, actual_base)
|
|
580
|
+
assert_equal('?', actual[base_url.length].chr)
|
|
581
|
+
query = actual[base_url.length+1..-1]
|
|
582
|
+
assert_equal({'openid.mode'=>['error'],
|
|
583
|
+
'openid.error'=>['unit test'],
|
|
584
|
+
'openid.ns'=>[OPENID1_NS],
|
|
585
|
+
},
|
|
586
|
+
CGI.parse(query))
|
|
587
|
+
end
|
|
588
|
+
|
|
589
|
+
|
|
533
590
|
end
|
|
534
591
|
|
|
535
592
|
class OpenID2MessageTest < Test::Unit::TestCase
|
|
@@ -1041,6 +1098,7 @@ module OpenID
|
|
|
1041
1098
|
|
|
1042
1099
|
# It gets used automatically by the Message class:
|
|
1043
1100
|
msg = Message.from_openid_args({'invalid.stuff' => 'things'})
|
|
1101
|
+
assert(msg.is_openid1)
|
|
1044
1102
|
assert_equal(alias_, msg.namespaces.get_alias(invalid_ns))
|
|
1045
1103
|
assert_equal(invalid_ns, msg.namespaces.get_namespace_uri(alias_))
|
|
1046
1104
|
end
|
data/test/test_pape.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'openid/extensions/pape'
|
|
2
2
|
require 'openid/message'
|
|
3
3
|
require 'openid/server'
|
|
4
|
+
require 'openid/consumer/responses'
|
|
4
5
|
|
|
5
6
|
module OpenID
|
|
6
7
|
module PAPETest
|
|
@@ -108,13 +109,13 @@ module OpenID
|
|
|
108
109
|
|
|
109
110
|
def test_construct
|
|
110
111
|
assert_equal([], @req.auth_policies)
|
|
111
|
-
assert_equal(nil, @req.
|
|
112
|
+
assert_equal(nil, @req.auth_time)
|
|
112
113
|
assert_equal('pape', @req.ns_alias)
|
|
113
114
|
assert_equal(nil, @req.nist_auth_level)
|
|
114
115
|
|
|
115
|
-
req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR],
|
|
116
|
+
req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR], "1983-11-05T12:30:24Z", 3)
|
|
116
117
|
assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.auth_policies)
|
|
117
|
-
assert_equal(
|
|
118
|
+
assert_equal("1983-11-05T12:30:24Z", req2.auth_time)
|
|
118
119
|
assert_equal(3, req2.nist_auth_level)
|
|
119
120
|
end
|
|
120
121
|
|
|
@@ -131,21 +132,19 @@ module OpenID
|
|
|
131
132
|
end
|
|
132
133
|
|
|
133
134
|
def test_get_extension_args
|
|
134
|
-
assert_equal({'auth_policies' => ''}, @req.get_extension_args)
|
|
135
|
+
assert_equal({'auth_policies' => 'none'}, @req.get_extension_args)
|
|
135
136
|
@req.add_policy_uri('http://uri')
|
|
136
137
|
assert_equal({'auth_policies' => 'http://uri'}, @req.get_extension_args)
|
|
137
138
|
@req.add_policy_uri('http://zig')
|
|
138
139
|
assert_equal({'auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
|
|
139
|
-
@req.
|
|
140
|
-
assert_equal({'auth_policies' => 'http://uri http://zig', '
|
|
140
|
+
@req.auth_time = "1983-11-05T12:30:24Z"
|
|
141
|
+
assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z"}, @req.get_extension_args)
|
|
141
142
|
@req.nist_auth_level = 3
|
|
142
|
-
assert_equal({'auth_policies' => 'http://uri http://zig', '
|
|
143
|
+
assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z", 'nist_auth_level' => '3'}, @req.get_extension_args)
|
|
143
144
|
end
|
|
144
145
|
|
|
145
146
|
def test_get_extension_args_error_auth_age
|
|
146
|
-
@req.
|
|
147
|
-
assert_raises(ArgumentError) { @req.get_extension_args }
|
|
148
|
-
@req.auth_age = -10
|
|
147
|
+
@req.auth_time = "the beginning of time"
|
|
149
148
|
assert_raises(ArgumentError) { @req.get_extension_args }
|
|
150
149
|
end
|
|
151
150
|
|
|
@@ -160,21 +159,21 @@ module OpenID
|
|
|
160
159
|
|
|
161
160
|
def test_parse_extension_args
|
|
162
161
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
163
|
-
'
|
|
162
|
+
'auth_time' => '1983-11-05T12:30:24Z'}
|
|
164
163
|
@req.parse_extension_args(args)
|
|
165
|
-
assert_equal(
|
|
164
|
+
assert_equal('1983-11-05T12:30:24Z', @req.auth_time)
|
|
166
165
|
assert_equal(['http://foo','http://bar'], @req.auth_policies)
|
|
167
166
|
end
|
|
168
167
|
|
|
169
168
|
def test_parse_extension_args_empty
|
|
170
169
|
@req.parse_extension_args({})
|
|
171
|
-
assert_equal(nil, @req.
|
|
170
|
+
assert_equal(nil, @req.auth_time)
|
|
172
171
|
assert_equal([], @req.auth_policies)
|
|
173
172
|
end
|
|
174
173
|
|
|
175
174
|
def test_parse_extension_args_strict_bogus1
|
|
176
175
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
177
|
-
'
|
|
176
|
+
'auth_time' => 'this one time'}
|
|
178
177
|
assert_raises(ArgumentError) {
|
|
179
178
|
@req.parse_extension_args(args, true)
|
|
180
179
|
}
|
|
@@ -182,7 +181,7 @@ module OpenID
|
|
|
182
181
|
|
|
183
182
|
def test_parse_extension_args_strict_bogus2
|
|
184
183
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
185
|
-
'
|
|
184
|
+
'auth_time' => '1983-11-05T12:30:24Z',
|
|
186
185
|
'nist_auth_level' => 'some'}
|
|
187
186
|
assert_raises(ArgumentError) {
|
|
188
187
|
@req.parse_extension_args(args, true)
|
|
@@ -191,21 +190,21 @@ module OpenID
|
|
|
191
190
|
|
|
192
191
|
def test_parse_extension_args_strict_good
|
|
193
192
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
194
|
-
'
|
|
193
|
+
'auth_time' => '2007-10-11T05:25:18Z',
|
|
195
194
|
'nist_auth_level' => '0'}
|
|
196
195
|
@req.parse_extension_args(args, true)
|
|
197
196
|
assert_equal(['http://foo','http://bar'], @req.auth_policies)
|
|
198
|
-
assert_equal(
|
|
197
|
+
assert_equal('2007-10-11T05:25:18Z', @req.auth_time)
|
|
199
198
|
assert_equal(0, @req.nist_auth_level)
|
|
200
199
|
end
|
|
201
200
|
|
|
202
201
|
def test_parse_extension_args_nostrict_bogus
|
|
203
202
|
args = {'auth_policies' => 'http://foo http://bar',
|
|
204
|
-
'
|
|
203
|
+
'auth_time' => 'some time ago',
|
|
205
204
|
'nist_auth_level' => 'some'}
|
|
206
205
|
@req.parse_extension_args(args)
|
|
207
206
|
assert_equal(['http://foo','http://bar'], @req.auth_policies)
|
|
208
|
-
assert_equal(nil, @req.
|
|
207
|
+
assert_equal(nil, @req.auth_time)
|
|
209
208
|
assert_equal(nil, @req.nist_auth_level)
|
|
210
209
|
end
|
|
211
210
|
|
|
@@ -217,16 +216,31 @@ module OpenID
|
|
|
217
216
|
'ns' => OPENID2_NS,
|
|
218
217
|
'ns.pape' => PAPE::NS_URI,
|
|
219
218
|
'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
|
|
220
|
-
'pape.
|
|
219
|
+
'pape.auth_time' => '1983-11-05T12:30:24Z'
|
|
221
220
|
})
|
|
222
221
|
signed_stuff = {
|
|
223
222
|
'auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
|
|
224
|
-
'
|
|
223
|
+
'auth_time' => '1983-11-05T12:30:24Z'
|
|
225
224
|
}
|
|
226
225
|
oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff)
|
|
227
226
|
req = PAPE::Response.from_success_response(oid_req)
|
|
228
227
|
assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.auth_policies)
|
|
229
|
-
assert_equal(
|
|
228
|
+
assert_equal('1983-11-05T12:30:24Z', req.auth_time)
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
def test_from_success_response_unsigned
|
|
232
|
+
openid_req_msg = Message.from_openid_args({
|
|
233
|
+
'mode' => 'id_res',
|
|
234
|
+
'ns' => OPENID2_NS,
|
|
235
|
+
'ns.pape' => PAPE::NS_URI,
|
|
236
|
+
'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
|
|
237
|
+
'pape.auth_time' => '1983-11-05T12:30:24Z'
|
|
238
|
+
})
|
|
239
|
+
signed_stuff = {}
|
|
240
|
+
endpoint = OpenIDServiceEndpoint.new
|
|
241
|
+
oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff)
|
|
242
|
+
req = PAPE::Response.from_success_response(oid_req)
|
|
243
|
+
assert(req.nil?, req.inspect)
|
|
230
244
|
end
|
|
231
245
|
end
|
|
232
246
|
end
|
data/test/test_server.rb
CHANGED
|
@@ -149,6 +149,7 @@ module OpenID
|
|
|
149
149
|
def test_no_message
|
|
150
150
|
e = Server::ProtocolError.new(nil, "no message")
|
|
151
151
|
assert(e.get_return_to.nil?)
|
|
152
|
+
assert_equal(e.which_encoding, nil)
|
|
152
153
|
end
|
|
153
154
|
|
|
154
155
|
def test_which_encoding_no_message
|
|
@@ -656,6 +657,17 @@ module OpenID
|
|
|
656
657
|
@decode.call(args)
|
|
657
658
|
}
|
|
658
659
|
end
|
|
660
|
+
|
|
661
|
+
def test_invalidns
|
|
662
|
+
args = {'openid.ns' => 'Vegetables',
|
|
663
|
+
'openid.mode' => 'associate'}
|
|
664
|
+
begin
|
|
665
|
+
r = @decode.call(args)
|
|
666
|
+
rescue Server::ProtocolError => err
|
|
667
|
+
assert(err.openid_message)
|
|
668
|
+
assert(err.to_s.index('Vegetables'))
|
|
669
|
+
end
|
|
670
|
+
end
|
|
659
671
|
end
|
|
660
672
|
|
|
661
673
|
class BogusEncoder < Server::Encoder
|
|
@@ -689,6 +701,7 @@ module OpenID
|
|
|
689
701
|
'http://burr.unittest/',
|
|
690
702
|
false,
|
|
691
703
|
nil)
|
|
704
|
+
request.message = Message.new(OPENID2_NS)
|
|
692
705
|
response = Server::OpenIDResponse.new(request)
|
|
693
706
|
response.fields = Message.from_openid_args({
|
|
694
707
|
'ns' => OPENID2_NS,
|
|
@@ -714,6 +727,7 @@ module OpenID
|
|
|
714
727
|
'http://burr.unittest/',
|
|
715
728
|
false,
|
|
716
729
|
nil)
|
|
730
|
+
request.message = Message.new(OPENID2_NS)
|
|
717
731
|
response = Server::OpenIDResponse.new(request)
|
|
718
732
|
response.fields = Message.from_openid_args({
|
|
719
733
|
'ns' => OPENID2_NS,
|
|
@@ -730,6 +744,48 @@ module OpenID
|
|
|
730
744
|
assert_equal(webresponse.body, response.to_form_markup)
|
|
731
745
|
end
|
|
732
746
|
|
|
747
|
+
def test_to_form_markup
|
|
748
|
+
request = Server::CheckIDRequest.new(
|
|
749
|
+
'http://bombom.unittest/',
|
|
750
|
+
'http://burr.unittest/999',
|
|
751
|
+
@server.op_endpoint,
|
|
752
|
+
'http://burr.unittest/',
|
|
753
|
+
false,
|
|
754
|
+
nil)
|
|
755
|
+
request.message = Message.new(OPENID2_NS)
|
|
756
|
+
response = Server::OpenIDResponse.new(request)
|
|
757
|
+
response.fields = Message.from_openid_args({
|
|
758
|
+
'ns' => OPENID2_NS,
|
|
759
|
+
'mode' => 'id_res',
|
|
760
|
+
'identity' => request.identity,
|
|
761
|
+
'claimed_id' => request.identity,
|
|
762
|
+
'return_to' => 'x' * OPENID1_URL_LIMIT,
|
|
763
|
+
})
|
|
764
|
+
form_markup = response.to_form_markup({'foo'=>'bar'})
|
|
765
|
+
assert(/ foo="bar"/ =~ form_markup, form_markup)
|
|
766
|
+
end
|
|
767
|
+
|
|
768
|
+
def test_to_html
|
|
769
|
+
request = Server::CheckIDRequest.new(
|
|
770
|
+
'http://bombom.unittest/',
|
|
771
|
+
'http://burr.unittest/999',
|
|
772
|
+
@server.op_endpoint,
|
|
773
|
+
'http://burr.unittest/',
|
|
774
|
+
false,
|
|
775
|
+
nil)
|
|
776
|
+
request.message = Message.new(OPENID2_NS)
|
|
777
|
+
response = Server::OpenIDResponse.new(request)
|
|
778
|
+
response.fields = Message.from_openid_args({
|
|
779
|
+
'ns' => OPENID2_NS,
|
|
780
|
+
'mode' => 'id_res',
|
|
781
|
+
'identity' => request.identity,
|
|
782
|
+
'claimed_id' => request.identity,
|
|
783
|
+
'return_to' => 'x' * OPENID1_URL_LIMIT,
|
|
784
|
+
})
|
|
785
|
+
html = response.to_html
|
|
786
|
+
assert(html)
|
|
787
|
+
end
|
|
788
|
+
|
|
733
789
|
def test_id_res_OpenID1_exceeds_limit
|
|
734
790
|
# Check that when an OpenID 1 response exceeds the OpenID 1
|
|
735
791
|
# message size, a GET response is issued. Technically, this
|
|
@@ -742,6 +798,7 @@ module OpenID
|
|
|
742
798
|
'http://burr.unittest/',
|
|
743
799
|
false,
|
|
744
800
|
nil)
|
|
801
|
+
request.message = Message.new(OPENID1_NS)
|
|
745
802
|
|
|
746
803
|
response = Server::OpenIDResponse.new(request)
|
|
747
804
|
response.fields = Message.from_openid_args({
|
|
@@ -764,6 +821,7 @@ module OpenID
|
|
|
764
821
|
@server.op_endpoint,
|
|
765
822
|
'http://burr.unittest/',
|
|
766
823
|
false, nil)
|
|
824
|
+
request.message = Message.new(OPENID1_NS)
|
|
767
825
|
response = Server::OpenIDResponse.new(request)
|
|
768
826
|
response.fields = Message.from_openid_args({
|
|
769
827
|
'mode' => 'id_res',
|
|
@@ -791,6 +849,7 @@ module OpenID
|
|
|
791
849
|
@server.op_endpoint,
|
|
792
850
|
'http://burr.unittest/',
|
|
793
851
|
false, nil)
|
|
852
|
+
request.message = Message.new(OPENID2_NS)
|
|
794
853
|
response = Server::OpenIDResponse.new(request)
|
|
795
854
|
response.fields = Message.from_openid_args({
|
|
796
855
|
'mode' => 'cancel',
|
|
@@ -800,6 +859,22 @@ module OpenID
|
|
|
800
859
|
assert(webresponse.headers.member?('location'))
|
|
801
860
|
end
|
|
802
861
|
|
|
862
|
+
def test_cancel_to_form
|
|
863
|
+
request = Server::CheckIDRequest.new(
|
|
864
|
+
'http://bombom.unittest/',
|
|
865
|
+
'http://burr.unittest/999',
|
|
866
|
+
@server.op_endpoint,
|
|
867
|
+
'http://burr.unittest/',
|
|
868
|
+
false, nil)
|
|
869
|
+
request.message = Message.new(OPENID2_NS)
|
|
870
|
+
response = Server::OpenIDResponse.new(request)
|
|
871
|
+
response.fields = Message.from_openid_args({
|
|
872
|
+
'mode' => 'cancel',
|
|
873
|
+
})
|
|
874
|
+
form = response.to_form_markup
|
|
875
|
+
assert(form.index(request.return_to))
|
|
876
|
+
end
|
|
877
|
+
|
|
803
878
|
def test_assocReply
|
|
804
879
|
msg = Message.new(OPENID2_NS)
|
|
805
880
|
msg.set_arg(OPENID2_NS, 'session_type', 'no-encryption')
|
|
@@ -819,6 +894,7 @@ module OpenID
|
|
|
819
894
|
request = Server::CheckAuthRequest.new('a_sock_monkey',
|
|
820
895
|
'siggggg',
|
|
821
896
|
[])
|
|
897
|
+
request.message = Message.new(OPENID2_NS)
|
|
822
898
|
response = Server::OpenIDResponse.new(request)
|
|
823
899
|
response.fields = Message.from_openid_args({
|
|
824
900
|
'is_valid' => 'true',
|
|
@@ -867,6 +943,7 @@ module OpenID
|
|
|
867
943
|
@server.op_endpoint,
|
|
868
944
|
'http://burr.unittest/',
|
|
869
945
|
false, nil)
|
|
946
|
+
@request.message = Message.new(OPENID2_NS)
|
|
870
947
|
|
|
871
948
|
@response = Server::OpenIDResponse.new(@request)
|
|
872
949
|
@response.fields = Message.from_openid_args({
|
|
@@ -923,6 +1000,7 @@ module OpenID
|
|
|
923
1000
|
@server.op_endpoint,
|
|
924
1001
|
'http://burr.unittest/',
|
|
925
1002
|
false, nil)
|
|
1003
|
+
request.message = Message.new(OPENID2_NS)
|
|
926
1004
|
response = Server::OpenIDResponse.new(request)
|
|
927
1005
|
response.fields.set_arg(OPENID_NS, 'mode', 'cancel')
|
|
928
1006
|
webresponse = @encode.call(response)
|
|
@@ -965,6 +1043,7 @@ module OpenID
|
|
|
965
1043
|
@server.op_endpoint,
|
|
966
1044
|
'http://bar.unittest/',
|
|
967
1045
|
false)
|
|
1046
|
+
@request.message = Message.new(OPENID2_NS)
|
|
968
1047
|
end
|
|
969
1048
|
|
|
970
1049
|
def test_trustRootInvalid
|
|
@@ -1133,7 +1212,7 @@ module OpenID
|
|
|
1133
1212
|
end
|
|
1134
1213
|
|
|
1135
1214
|
def test_immediate_openid1_no_identity
|
|
1136
|
-
@request.
|
|
1215
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1137
1216
|
@request.immediate = true
|
|
1138
1217
|
@request.mode = 'checkid_immediate'
|
|
1139
1218
|
resp = @request.answer(false)
|
|
@@ -1141,7 +1220,7 @@ module OpenID
|
|
|
1141
1220
|
end
|
|
1142
1221
|
|
|
1143
1222
|
def test_checkid_setup_openid1_no_identity
|
|
1144
|
-
@request.
|
|
1223
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1145
1224
|
@request.immediate = false
|
|
1146
1225
|
@request.mode = 'checkid_setup'
|
|
1147
1226
|
resp = @request.answer(false)
|
|
@@ -1149,7 +1228,7 @@ module OpenID
|
|
|
1149
1228
|
end
|
|
1150
1229
|
|
|
1151
1230
|
def test_immediate_openid1_no_server_url
|
|
1152
|
-
@request.
|
|
1231
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1153
1232
|
@request.immediate = true
|
|
1154
1233
|
@request.mode = 'checkid_immediate'
|
|
1155
1234
|
@request.op_endpoint = nil
|
|
@@ -1160,7 +1239,7 @@ module OpenID
|
|
|
1160
1239
|
end
|
|
1161
1240
|
|
|
1162
1241
|
def test_immediate_encode_to_url
|
|
1163
|
-
@request.
|
|
1242
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1164
1243
|
@request.immediate = true
|
|
1165
1244
|
@request.mode = 'checkid_immediate'
|
|
1166
1245
|
@request.trust_root = "BOGUS"
|
|
@@ -1196,7 +1275,7 @@ module OpenID
|
|
|
1196
1275
|
|
|
1197
1276
|
def test_answerAllowWithDelegatedIdentityOpenID1
|
|
1198
1277
|
# claimed_id parameter doesn't exist in OpenID 1.
|
|
1199
|
-
@request.
|
|
1278
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1200
1279
|
# claimed_id delegates to selected_id here.
|
|
1201
1280
|
@request.identity = IDENTIFIER_SELECT
|
|
1202
1281
|
selected_id = 'http://anon.unittest/9861'
|
|
@@ -1215,7 +1294,7 @@ module OpenID
|
|
|
1215
1294
|
end
|
|
1216
1295
|
|
|
1217
1296
|
def test_answerAllowNoIdentityOpenID1
|
|
1218
|
-
@request.
|
|
1297
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1219
1298
|
@request.identity = nil
|
|
1220
1299
|
assert_raise(ArgumentError) {
|
|
1221
1300
|
@request.answer(true, nil, nil)
|
|
@@ -1241,6 +1320,43 @@ module OpenID
|
|
|
1241
1320
|
}
|
|
1242
1321
|
end
|
|
1243
1322
|
|
|
1323
|
+
def test_fromMessageClaimedIDWithoutIdentityOpenID2
|
|
1324
|
+
msg = Message.new(OPENID2_NS)
|
|
1325
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1326
|
+
msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
|
|
1327
|
+
msg.set_arg(OPENID_NS, 'claimed_id', 'https://example.myopenid.com')
|
|
1328
|
+
|
|
1329
|
+
assert_raise(Server::ProtocolError) {
|
|
1330
|
+
Server::CheckIDRequest.from_message(msg, @server)
|
|
1331
|
+
}
|
|
1332
|
+
end
|
|
1333
|
+
|
|
1334
|
+
def test_fromMessageIdentityWithoutClaimedIDOpenID2
|
|
1335
|
+
msg = Message.new(OPENID2_NS)
|
|
1336
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1337
|
+
msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
|
|
1338
|
+
msg.set_arg(OPENID_NS, 'identity', 'https://example.myopenid.com')
|
|
1339
|
+
|
|
1340
|
+
assert_raise(Server::ProtocolError) {
|
|
1341
|
+
Server::CheckIDRequest.from_message(msg, @server)
|
|
1342
|
+
}
|
|
1343
|
+
end
|
|
1344
|
+
|
|
1345
|
+
def test_fromMessageWithEmptyTrustRoot
|
|
1346
|
+
return_to = 'http://some.url/foo?bar=baz'
|
|
1347
|
+
msg = Message.from_post_args({
|
|
1348
|
+
'openid.assoc_handle' => '{blah}{blah}{OZivdQ==}',
|
|
1349
|
+
'openid.claimed_id' => 'http://delegated.invalid/',
|
|
1350
|
+
'openid.identity' => 'http://op-local.example.com/',
|
|
1351
|
+
'openid.mode' => 'checkid_setup',
|
|
1352
|
+
'openid.ns' => 'http://openid.net/signon/1.0',
|
|
1353
|
+
'openid.return_to' => return_to,
|
|
1354
|
+
'openid.trust_root' => ''
|
|
1355
|
+
});
|
|
1356
|
+
result = Server::CheckIDRequest.from_message(msg, @server)
|
|
1357
|
+
assert_equal(return_to, result.trust_root)
|
|
1358
|
+
end
|
|
1359
|
+
|
|
1244
1360
|
def test_trustRootOpenID1
|
|
1245
1361
|
# Ignore openid.realm in OpenID 1
|
|
1246
1362
|
msg = Message.new(OPENID1_NS)
|
|
@@ -1302,16 +1418,16 @@ module OpenID
|
|
|
1302
1418
|
def test_answerImmediateDenyOpenID1
|
|
1303
1419
|
# Look for user_setup_url in checkid_immediate negative response
|
|
1304
1420
|
# in OpenID 1 case.
|
|
1305
|
-
@request.
|
|
1421
|
+
@request.message = Message.new(OPENID1_NS)
|
|
1306
1422
|
@request.mode = 'checkid_immediate'
|
|
1307
1423
|
@request.immediate = true
|
|
1308
1424
|
server_url = "http://setup-url.unittest/"
|
|
1309
1425
|
# crappiting setup_url, you dirty my interface with your presence!
|
|
1310
1426
|
answer = @request.answer(false, server_url)
|
|
1311
1427
|
assert_equal(answer.request, @request)
|
|
1312
|
-
assert_equal(answer.fields.to_post_args.length,
|
|
1313
|
-
assert_equal(answer.fields.get_openid_namespace
|
|
1314
|
-
assert_equal(answer.fields.get_arg(OPENID_NS, 'mode')
|
|
1428
|
+
assert_equal(2, answer.fields.to_post_args.length, answer.fields)
|
|
1429
|
+
assert_equal(OPENID1_NS, answer.fields.get_openid_namespace)
|
|
1430
|
+
assert_equal('id_res', answer.fields.get_arg(OPENID_NS, 'mode'))
|
|
1315
1431
|
assert(answer.fields.get_arg(
|
|
1316
1432
|
OPENID_NS, 'user_setup_url', '').starts_with?(server_url))
|
|
1317
1433
|
end
|
|
@@ -1358,6 +1474,31 @@ module OpenID
|
|
|
1358
1474
|
@request.cancel_url
|
|
1359
1475
|
}
|
|
1360
1476
|
end
|
|
1477
|
+
|
|
1478
|
+
def test_fromMessageWithoutTrustRoot
|
|
1479
|
+
msg = Message.new(OPENID2_NS)
|
|
1480
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1481
|
+
msg.set_arg(OPENID_NS, 'return_to', 'http://real.trust.root/foo')
|
|
1482
|
+
msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
|
|
1483
|
+
msg.set_arg(OPENID_NS, 'identity', 'george')
|
|
1484
|
+
msg.set_arg(OPENID_NS, 'claimed_id', 'george')
|
|
1485
|
+
|
|
1486
|
+
result = Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
|
|
1487
|
+
|
|
1488
|
+
assert_equal(result.trust_root, 'http://real.trust.root/foo')
|
|
1489
|
+
end
|
|
1490
|
+
|
|
1491
|
+
def test_fromMessageWithoutTrustRootOrReturnTo
|
|
1492
|
+
msg = Message.new(OPENID2_NS)
|
|
1493
|
+
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
|
|
1494
|
+
msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
|
|
1495
|
+
msg.set_arg(OPENID_NS, 'identity', 'george')
|
|
1496
|
+
msg.set_arg(OPENID_NS, 'claimed_id', 'george')
|
|
1497
|
+
|
|
1498
|
+
assert_raises(Server::ProtocolError) {
|
|
1499
|
+
Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
|
|
1500
|
+
}
|
|
1501
|
+
end
|
|
1361
1502
|
end
|
|
1362
1503
|
|
|
1363
1504
|
class TestCheckIDExtension < Test::Unit::TestCase
|
|
@@ -1372,6 +1513,7 @@ module OpenID
|
|
|
1372
1513
|
@server.op_endpoint,
|
|
1373
1514
|
'http://bar.unittest/',
|
|
1374
1515
|
false)
|
|
1516
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1375
1517
|
@response = Server::OpenIDResponse.new(@request)
|
|
1376
1518
|
@response.fields.set_arg(OPENID_NS, 'mode', 'id_res')
|
|
1377
1519
|
@response.fields.set_arg(OPENID_NS, 'blue', 'star')
|
|
@@ -1446,6 +1588,7 @@ module OpenID
|
|
|
1446
1588
|
})
|
|
1447
1589
|
@request = Server::CheckAuthRequest.new(
|
|
1448
1590
|
@assoc_handle, @message)
|
|
1591
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1449
1592
|
|
|
1450
1593
|
@signatory = MockSignatory.new([true, @assoc_handle])
|
|
1451
1594
|
end
|
|
@@ -1522,6 +1665,7 @@ module OpenID
|
|
|
1522
1665
|
server_dh = DiffieHellman.from_defaults()
|
|
1523
1666
|
session = Server::DiffieHellmanSHA1ServerSession.new(server_dh, cpub)
|
|
1524
1667
|
@request = Server::AssociateRequest.new(session, 'HMAC-SHA1')
|
|
1668
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1525
1669
|
response = @request.answer(@assoc)
|
|
1526
1670
|
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
|
|
1527
1671
|
assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
|
|
@@ -1545,6 +1689,7 @@ module OpenID
|
|
|
1545
1689
|
server_dh = DiffieHellman.from_defaults()
|
|
1546
1690
|
session = Server::DiffieHellmanSHA256ServerSession.new(server_dh, cpub)
|
|
1547
1691
|
@request = Server::AssociateRequest.new(session, 'HMAC-SHA256')
|
|
1692
|
+
@request.message = Message.new(OPENID2_NS)
|
|
1548
1693
|
response = @request.answer(@assoc)
|
|
1549
1694
|
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
|
|
1550
1695
|
assert_equal(rfg.call("assoc_type"), "HMAC-SHA256")
|
|
@@ -1676,6 +1821,38 @@ module OpenID
|
|
|
1676
1821
|
assert(!rfg.call("dh_server_public"))
|
|
1677
1822
|
end
|
|
1678
1823
|
|
|
1824
|
+
def test_plaintext_v2
|
|
1825
|
+
# The main difference between this and the v1 test is that
|
|
1826
|
+
# session_type is always returned in v2.
|
|
1827
|
+
args = {
|
|
1828
|
+
'openid.ns' => OPENID2_NS,
|
|
1829
|
+
'openid.mode' => 'associate',
|
|
1830
|
+
'openid.assoc_type' => 'HMAC-SHA1',
|
|
1831
|
+
'openid.session_type' => 'no-encryption',
|
|
1832
|
+
}
|
|
1833
|
+
@request = Server::AssociateRequest.from_message(
|
|
1834
|
+
Message.from_post_args(args))
|
|
1835
|
+
|
|
1836
|
+
assert(!@request.message.is_openid1())
|
|
1837
|
+
|
|
1838
|
+
@assoc = @signatory.create_association(false, 'HMAC-SHA1')
|
|
1839
|
+
response = @request.answer(@assoc)
|
|
1840
|
+
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
|
|
1841
|
+
|
|
1842
|
+
assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
|
|
1843
|
+
assert_equal(rfg.call("assoc_handle"), @assoc.handle)
|
|
1844
|
+
|
|
1845
|
+
failUnlessExpiresInMatches(
|
|
1846
|
+
response.fields, @signatory.secret_lifetime)
|
|
1847
|
+
|
|
1848
|
+
assert_equal(
|
|
1849
|
+
rfg.call("mac_key"), Util.to_base64(@assoc.secret))
|
|
1850
|
+
|
|
1851
|
+
assert_equal(rfg.call("session_type"), "no-encryption")
|
|
1852
|
+
assert(!rfg.call("enc_mac_key"))
|
|
1853
|
+
assert(!rfg.call("dh_server_public"))
|
|
1854
|
+
end
|
|
1855
|
+
|
|
1679
1856
|
def test_plaintext256
|
|
1680
1857
|
@assoc = @signatory.create_association(false, 'HMAC-SHA256')
|
|
1681
1858
|
response = @request.answer(@assoc)
|
|
@@ -1764,7 +1941,7 @@ module OpenID
|
|
|
1764
1941
|
def test_failed_dispatch
|
|
1765
1942
|
request = Server::OpenIDRequest.new()
|
|
1766
1943
|
request.mode = "monkeymode"
|
|
1767
|
-
request.
|
|
1944
|
+
request.message = Message.new(OPENID1_NS)
|
|
1768
1945
|
assert_raise(RuntimeError) {
|
|
1769
1946
|
webresult = @server.handle_request(request)
|
|
1770
1947
|
}
|
|
@@ -1790,7 +1967,7 @@ module OpenID
|
|
|
1790
1967
|
|
|
1791
1968
|
request = Server::OpenIDRequest.new()
|
|
1792
1969
|
request.mode = "monkeymode"
|
|
1793
|
-
request.
|
|
1970
|
+
request.message = Message.new(OPENID1_NS)
|
|
1794
1971
|
assert_raise(UnhandledError) {
|
|
1795
1972
|
webresult = @server.handle_request(request)
|
|
1796
1973
|
}
|
|
@@ -1897,6 +2074,7 @@ module OpenID
|
|
|
1897
2074
|
|
|
1898
2075
|
def test_checkAuth
|
|
1899
2076
|
request = Server::CheckAuthRequest.new('arrrrrf', '0x3999', [])
|
|
2077
|
+
request.message = Message.new(OPENID2_NS)
|
|
1900
2078
|
response = nil
|
|
1901
2079
|
silence_logging {
|
|
1902
2080
|
response = @server.openid_check_authentication(request)
|