test/test_server.rb in ruby-openid-2.0.4 vs test/test_server.rb in ruby-openid-2.1.2
- old
+ new
@@ -147,10 +147,11 @@
end
def test_no_message
e = Server::ProtocolError.new(nil, "no message")
assert(e.get_return_to.nil?)
+ assert_equal(e.which_encoding, nil)
end
def test_which_encoding_no_message
e = Server::ProtocolError.new(nil, "no message")
assert(e.which_encoding.nil?)
@@ -654,10 +655,21 @@
}
assert_raise(Server::ProtocolError) {
@decode.call(args)
}
end
+
+ def test_invalidns
+ args = {'openid.ns' => 'Vegetables',
+ 'openid.mode' => 'associate'}
+ begin
+ r = @decode.call(args)
+ rescue Server::ProtocolError => err
+ assert(err.openid_message)
+ assert(err.to_s.index('Vegetables'))
+ end
+ end
end
class BogusEncoder < Server::Encoder
def encode(response)
return "BOGUS"
@@ -687,10 +699,11 @@
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false,
nil)
+ request.message = Message.new(OPENID2_NS)
response = Server::OpenIDResponse.new(request)
response.fields = Message.from_openid_args({
'ns' => OPENID2_NS,
'mode' => 'id_res',
'identity' => request.identity,
@@ -712,10 +725,11 @@
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false,
nil)
+ request.message = Message.new(OPENID2_NS)
response = Server::OpenIDResponse.new(request)
response.fields = Message.from_openid_args({
'ns' => OPENID2_NS,
'mode' => 'id_res',
'identity' => request.identity,
@@ -728,10 +742,52 @@
assert(response.which_encoding == Server::ENCODE_HTML_FORM)
webresponse = @encode.call(response)
assert_equal(webresponse.body, response.to_form_markup)
end
+ def test_to_form_markup
+ request = Server::CheckIDRequest.new(
+ 'http://bombom.unittest/',
+ 'http://burr.unittest/999',
+ @server.op_endpoint,
+ 'http://burr.unittest/',
+ false,
+ nil)
+ request.message = Message.new(OPENID2_NS)
+ response = Server::OpenIDResponse.new(request)
+ response.fields = Message.from_openid_args({
+ 'ns' => OPENID2_NS,
+ 'mode' => 'id_res',
+ 'identity' => request.identity,
+ 'claimed_id' => request.identity,
+ 'return_to' => 'x' * OPENID1_URL_LIMIT,
+ })
+ form_markup = response.to_form_markup({'foo'=>'bar'})
+ assert(/ foo="bar"/ =~ form_markup, form_markup)
+ end
+
+ def test_to_html
+ request = Server::CheckIDRequest.new(
+ 'http://bombom.unittest/',
+ 'http://burr.unittest/999',
+ @server.op_endpoint,
+ 'http://burr.unittest/',
+ false,
+ nil)
+ request.message = Message.new(OPENID2_NS)
+ response = Server::OpenIDResponse.new(request)
+ response.fields = Message.from_openid_args({
+ 'ns' => OPENID2_NS,
+ 'mode' => 'id_res',
+ 'identity' => request.identity,
+ 'claimed_id' => request.identity,
+ 'return_to' => 'x' * OPENID1_URL_LIMIT,
+ })
+ html = response.to_html
+ assert(html)
+ end
+
def test_id_res_OpenID1_exceeds_limit
# Check that when an OpenID 1 response exceeds the OpenID 1
# message size, a GET response is issued. Technically, this
# shouldn't be permitted by the library, but this test is in place
# to preserve the status quo for OpenID 1.
@@ -740,10 +796,11 @@
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false,
nil)
+ request.message = Message.new(OPENID1_NS)
response = Server::OpenIDResponse.new(request)
response.fields = Message.from_openid_args({
'mode' => 'id_res',
'identity' => request.identity,
@@ -762,10 +819,11 @@
'http://bombom.unittest/',
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false, nil)
+ request.message = Message.new(OPENID1_NS)
response = Server::OpenIDResponse.new(request)
response.fields = Message.from_openid_args({
'mode' => 'id_res',
'identity' => request.identity,
'return_to' => request.return_to,
@@ -789,19 +847,36 @@
'http://bombom.unittest/',
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false, nil)
+ request.message = Message.new(OPENID2_NS)
response = Server::OpenIDResponse.new(request)
response.fields = Message.from_openid_args({
'mode' => 'cancel',
})
webresponse = @encode.call(response)
assert_equal(webresponse.code, Server::HTTP_REDIRECT)
assert(webresponse.headers.member?('location'))
end
+ def test_cancel_to_form
+ request = Server::CheckIDRequest.new(
+ 'http://bombom.unittest/',
+ 'http://burr.unittest/999',
+ @server.op_endpoint,
+ 'http://burr.unittest/',
+ false, nil)
+ request.message = Message.new(OPENID2_NS)
+ response = Server::OpenIDResponse.new(request)
+ response.fields = Message.from_openid_args({
+ 'mode' => 'cancel',
+ })
+ form = response.to_form_markup
+ assert(form.index(request.return_to))
+ end
+
def test_assocReply
msg = Message.new(OPENID2_NS)
msg.set_arg(OPENID2_NS, 'session_type', 'no-encryption')
request = Server::AssociateRequest.from_message(msg)
response = Server::OpenIDResponse.new(request)
@@ -817,10 +892,11 @@
def test_checkauthReply
request = Server::CheckAuthRequest.new('a_sock_monkey',
'siggggg',
[])
+ request.message = Message.new(OPENID2_NS)
response = Server::OpenIDResponse.new(request)
response.fields = Message.from_openid_args({
'is_valid' => 'true',
'invalidate_handle' => 'xXxX:xXXx'
})
@@ -865,10 +941,11 @@
'http://bombom.unittest/',
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false, nil)
+ @request.message = Message.new(OPENID2_NS)
@response = Server::OpenIDResponse.new(@request)
@response.fields = Message.from_openid_args({
'mode' => 'id_res',
'identity' => @request.identity,
@@ -921,10 +998,11 @@
'http://bombom.unittest/',
'http://burr.unittest/999',
@server.op_endpoint,
'http://burr.unittest/',
false, nil)
+ request.message = Message.new(OPENID2_NS)
response = Server::OpenIDResponse.new(request)
response.fields.set_arg(OPENID_NS, 'mode', 'cancel')
webresponse = @encode.call(response)
assert_equal(webresponse.code, Server::HTTP_REDIRECT)
assert(webresponse.headers.has_key?('location'))
@@ -963,10 +1041,11 @@
'http://bambam.unittest/',
'http://bar.unittest/999',
@server.op_endpoint,
'http://bar.unittest/',
false)
+ @request.message = Message.new(OPENID2_NS)
end
def test_trustRootInvalid
@request.trust_root = "http://foo.unittest/17"
@request.return_to = "http://foo.unittest/39"
@@ -1131,38 +1210,38 @@
answer = @request.answer(true, nil, nil)
}
end
def test_immediate_openid1_no_identity
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
@request.immediate = true
@request.mode = 'checkid_immediate'
resp = @request.answer(false)
assert(resp.fields.get_arg(OPENID_NS, 'mode') == 'id_res')
end
def test_checkid_setup_openid1_no_identity
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
@request.immediate = false
@request.mode = 'checkid_setup'
resp = @request.answer(false)
assert(resp.fields.get_arg(OPENID_NS, 'mode') == 'cancel')
end
def test_immediate_openid1_no_server_url
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
@request.immediate = true
@request.mode = 'checkid_immediate'
@request.op_endpoint = nil
assert_raise(ArgumentError) {
resp = @request.answer(false)
}
end
def test_immediate_encode_to_url
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
@request.immediate = true
@request.mode = 'checkid_immediate'
@request.trust_root = "BOGUS"
@request.assoc_handle = "ASSOC"
@@ -1194,11 +1273,11 @@
_expectAnswer(answer, selected_id, claimed_id)
end
def test_answerAllowWithDelegatedIdentityOpenID1
# claimed_id parameter doesn't exist in OpenID 1.
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
# claimed_id delegates to selected_id here.
@request.identity = IDENTIFIER_SELECT
selected_id = 'http://anon.unittest/9861'
claimed_id = 'http://monkeyhat.unittest/'
assert_raise(Server::VersionError) {
@@ -1213,11 +1292,11 @@
@request.answer(true, nil, "http://pebbles.unittest/")
}
end
def test_answerAllowNoIdentityOpenID1
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
@request.identity = nil
assert_raise(ArgumentError) {
@request.answer(true, nil, nil)
}
end
@@ -1239,10 +1318,47 @@
assert_raise(Server::ProtocolError) {
Server::CheckIDRequest.from_message(msg, @server)
}
end
+ def test_fromMessageClaimedIDWithoutIdentityOpenID2
+ msg = Message.new(OPENID2_NS)
+ msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+ msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
+ msg.set_arg(OPENID_NS, 'claimed_id', 'https://example.myopenid.com')
+
+ assert_raise(Server::ProtocolError) {
+ Server::CheckIDRequest.from_message(msg, @server)
+ }
+ end
+
+ def test_fromMessageIdentityWithoutClaimedIDOpenID2
+ msg = Message.new(OPENID2_NS)
+ msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+ msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
+ msg.set_arg(OPENID_NS, 'identity', 'https://example.myopenid.com')
+
+ assert_raise(Server::ProtocolError) {
+ Server::CheckIDRequest.from_message(msg, @server)
+ }
+ end
+
+ def test_fromMessageWithEmptyTrustRoot
+ return_to = 'http://some.url/foo?bar=baz'
+ msg = Message.from_post_args({
+ 'openid.assoc_handle' => '{blah}{blah}{OZivdQ==}',
+ 'openid.claimed_id' => 'http://delegated.invalid/',
+ 'openid.identity' => 'http://op-local.example.com/',
+ 'openid.mode' => 'checkid_setup',
+ 'openid.ns' => 'http://openid.net/signon/1.0',
+ 'openid.return_to' => return_to,
+ 'openid.trust_root' => ''
+ });
+ result = Server::CheckIDRequest.from_message(msg, @server)
+ assert_equal(return_to, result.trust_root)
+ end
+
def test_trustRootOpenID1
# Ignore openid.realm in OpenID 1
msg = Message.new(OPENID1_NS)
msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
msg.set_arg(OPENID_NS, 'trust_root', 'http://trustroot.com/')
@@ -1300,20 +1416,20 @@
end
def test_answerImmediateDenyOpenID1
# Look for user_setup_url in checkid_immediate negative response
# in OpenID 1 case.
- @request.namespace = OPENID1_NS
+ @request.message = Message.new(OPENID1_NS)
@request.mode = 'checkid_immediate'
@request.immediate = true
server_url = "http://setup-url.unittest/"
# crappiting setup_url, you dirty my interface with your presence!
answer = @request.answer(false, server_url)
assert_equal(answer.request, @request)
- assert_equal(answer.fields.to_post_args.length, 2, answer.fields)
- assert_equal(answer.fields.get_openid_namespace, OPENID1_NS)
- assert_equal(answer.fields.get_arg(OPENID_NS, 'mode'), 'id_res')
+ assert_equal(2, answer.fields.to_post_args.length, answer.fields)
+ assert_equal(OPENID1_NS, answer.fields.get_openid_namespace)
+ assert_equal('id_res', answer.fields.get_arg(OPENID_NS, 'mode'))
assert(answer.fields.get_arg(
OPENID_NS, 'user_setup_url', '').starts_with?(server_url))
end
def test_answerSetupDeny
@@ -1356,10 +1472,35 @@
@request.immediate = true
assert_raise(ArgumentError) {
@request.cancel_url
}
end
+
+ def test_fromMessageWithoutTrustRoot
+ msg = Message.new(OPENID2_NS)
+ msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+ msg.set_arg(OPENID_NS, 'return_to', 'http://real.trust.root/foo')
+ msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+ msg.set_arg(OPENID_NS, 'identity', 'george')
+ msg.set_arg(OPENID_NS, 'claimed_id', 'george')
+
+ result = Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
+
+ assert_equal(result.trust_root, 'http://real.trust.root/foo')
+ end
+
+ def test_fromMessageWithoutTrustRootOrReturnTo
+ msg = Message.new(OPENID2_NS)
+ msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+ msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+ msg.set_arg(OPENID_NS, 'identity', 'george')
+ msg.set_arg(OPENID_NS, 'claimed_id', 'george')
+
+ assert_raises(Server::ProtocolError) {
+ Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
+ }
+ end
end
class TestCheckIDExtension < Test::Unit::TestCase
def setup
@@ -1370,10 +1511,11 @@
'http://bambam.unittest/',
'http://bar.unittest/999',
@server.op_endpoint,
'http://bar.unittest/',
false)
+ @request.message = Message.new(OPENID2_NS)
@response = Server::OpenIDResponse.new(@request)
@response.fields.set_arg(OPENID_NS, 'mode', 'id_res')
@response.fields.set_arg(OPENID_NS, 'blue', 'star')
end
@@ -1444,10 +1586,11 @@
'one' => 'alpha',
'two' => 'beta',
})
@request = Server::CheckAuthRequest.new(
@assoc_handle, @message)
+ @request.message = Message.new(OPENID2_NS)
@signatory = MockSignatory.new([true, @assoc_handle])
end
def test_to_s
@@ -1520,10 +1663,11 @@
consumer_dh = DiffieHellman.from_defaults()
cpub = consumer_dh.public
server_dh = DiffieHellman.from_defaults()
session = Server::DiffieHellmanSHA1ServerSession.new(server_dh, cpub)
@request = Server::AssociateRequest.new(session, 'HMAC-SHA1')
+ @request.message = Message.new(OPENID2_NS)
response = @request.answer(@assoc)
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
assert_equal(rfg.call("assoc_handle"), @assoc.handle)
assert(!rfg.call("mac_key"))
@@ -1543,10 +1687,11 @@
consumer_dh = DiffieHellman.from_defaults()
cpub = consumer_dh.public
server_dh = DiffieHellman.from_defaults()
session = Server::DiffieHellmanSHA256ServerSession.new(server_dh, cpub)
@request = Server::AssociateRequest.new(session, 'HMAC-SHA256')
+ @request.message = Message.new(OPENID2_NS)
response = @request.answer(@assoc)
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
assert_equal(rfg.call("assoc_type"), "HMAC-SHA256")
assert_equal(rfg.call("assoc_handle"), @assoc.handle)
assert(!rfg.call("mac_key"))
@@ -1674,10 +1819,42 @@
assert(!rfg.call("session_type"))
assert(!rfg.call("enc_mac_key"))
assert(!rfg.call("dh_server_public"))
end
+ def test_plaintext_v2
+ # The main difference between this and the v1 test is that
+ # session_type is always returned in v2.
+ args = {
+ 'openid.ns' => OPENID2_NS,
+ 'openid.mode' => 'associate',
+ 'openid.assoc_type' => 'HMAC-SHA1',
+ 'openid.session_type' => 'no-encryption',
+ }
+ @request = Server::AssociateRequest.from_message(
+ Message.from_post_args(args))
+
+ assert(!@request.message.is_openid1())
+
+ @assoc = @signatory.create_association(false, 'HMAC-SHA1')
+ response = @request.answer(@assoc)
+ rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+
+ assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
+ assert_equal(rfg.call("assoc_handle"), @assoc.handle)
+
+ failUnlessExpiresInMatches(
+ response.fields, @signatory.secret_lifetime)
+
+ assert_equal(
+ rfg.call("mac_key"), Util.to_base64(@assoc.secret))
+
+ assert_equal(rfg.call("session_type"), "no-encryption")
+ assert(!rfg.call("enc_mac_key"))
+ assert(!rfg.call("dh_server_public"))
+ end
+
def test_plaintext256
@assoc = @signatory.create_association(false, 'HMAC-SHA256')
response = @request.answer(@assoc)
rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
@@ -1762,11 +1939,11 @@
end
def test_failed_dispatch
request = Server::OpenIDRequest.new()
request.mode = "monkeymode"
- request.namespace = OPENID1_NS
+ request.message = Message.new(OPENID1_NS)
assert_raise(RuntimeError) {
webresult = @server.handle_request(request)
}
end
@@ -1788,11 +1965,11 @@
raise UnhandledError
end
request = Server::OpenIDRequest.new()
request.mode = "monkeymode"
- request.namespace = OPENID1_NS
+ request.message = Message.new(OPENID1_NS)
assert_raise(UnhandledError) {
webresult = @server.handle_request(request)
}
end
@@ -1895,9 +2072,10 @@
}
end
def test_checkAuth
request = Server::CheckAuthRequest.new('arrrrrf', '0x3999', [])
+ request.message = Message.new(OPENID2_NS)
response = nil
silence_logging {
response = @server.openid_check_authentication(request)
}
assert(response.fields.has_key?(OPENID_NS, "is_valid"))