summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs')
-rw-r--r--src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs71
1 files changed, 61 insertions, 10 deletions
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
index 701bcae..25b0607 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
@@ -12,14 +12,15 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.Messages;
using DotNetOpenAuth.OpenId.RelyingParty;
- using Microsoft.VisualStudio.TestTools.UnitTesting;
+ using DotNetOpenAuth.Test.Mocks;
+ using NUnit.Framework;
- [TestClass]
+ [TestFixture]
public class PositiveAuthenticationResponseTests : OpenIdTestBase {
private readonly Realm realm = new Realm("http://localhost/rp.aspx");
private readonly Uri returnTo = new Uri("http://localhost/rp.aspx");
- [TestInitialize]
+ [SetUp]
public override void SetUp() {
base.SetUp();
}
@@ -27,7 +28,7 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
/// <summary>
/// Verifies good, positive assertions are accepted.
/// </summary>
- [TestMethod]
+ [TestCase]
public void Valid() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion();
ClaimsResponse extension = new ClaimsResponse();
@@ -37,8 +38,8 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
var authResponseAccessor = PositiveAuthenticationResponse_Accessor.AttachShadow(authResponse);
Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status);
Assert.IsNull(authResponse.Exception);
- Assert.AreEqual<string>(assertion.ClaimedIdentifier, authResponse.ClaimedIdentifier);
- Assert.AreEqual<string>(authResponse.Endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay);
+ Assert.AreEqual((string)assertion.ClaimedIdentifier, (string)authResponse.ClaimedIdentifier);
+ Assert.AreEqual(authResponse.Endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay);
Assert.AreSame(extension, authResponse.GetUntrustedExtension(typeof(ClaimsResponse)));
Assert.AreSame(extension, authResponse.GetUntrustedExtension<ClaimsResponse>());
Assert.IsNull(authResponse.GetCallbackArgument("a"));
@@ -46,11 +47,37 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
}
/// <summary>
+ /// Verifies that discovery verification of a positive assertion can match a dual identifier.
+ /// </summary>
+ [TestCase]
+ public void DualIdentifierMatchesInAssertionVerification() {
+ PositiveAssertionResponse assertion = this.GetPositiveAssertion(true);
+ ClaimsResponse extension = new ClaimsResponse();
+ assertion.Extensions.Add(extension);
+ var rp = CreateRelyingParty();
+ rp.SecuritySettings.AllowDualPurposeIdentifiers = true;
+ new PositiveAuthenticationResponse(assertion, rp); // this will throw if it fails to find a match
+ }
+
+ /// <summary>
+ /// Verifies that discovery verification of a positive assertion cannot match a dual identifier
+ /// if the default settings are in place.
+ /// </summary>
+ [TestCase, ExpectedException(typeof(ProtocolException))]
+ public void DualIdentifierNoMatchInAssertionVerificationByDefault() {
+ PositiveAssertionResponse assertion = this.GetPositiveAssertion(true);
+ ClaimsResponse extension = new ClaimsResponse();
+ assertion.Extensions.Add(extension);
+ var rp = CreateRelyingParty();
+ new PositiveAuthenticationResponse(assertion, rp); // this will throw if it fails to find a match
+ }
+
+ /// <summary>
/// Verifies that the RP rejects signed solicited assertions by an OP that
/// makes up a claimed Id that was not part of the original request, and
/// that the OP has no authority to assert positively regarding.
/// </summary>
- [TestMethod, ExpectedException(typeof(ProtocolException))]
+ [TestCase, ExpectedException(typeof(ProtocolException))]
public void SpoofedClaimedIdDetectionSolicited() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion();
assertion.ProviderEndpoint = new Uri("http://rogueOP");
@@ -63,7 +90,7 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
/// Verifies that the RP rejects positive assertions with HTTP Claimed
/// Cdentifiers when RequireSsl is set to true.
/// </summary>
- [TestMethod, ExpectedException(typeof(ProtocolException))]
+ [TestCase, ExpectedException(typeof(ProtocolException))]
public void InsecureIdentifiersRejectedWithRequireSsl() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion();
var rp = CreateRelyingParty();
@@ -71,7 +98,7 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
var authResponse = new PositiveAuthenticationResponse(assertion, rp);
}
- [TestMethod]
+ [TestCase]
public void GetCallbackArguments() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion();
var rp = CreateRelyingParty();
@@ -94,10 +121,34 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
Assert.IsNull(authResponse.GetCallbackArgument("a"));
}
+ /// <summary>
+ /// Verifies that certain problematic claimed identifiers pass through to the RP response correctly.
+ /// </summary>
+ [TestCase]
+ public void ProblematicClaimedId() {
+ var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version);
+ string claimed_id = BaseMockUri + "a./b.";
+ var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null);
+ UriIdentifier identityUri = (UriIdentifier)se.ClaimedIdentifier;
+ var mockId = new MockIdentifier(identityUri, this.MockResponder, new IdentifierDiscoveryResult[] { se });
+
+ var positiveAssertion = this.GetPositiveAssertion();
+ positiveAssertion.ClaimedIdentifier = mockId;
+ positiveAssertion.LocalIdentifier = mockId;
+ var rp = CreateRelyingParty();
+ var authResponse = new PositiveAuthenticationResponse(positiveAssertion, rp);
+ Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status);
+ Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString());
+ }
+
private PositiveAssertionResponse GetPositiveAssertion() {
+ return this.GetPositiveAssertion(false);
+ }
+
+ private PositiveAssertionResponse GetPositiveAssertion(bool dualIdentifier) {
Protocol protocol = Protocol.Default;
PositiveAssertionResponse assertion = new PositiveAssertionResponse(protocol.Version, this.returnTo);
- assertion.ClaimedIdentifier = this.GetMockIdentifier(protocol.ProtocolVersion, false);
+ assertion.ClaimedIdentifier = dualIdentifier ? this.GetMockDualIdentifier() : this.GetMockIdentifier(protocol.ProtocolVersion, false);
assertion.LocalIdentifier = OPLocalIdentifiers[0];
assertion.ReturnTo = this.returnTo;
assertion.ProviderEndpoint = OPUri;
generated by cgit v1.1 at 2025-05-20 01:21:36 +0000